Possible TPM uses in fprintd/libfprint
by Benjamin Berg
Hi,
I was wondering if someone has ideas about integrating the TPM with
Fingerprint readers.
Recently I started looking into supporting Secure Device Connection
Protocol (SDCP, [1]) in libfprint. The general idea is to verify that
the Fingerprint reader can be trusted, but I initially also imagined
that further use-cases like unsealing data in a TPM may be possible
(e.g. to retrieve disk encryption keys).
However, looking into it more, my current conclusion is that there is
little to no advantage to use the TPM. At least not unless one also has
a trusted (userspace) program which is capable of signing TPM
authorizations. One could easily offload the required parts into a
small helper, but that may require ensuring it runs in a trusted
execution environment.
Microsoft seems to run relevant parts as trustlets that are walled off
from the rest of the system. That seems sensible to me, but it also
means requiring all the infrastructure for execution and signing and I
doubt that is feasible currently.
Right now I'll probably go the way of not using the TPM at all. But I
am really not an expert for this. So should someone see scenarios where
a TPM is actually helpful in this context, then I would like to hear
about them.
Benjamin
PS: A quick summary of how SDCP works:
* Device has a private ECC key that signs the firmware and ephemeral
keys during boot (and is inaccessible afterwards)
* A certificate proofs that this key was provisioned in factory
* Device builds a shared secret with the host (s)
* Device sends id, HMAC_SHA256(s, "identify" || nonce || id)
when the finger "id" was presented.
* The HMAC proofs knowledge of the shared secret and authorizes the
print.
[1] https://github.com/microsoft/SecureDeviceConnectionProtocol/wiki/Secure-D...
1 week, 6 days
Calculating name of created AK- server side
by kuba.michal.n@gmail.com
Hello!
I would like to know if it is possible to calculate name of AK generated by host on a remote server? I have read about remote attestation. To ensure the AK matches EK we have to make credential using name of the AK. To achieve this we have to either:
a) calculate name of the AK on server
b) receive name of the AK from host and believe it's a name for a proper AK
Am I missing something?
I have searched for explanation in docs posted on TCG's site, but I just can't find anything useful for nameAlg.
I would be thankful for any help or advice :D
2 weeks, 2 days
abrmd crashing - how to debug?
by Kenneth Goldman
Ubuntu focal with WSL, abrmd compiled from source
After about 5 minutes of sending commands, abrmd crashes. I originally
found it with keylime, but I can reproduce it with a simple bash loop on
pcrread.
abrmd exits, the tool output is:
** (process:21067): CRITICAL **: 17:25:10.862: failed to allocate dbus
proxy object: Could not connect: Connection refused
WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for
function 0x7ff5f6dbbe10 failed with a0008
WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not
initialize TCTI named: tcti-abrmd
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not
initialize TCTI file: tabrmd
ERROR:tcti:src/tss2-tcti/tctildr.c:416:Tss2_TctiLdr_Initialize_Ex() Failed
to instantiate TCTI
ERROR: Could not load tcti, got: "tabrmd:bus_name=com.intel.tss2.Tabrmd"
How would I debug?
I would expect that nothing that a single application does should crash
abrmd.
--
Ken Goldman kgoldman(a)us.ibm.com
914-945-2415 (862-2415)
2 months, 2 weeks
Re-provision TPM
by Anthony Arrascue
Hello,
I am learning about the TSS and TPM techonologies.
I have provisioned the TPM with the default settings, which means I am now using the ECC profile (P_ECCP256SHA256).
However, encryption was a requirement I needed to fulfill. I just didn't know that ECC encryption is currently not supported and now I realize RSA would be a better fit for me.
So here is my question:
* I see there is another profile in /usr/local/etc/tpm2-tss/fapi-profiles, namely P_RSA2048SHA256.json. Is there a way I can encrypt using the RSA profile instead of the ECC one? I tried to re-run tss2_provision, after setting it in fapi-config.json, but it seems this is not the way to proceed. I get the message that the TPM has been already provisioned. What is the correct way of "changing" profile? Is it even possible or do I need to reset the TPM?
Thank you for your help.
Anthony Arrascue
4 months, 2 weeks
TPM for SSH authentication
by scott.r.eisele@gmail.com
Hi everyone!
I'm trying to use a TPM to secure ssh keys, following the example here: https://incenp.org/notes/2020/tpm-based-ssh-key.html
First, is this a standard way to secure ssh keys? Or is there another method that is preferred?
Assuming this method is acceptable, I made it to the point of extracting the public key from the PKCS11 token but ran into an issue.
$ ssh-keygen -vvv -D /usr/local/lib/libtpm2_pkcs11.so > tpm2key1.pub
WARNING:fapi:src/tss2-fapi/api/Fapi_List.c:226:Fapi_List_Finish() Profile of path not provisioned: /HS/SRK
ERROR:fapi:src/tss2-fapi/api/Fapi_List.c:81:Fapi_List() ErrorCode (0x00060034) Entities_List
ERROR: Listing FAPI token objects failed.
debug1: provider /usr/local/lib/libtpm2_pkcs11.so: manufacturerID <tpm2-software.github.io> cryptokiVersion 2.40 libraryDescription <TPM2.0 Cryptoki> libraryVersion 0.0
debug1: provider /usr/local/lib/libtpm2_pkcs11.so slot 0: label <firstToken> manufacturerID <Infineon> model <SLB9670> serial <000000000000000> flags 0x40d
debug1: have 1 keys
debug2: pkcs11_register_provider: ignoring uninitialised token in provider /usr/local/lib/libtpm2_pkcs11.so slot 1
debug1: pkcs11_k11_free: parent 0xaaaaf0703630 ptr 0xaaaaf06ed350 idx 1
debug1: pkcs11_provider_unref: 0xaaaaf0692300 refcount 2
debug1: pkcs11_provider_finalize: 0xaaaaf0692300 refcount 1 valid 1
debug1: pkcs11_provider_unref: 0xaaaaf0692300 refcount 1
I then tried running Fapi_List() directly:
$ sudo tss2_list
WARNING:fapi:src/tss2-fapi/api/Fapi_List.c:216:Fapi_List_Finish() Path not found:
ERROR:fapi:src/tss2-fapi/api/Fapi_List.c:81:Fapi_List() ErrorCode (0x00060034) Entities_List
Fapi_List(0x60034) - fapi:Provisioning was not executed.
And assumed that provisioning was required. So I attempted that:
$ sudo tss2_provision
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:520:Fapi_Provision_Finish() ErrorCode (0x0006000b) SRK persistent handle already defined
ERROR:fapi:src/tss2-fapi/api/Fapi_Provision.c:168:Fapi_Provision() ErrorCode (0x0006000b) Provision
Fapi_Provision(0x6000B) - fapi:A parameter has a bad value
At this point, I'm at a loss as to what the state of the TPM is and how to properly provision it and establish the Storage Hierarchy.
I've looked at https://trustedcomputinggroup.org/wp-content/uploads/TCG-TPM-v2.0-Provisi...
but it's not clear to me how to apply it.
Any help would be great. Thanks!
My platform configuration is:
raspberry pi 3b+
Infineon OPTIGA™ TPM SLx 9670
ubuntu 20.04
tpm2-tss-3.1.0
tpm2-tools-5.1.1
tpm2-abrmd-2.4.0
tpm2-pkcs11-1.6.0
11 months
Is the tpm2_create command safe against sniffing attacks?
by Joseph Lee (ZeronsoftN)
Hello,
https://pulsesecurity.co.nz/articles/TPM-sniffing
In this article, can see that communication with the TPM is vulnerable
to sniffing if not careful.
https://tpm2-software.github.io/2020/04/13/Disk-Encryption.html
Is the disk encryption described in tpm2-software's blog safe against
these attacks?
tpm2_createprimary -Q -C o -c prim.ctx
dd if=/dev/urandom bs=1 count=32 status=none | tpm2_create -Q -g sha256
-u seal.pub -r seal.priv -i- -C prim.ctx
tpm2_load -Q -C prim.ctx -u seal.pub -r seal.priv -n seal.name -c
seal.ctx
tpm2_evictcontrol -C o -c seal.ctx 0x81010001
My question is:
1. Is there a tool in linux that can sniff communication with the
current system's TPM?
2. How to encrypt communications if the methods described above are
not secure?
It seems that encryption is possible through
tpm2_startauthsession , but I do not know how to apply it to tpm2_create
(The -S option simply did not work.)
Thank you.
11 months, 1 week
Re: Want to use c++ to get TPM Serial Number - how do it?
by Roberts, William C
Getting the EK is not as easy as one would expect, it depends on how the TPM
manufacturer provisions it. Some require that you generate the EK and then
get a hash and look it up online, some store it in NV indices. IIRC, Infineon
TPM's store them in NV incidces. The tpm2_getekcertificate tool looks in the following NV indices:
#define RSA_EK_CERT_NV_INDEX 0x01C00002
#define ECC_EK_CERT_NV_INDEX 0x01C0000A
Since the EK is a primary key, you usually need to create it with a template defined in the link below.
This will then create a key that matches the manufacturer generated EK Certificate.
IIRC the NV indices and templates needed are covered in:
- https://trustedcomputinggroup.org/wp-content/uploads/TCG_IWG_Credential_P...
So this would involve a NV read using the C API would look like calling the function
Esys_NV_Read().
________________________________
From: Andy Purcell <andy_purcell(a)keysight.com>
Sent: Tuesday, July 20, 2021 12:18 PM
To: tpm2(a)lists.01.org <tpm2(a)lists.01.org>
Subject: [tpm2] Want to use c++ to get TPM Serial Number - how do it?
I have a need to use C++ to obtain the unique TPM information – like a Serial Number.
My system is running Windows 10/64. This is on an HP Desktop PC with TPM 2.0 chip.
I can use PowerShell
Get-TpmEndorsementKeyInfo -hashalgorithm sha256
To get this output:
…
ManufacturerCertificates : {[Subject]
TPMVersion=id:073E, TPMModel=SLB 9670 TPM2.0, TPMManufacturer=id:49465800
[Issuer]
CN=Infineon OPTIGA(TM) RSA Manufacturing CA 034, OU=OPTIGA(TM) TPM2.0, O=Infineon Technologies AG, C=DE
…
[Serial Number]
4880DE8E
[Thumbprint]
B8395DA6A1D661C8CCD35D47E3DA6E9532EFFEC4
But how can I get this same Serial Number information using C++?
ap
11 months, 2 weeks
Want to use c++ to get TPM Serial Number - how do it?
by Andy Purcell
I have a need to use C++ to obtain the unique TPM information - like a Serial Number.
My system is running Windows 10/64. This is on an HP Desktop PC with TPM 2.0 chip.
I can use PowerShell
Get-TpmEndorsementKeyInfo -hashalgorithm sha256
To get this output:
...
ManufacturerCertificates : {[Subject]
TPMVersion=id:073E, TPMModel=SLB 9670 TPM2.0, TPMManufacturer=id:49465800
[Issuer]
CN=Infineon OPTIGA(TM) RSA Manufacturing CA 034, OU=OPTIGA(TM) TPM2.0, O=Infineon Technologies AG, C=DE
...
[Serial Number]
4880DE8E
[Thumbprint]
B8395DA6A1D661C8CCD35D47E3DA6E9532EFFEC4
But how can I get this same Serial Number information using C++?
ap
11 months, 2 weeks