8:56 a.m.
Hello Dimitar!
I have a gist with an script on how to create EK and AK here
https://gist.github.com/dnoliver/04364e72d8b81368f72ad4e6896f688d/#file-e...
# Clear the TPM
tpm2_clear
# Create Endorsment Key
tpm2_createek -c ek.ctx -G rsa -u ek.pub
# Create Attestation Key
tpm2_createak -C ek.ctx -c ak.ctx -G rsa -g sha256 -s rsassa
tpm2_evictcontrol -C o -c ak.ctx 0x81010002
tpm2_readpublic -c ak.ctx -f pem -o ak.pem > ak.yaml
cat ak.yaml | grep '^name:' | awk '{ print $2 }' > ak.name
# Generate the nonce and credential for challenge
openssl rand -hex 6 > nonce.plain
tpm2_makecredential -e ek.pub -s nonce.plain -n $(cat ak.name) -o nonce.encrypted
# Decrypt nonce with Endorsement Key
tpm2_startauthsession --policy-session -S session.ctx
TPM2_RH_ENDORSEMENT=0x4000000B
tpm2_policysecret -S session.ctx -c ${TPM2_RH_ENDORSEMENT}
tpm2_activatecredential -c 0x81010002 -C ek.ctx -i nonce.encrypted -o nonce.decrypted -P
"session:session.ctx"
tpm2_flushcontext session.ctx
# Generate Attestation Quote
tpm2_quote -c 0x81010002 -l sha256:0,1,2,3,4,5,6,7,8,9 -q $(cat nonce.decrypted) -m
quote.message -s quote.signature -o quote.pcrs -g sha256
# Validate Attestation Quote in the server
tpm2_checkquote -u ak.pem -m quote.message -s quote.signature -f quote.pcrs -g sha256 -q
$(cat nonce.plain)
The code for tpm2_createek and tpm2_createak is at:
https://github.com/tpm2-software/tpm2-tools/blob/master/tools/tpm2_create...
https://github.com/tpm2-software/tpm2-tools/blob/master/tools/tpm2_create...
11:39 a.m.
New subject: How we authorize the EK hierarchy to create AIK?
Hi Nicolas.
When I run "tpm2_policysecret -S session.ctx -c ${TPM2_RH_ENDORSEMENT}" I have
the following error:
ubuntu@ubuntu:~/atesttor$ tpm2_policysecret -S session.ctx -c ${TPM2_RH_ENDORSEMENT}
WARNING:esys:src/tss2-esys/api/Esys_PolicySecret.c:343:Esys_PolicySecret_Finish() Received
TPM Error
ERROR:esys:src/tss2-esys/api/Esys_PolicySecret.c:115:Esys_PolicySecret() Esys Finish
ErrorCode (0x000009a2)
ERROR: Esys_PolicySecret(0x9A2) - tpm:session(1):authorization failure without DA
implications
ERROR: Could not build policysecret
ERROR: Unable to run tpm2_policysecret
I thought it was something related to passing the password of the hierarchy, but the
command doesn't recognize -p option.
Do you have a clue of what it may be happening?
Best regards
2:05 p.m.
New subject: How we authorize the EK hierarchy to create AIK?
That script never failed to me with Platform Trust Technology :)
Does you TPM Endorsement Hierarchy requires a password? If so, is that something you
should satisfy with
https://github.com/tpm2-software/tpm2-tools/blob/master/man/tpm2_policypa...
The script posted is more or less inspired in this document
https://trustedcomputinggroup.org/wp-content/uploads/Credential_Profile_E...,
which say that the authPolicy for the Endorsement key is
TPM2_PolicySecret(TPM_RH_ENDORSEMENT)
7:37 p.m.
New subject: How we authorize the EK hierarchy to create AIK?
Thank you, Nicolas.
It worked when I removed the password for the TPM Endorsement Hierarchy.
So the idea is a client creating an AK and having a server recognizing that this AK comes
from an authentic TPM.
I'm thinking out loud about the steps just to confirm that I'm on the right way:
1. The client sends the name (hash public part) of AK to server;
2. The server generates a nonce and creates a credential. Name of AK is passed as
argument.
3. Client receives the encrypted nonce, and decrypt it with AK using
tpm2_activatecredential (if different AK is used, nonce can't be recovered, I
guess...).
4. Client quotes PCRs with freshly decrypted nonce
5. Server checks quote using previously generated nonce.
The only thing I'm not comprehending clearly is the need of a session.
Before this attestation of AK process, on my TPM learning process, I was running commands
(e.g.: creation of keys and quote) on TPM without sessions. Why do I need a session to run
tpm2_activatecredential?
I mean... I know sessions are meant to keep states. But why running only
tpm2_activatecredential, which decrypts the challenge, is not enough?
I apologize for such a silly question.
Best regards
11:25 a.m.
New subject: How we authorize the EK hierarchy to create AIK?
-----Original Message-----
From: Eduardo Falcão <eduardolfalcao(a)gmail.com>
Sent: Tuesday, June 2, 2020 10:38 PM
To: tpm2(a)lists.01.org
Subject: [tpm2] Re: How we authorize the EK hierarchy to create AIK?
Thank you, Nicolas.
It worked when I removed the password for the TPM Endorsement Hierarchy.
So the idea is a client creating an AK and having a server recognizing that this AK
comes from an authentic TPM.
I'm thinking out loud about the steps just to confirm that I'm on the right way:
1. The client sends the name (hash public part) of AK to server; 2. The server
generates a nonce and creates a credential. Name of AK is passed as argument.
3. Client receives the encrypted nonce, and decrypt it with AK using
tpm2_activatecredential (if different AK is used, nonce can't be recovered, I
guess...).
4. Client quotes PCRs with freshly decrypted nonce 5. Server checks quote using
previously generated nonce.
The only thing I'm not comprehending clearly is the need of a session.
Before this attestation of AK process, on my TPM learning process, I was running
commands (e.g.: creation of keys and quote) on TPM without sessions. Why do I
need a session to run tpm2_activatecredential?
I mean... I know sessions are meant to keep states. But why running only
tpm2_activatecredential, which decrypts the challenge, is not enough?
Sessions are state, but in this case, they are state with authorization data.
tpm2_activatecredential, you give it the credentialed key. Which is the
EK. Which means you need authorization to the EK for the command.
The EK created by tpm2_createek, sets the authorization to a policy
satisfied by a tpm2_policysecret policy event with the
Endorsement Hierarchy password (per the spec). So the only way
To use the EK in the ActivateCredential flow, is to authorize to it via the
policy.
>
> I apologize for such a silly question.
>
> Best regards
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
5:14 a.m.
New subject: How we authorize the EK hierarchy to create AIK?
Thank you, Roberts. Now it is completely clear the need of a session.
Regarding the server side, would it be possible to create a credential over the AK and
nonce without TPM (tpm2_makecredential)?
If so, could you point me some direction?
Best regards
7:03 a.m.
New subject: How we authorize the EK hierarchy to create AIK?
Since version 4.0 and up, via this commit:
https://github.com/tpm2-software/tpm2-tools/commit/56710b6e1c4d3e02ff77ad...
You can specify --tcti=none to tpm2_makecredential to not use the TPM.
Before that, In some circa 3.X tools you can use the -X option, but I don't recommend
using any toolset less
than version 4.0, it has too many issues before the 4.0 release. It's like Android, it
didn't get good until
Ice Cream Sandwich and 3.0 was definitely my honeycomb disaster.
Bill
> -----Original Message-----
> From: Eduardo Falcão <eduardolfalcao(a)gmail.com>
> Sent: Thursday, June 4, 2020 8:15 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] Re: How we authorize the EK hierarchy to create AIK?
>
> Thank you, Roberts. Now it is completely clear the need of a session.
>
> Regarding the server side, would it be possible to create a credential over the AK
> and nonce without TPM (tpm2_makecredential)?
> If so, could you point me some direction?
>
> Best regards
> _______________________________________________
> tpm2 mailing list -- tpm2(a)lists.01.org
> To unsubscribe send an email to tpm2-leave(a)lists.01.org
> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s
795
days inactive
804
days old
6 comments
3 participants
participants (3)
-
Eduardo Falcão -
nicolasoliver03@gmail.com -
Roberts, William C