11:33 a.m.
Hi,
I have read about EA Policies in the book "A Practical Guide to TPM 2.0". I
understand the theoritical part of how everything works with EA policies.
My question is regarding how to implement an EA policy with a fingerprint
authentication attached to it in Windows.
How does communication work between the TPM and the fingerprint reader if
someone tries to access an object attached to such a policy? I read in the
TPM Software Stack chapter on the same book that policies can have
callbacks. So does the policy have a callback function to code that we
write - which , in turn, shows up the fingerprint dialog, captures the
fingerprint and then hashes a string "Arun's fingerprint" (say) if the
fingerprint matches "Arun". If that is the case, what stops someone some
swapping out that function to just supplying a hash of that string (and
skip the fingerprint altogether)?
If there is someone who has done this, i'd really appreciate tips or even
sample code on how it is done.
Thanks
Arun
6:34 a.m.
-----Original Message-----
From: Arun Sudhir [mailto:arunsudhir19@gmail.com]
Sent: Tuesday, October 22, 2019 1:33 PM
To: tpm2(a)lists.01.org
Subject: [tpm2] Implementing a TPM EA Policy with Fingerprints
Hi,
I have read about EA Policies in the book "A Practical Guide to TPM 2.0". I
understand the theoritical part of how everything works with EA policies. My
question is regarding how to implement an EA policy with a fingerprint
authentication attached to it in Windows.
How does communication work between the TPM and the fingerprint reader if
someone tries to access an object attached to such a policy? I read in the TPM
Software Stack chapter on the same book that policies can have callbacks. So
does the policy have a callback function to code that we write - which , in turn,
shows up the fingerprint dialog, captures the fingerprint and then hashes a string
"Arun's fingerprint" (say) if the fingerprint matches "Arun". If
that is the case,
what stops someone some swapping out that function to just supplying a hash of
that string (and skip the fingerprint altogether)?
Any security check worth its salt would be performed in the TPM not in the untrusted
OS side. Session keep in an internal policy digest that gets updated on policy commands.
So the TPM is enforcing that it's Arun's fingerprint matches. However, since a TPM
isn't
hooked directly to a fingerprint reader, you have to supply the information to the TPM
via a policy command, somehow.
I would imagine you would take the fingerprint data and generate some secret value
from it. Perhaps taking the fingerprint data buffer and hashing it and then using that
to issue a TPM2_PolicySecret command.
If there is someone who has done this, i'd really appreciate tips or even sample
code on how it is done.
Thanks
Arun
942
days inactive
948
days old
1 comments
2 participants
participants (2)
-
Arun Sudhir -
Roberts, William C