[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xense-devel] RE: [TrouSerS-users] vTPM data seal issue



Vinnie,
      Thanks for the response and the patch, that's a big help.  You
bring up a lot of good points.  Fortunately for us we're not doing
attestation (yet).  We just wanted Dom U to seal to PCRs set by the BIOS
and Trusted GRUB.

Justin 

-----Original Message-----
From: Scarlata, Vincent R [mailto:vincent.r.scarlata@xxxxxxxxx] 
Sent: Thursday, October 19, 2006 7:22 PM
To: Osborn, Justin D.; Hal Finney
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx;
trousers-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [TrouSerS-users] vTPM data seal issue

Below is a patch to the vtpm to copy all the hwPCRs into the vPCRs
during vtpm initialization. The reason that it's not part of the xen
tree is that it's not clear exactly what these PCRs mean in virtual
environment. 

More precisely, PCRs 0-7 indicate the BIOS/firmware/MBR/loader,etc
configuration of the platform. For a physical platform, seems pretty
clean cut about what these are. Well, what about an HVM? HVMs have two
sets of these. For example, the platform BIOS and the BOCHS BIOS, which
one goes in vPCR 0? What about a paravirtualized VM? There is only 1
BIOS, but some other places in the PCR list are fuzzy. Like, the loader
measures the "kernel." Is the Xen or the Linux Kernel? How does an
attester know what to expect?

You quickly get into usage model discussions to determine what the
appropriate values for virtual PCRs should be. So for now, they are set
to the default boot configuration for a TPM.

-Vinnie Scarlata
 Trusted Platform Lab
 Corporate Technology Group
 Intel Corporation

-----Original Message-----
From: Osborn, Justin D. [mailto:Justin.Osborn@xxxxxxxxxx]
Sent: Thursday, October 19, 2006 5:31 AM
To: Hal Finney
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx;
trousers-users@xxxxxxxxxxxxxxxxxxxxx; Scarlata, Vincent R
Subject: RE: [TrouSerS-users] vTPM data seal issue

> Speaking of which, here's a question for the vTPM developers:  Is
there
> code out there to load the vTPM PCRs (1-8) with the values from the 
> physical TPM?  I'm about to (attempt to) write that, and it'd be
helpful
> if someone's already done it.

diff -uprN vtpm/tpm/tpm_startup.c vtpm-pcrcopy/tpm/tpm_startup.c
--- vtpm/tpm/tpm_startup.c      2006-08-14 15:28:46.000000000 -0700
+++ vtpm-pcrcopy/tpm/tpm_startup.c      2006-08-14 15:28:23.000000000
-0700
@@ -20,6 +20,93 @@
 #include "tpm_data.h"
 #include "tpm_handles.h"

+
+/*
+ * Copy hTPM PCRs from hTPM
+ *
+ */
+static int copy_pcrs()
+{
+  int res, out_data_size, in_header_size;
+  BYTE *ptr, *out_data, *in_header;
+  UINT32 result, len, in_rsp_size;
+  UINT16 tag = VTPM_TAG_REQ;
+  UINT32 index;
+
+  printf("Copying hTPM PCRs...\n");
+
+  for (index=0; index < TPM_NUM_PCR; index ++) {
+    if (index = 8) { // Skip pcrs 8-16
+       index = 17;
+       continue;
+    }
+
+    if (vtpm_tx_fh < 0) {
+      vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY);
+    }
+
+    if (vtpm_tx_fh < 0) {
+      return -1;
+    }
+
+    // Send request to VTPM Manager to encrypt data
+    out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length;
+    out_data = ptr = (BYTE *) malloc(len);
+
+    if (ptr == NULL
+            || tpm_marshal_UINT32(&ptr, &len, dmi_id)
+            || tpm_marshal_UINT16(&ptr, &len, tag)
+            || tpm_marshal_UINT32(&ptr, &len, out_data_size -
sizeof(uint32_t))
+            || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_TPMCOMMAND)
+            || tpm_marshal_UINT32(&ptr, &len, index)) {
+          free(out_data);
+          return -1;
+    }
+    printf("\tCopying HW PCR %d.\n", index);
+    res = write(vtpm_tx_fh, out_data, out_data_size);
+    free(out_data);
+    if (res != out_data_size) return -1;
+
+    if (vtpm_rx_fh < 0) {
+      if (vtpm_rx_name == NULL) {
+        vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D));
+        sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id);
+      }
+      vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY);
+    }
+
+    if (vtpm_rx_fh < 0) {
+          return -1;
+    }
+
+    // Read Header of response so we can get the size & status
+    in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
+    in_header = ptr = malloc(in_header_size);
+
+    res = read(vtpm_rx_fh, in_header, in_header_size);
+
+    if ( (res != in_header_size)
+             || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id)
+             || tpm_unmarshal_UINT16(&ptr, &len, &tag)
+             || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size)
+             || tpm_unmarshal_UINT32(&ptr, &len, &result) ) {
+             || tpm_unmarshal_BYTE_ARRAY(&ptr, &len,
&tpmData.permanent.data.pc
rValue[index].digest, 20)) {
+            free(in_header);
+            return -1;
+    }
+    free(in_header);
+
+    if (result != VTPM_SUCCESS) {
+        return -1;
+    }
+  }
+
+  printf("\tFinishing up PCR Copy\n");
+  return (0);
+ }
+
+
+
 /*
  * Admin Startup and State ([TPM_Part3], Section 3)
  * This section describes the commands that start a TPM.
@@ -59,12 +146,13 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE
     /* init session-context nonce */
     SET_TO_RAND(&tpmData.stany.data.contextNonceSession);
     /* reset PCR values */
-    for (i = 0; i < TPM_NUM_PCR; i++) {
-      if (!tpmData.permanent.data.pcrAttrib[i].pcrReset)
-        SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest);
-      else
-        SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest);
-    }
+    copy_pcrs();
+    //for (i = 0; i < TPM_NUM_PCR; i++) {
+    //  if (!tpmData.permanent.data.pcrAttrib[i].pcrReset)
+    //    SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest);
+    //  else
+    //    SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest);
+    //}
     /* reset STCLEAR_FLAGS */
     SET_TO_ZERO(&tpmData.stclear.flags);
     tpmData.stclear.flags.tag = TPM_TAG_STCLEAR_FLAGS;

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel


 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.