[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xense-devel] RE: [TrouSerS-users] vTPM data seal issue
Vinnie, Thanks for the response and the patch, that's a big help. You bring up a lot of good points. Fortunately for us we're not doing attestation (yet). We just wanted Dom U to seal to PCRs set by the BIOS and Trusted GRUB. Justin -----Original Message----- From: Scarlata, Vincent R [mailto:vincent.r.scarlata@xxxxxxxxx] Sent: Thursday, October 19, 2006 7:22 PM To: Osborn, Justin D.; Hal Finney Cc: xense-devel@xxxxxxxxxxxxxxxxxxx; trousers-users@xxxxxxxxxxxxxxxxxxxxx Subject: RE: [TrouSerS-users] vTPM data seal issue Below is a patch to the vtpm to copy all the hwPCRs into the vPCRs during vtpm initialization. The reason that it's not part of the xen tree is that it's not clear exactly what these PCRs mean in virtual environment. More precisely, PCRs 0-7 indicate the BIOS/firmware/MBR/loader,etc configuration of the platform. For a physical platform, seems pretty clean cut about what these are. Well, what about an HVM? HVMs have two sets of these. For example, the platform BIOS and the BOCHS BIOS, which one goes in vPCR 0? What about a paravirtualized VM? There is only 1 BIOS, but some other places in the PCR list are fuzzy. Like, the loader measures the "kernel." Is the Xen or the Linux Kernel? How does an attester know what to expect? You quickly get into usage model discussions to determine what the appropriate values for virtual PCRs should be. So for now, they are set to the default boot configuration for a TPM. -Vinnie Scarlata Trusted Platform Lab Corporate Technology Group Intel Corporation -----Original Message----- From: Osborn, Justin D. [mailto:Justin.Osborn@xxxxxxxxxx] Sent: Thursday, October 19, 2006 5:31 AM To: Hal Finney Cc: xense-devel@xxxxxxxxxxxxxxxxxxx; trousers-users@xxxxxxxxxxxxxxxxxxxxx; Scarlata, Vincent R Subject: RE: [TrouSerS-users] vTPM data seal issue > Speaking of which, here's a question for the vTPM developers: Is there > code out there to load the vTPM PCRs (1-8) with the values from the > physical TPM? I'm about to (attempt to) write that, and it'd be helpful > if someone's already done it. diff -uprN vtpm/tpm/tpm_startup.c vtpm-pcrcopy/tpm/tpm_startup.c --- vtpm/tpm/tpm_startup.c 2006-08-14 15:28:46.000000000 -0700 +++ vtpm-pcrcopy/tpm/tpm_startup.c 2006-08-14 15:28:23.000000000 -0700 @@ -20,6 +20,93 @@ #include "tpm_data.h" #include "tpm_handles.h" + +/* + * Copy hTPM PCRs from hTPM + * + */ +static int copy_pcrs() +{ + int res, out_data_size, in_header_size; + BYTE *ptr, *out_data, *in_header; + UINT32 result, len, in_rsp_size; + UINT16 tag = VTPM_TAG_REQ; + UINT32 index; + + printf("Copying hTPM PCRs...\n"); + + for (index=0; index < TPM_NUM_PCR; index ++) { + if (index = 8) { // Skip pcrs 8-16 + index = 17; + continue; + } + + if (vtpm_tx_fh < 0) { + vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY); + } + + if (vtpm_tx_fh < 0) { + return -1; + } + + // Send request to VTPM Manager to encrypt data + out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length; + out_data = ptr = (BYTE *) malloc(len); + + if (ptr == NULL + || tpm_marshal_UINT32(&ptr, &len, dmi_id) + || tpm_marshal_UINT16(&ptr, &len, tag) + || tpm_marshal_UINT32(&ptr, &len, out_data_size - sizeof(uint32_t)) + || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_TPMCOMMAND) + || tpm_marshal_UINT32(&ptr, &len, index)) { + free(out_data); + return -1; + } + printf("\tCopying HW PCR %d.\n", index); + res = write(vtpm_tx_fh, out_data, out_data_size); + free(out_data); + if (res != out_data_size) return -1; + + if (vtpm_rx_fh < 0) { + if (vtpm_rx_name == NULL) { + vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D)); + sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id); + } + vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY); + } + + if (vtpm_rx_fh < 0) { + return -1; + } + + // Read Header of response so we can get the size & status + in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV; + in_header = ptr = malloc(in_header_size); + + res = read(vtpm_rx_fh, in_header, in_header_size); + + if ( (res != in_header_size) + || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id) + || tpm_unmarshal_UINT16(&ptr, &len, &tag) + || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size) + || tpm_unmarshal_UINT32(&ptr, &len, &result) ) { + || tpm_unmarshal_BYTE_ARRAY(&ptr, &len, &tpmData.permanent.data.pc rValue[index].digest, 20)) { + free(in_header); + return -1; + } + free(in_header); + + if (result != VTPM_SUCCESS) { + return -1; + } + } + + printf("\tFinishing up PCR Copy\n"); + return (0); + } + + + /* * Admin Startup and State ([TPM_Part3], Section 3) * This section describes the commands that start a TPM. @@ -59,12 +146,13 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE /* init session-context nonce */ SET_TO_RAND(&tpmData.stany.data.contextNonceSession); /* reset PCR values */ - for (i = 0; i < TPM_NUM_PCR; i++) { - if (!tpmData.permanent.data.pcrAttrib[i].pcrReset) - SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest); - else - SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest); - } + copy_pcrs(); + //for (i = 0; i < TPM_NUM_PCR; i++) { + // if (!tpmData.permanent.data.pcrAttrib[i].pcrReset) + // SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest); + // else + // SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest); + //} /* reset STCLEAR_FLAGS */ SET_TO_ZERO(&tpmData.stclear.flags); tpmData.stclear.flags.tag = TPM_TAG_STCLEAR_FLAGS; _______________________________________________ Xense-devel mailing list Xense-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xense-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |