WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xense-devel

[Xense-devel] RE: [TrouSerS-users] vTPM data seal issue

To: "Scarlata, Vincent R" <vincent.r.scarlata@xxxxxxxxx>, "Hal Finney" <hal.finney@xxxxxxxxx>
Subject: [Xense-devel] RE: [TrouSerS-users] vTPM data seal issue
From: "Osborn, Justin D." <Justin.Osborn@xxxxxxxxxx>
Date: Fri, 20 Oct 2006 09:17:06 -0400
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx, trousers-users@xxxxxxxxxxxxxxxxxxxxx
Delivery-date: Fri, 20 Oct 2006 12:26:32 -0700
Envelope-to: www-data@xxxxxxxxxxxxxxxxxx
List-help: <mailto:xense-devel-request@lists.xensource.com?subject=help>
List-id: "A discussion list for those developing security enhancements for Xen." <xense-devel.lists.xensource.com>
List-post: <mailto:xense-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/cgi-bin/mailman/listinfo/xense-devel>, <mailto:xense-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xense-devel-bounces@xxxxxxxxxxxxxxxxxxx
Thread-index: AcbzIiGSPyNVHCnmT8WP/2wWf9vkNwAVX06gABcYWeAAHVhYkA==
Thread-topic: [TrouSerS-users] vTPM data seal issue
Vinnie,
      Thanks for the response and the patch, that's a big help.  You
bring up a lot of good points.  Fortunately for us we're not doing
attestation (yet).  We just wanted Dom U to seal to PCRs set by the BIOS
and Trusted GRUB.

Justin 

-----Original Message-----
From: Scarlata, Vincent R [mailto:vincent.r.scarlata@xxxxxxxxx] 
Sent: Thursday, October 19, 2006 7:22 PM
To: Osborn, Justin D.; Hal Finney
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx;
trousers-users@xxxxxxxxxxxxxxxxxxxxx
Subject: RE: [TrouSerS-users] vTPM data seal issue

Below is a patch to the vtpm to copy all the hwPCRs into the vPCRs
during vtpm initialization. The reason that it's not part of the xen
tree is that it's not clear exactly what these PCRs mean in virtual
environment. 

More precisely, PCRs 0-7 indicate the BIOS/firmware/MBR/loader,etc
configuration of the platform. For a physical platform, seems pretty
clean cut about what these are. Well, what about an HVM? HVMs have two
sets of these. For example, the platform BIOS and the BOCHS BIOS, which
one goes in vPCR 0? What about a paravirtualized VM? There is only 1
BIOS, but some other places in the PCR list are fuzzy. Like, the loader
measures the "kernel." Is the Xen or the Linux Kernel? How does an
attester know what to expect?

You quickly get into usage model discussions to determine what the
appropriate values for virtual PCRs should be. So for now, they are set
to the default boot configuration for a TPM.

-Vinnie Scarlata
 Trusted Platform Lab
 Corporate Technology Group
 Intel Corporation

-----Original Message-----
From: Osborn, Justin D. [mailto:Justin.Osborn@xxxxxxxxxx]
Sent: Thursday, October 19, 2006 5:31 AM
To: Hal Finney
Cc: xense-devel@xxxxxxxxxxxxxxxxxxx;
trousers-users@xxxxxxxxxxxxxxxxxxxxx; Scarlata, Vincent R
Subject: RE: [TrouSerS-users] vTPM data seal issue

> Speaking of which, here's a question for the vTPM developers:  Is
there
> code out there to load the vTPM PCRs (1-8) with the values from the 
> physical TPM?  I'm about to (attempt to) write that, and it'd be
helpful
> if someone's already done it.

diff -uprN vtpm/tpm/tpm_startup.c vtpm-pcrcopy/tpm/tpm_startup.c
--- vtpm/tpm/tpm_startup.c      2006-08-14 15:28:46.000000000 -0700
+++ vtpm-pcrcopy/tpm/tpm_startup.c      2006-08-14 15:28:23.000000000
-0700
@@ -20,6 +20,93 @@
 #include "tpm_data.h"
 #include "tpm_handles.h"

+
+/*
+ * Copy hTPM PCRs from hTPM
+ *
+ */
+static int copy_pcrs()
+{
+  int res, out_data_size, in_header_size;
+  BYTE *ptr, *out_data, *in_header;
+  UINT32 result, len, in_rsp_size;
+  UINT16 tag = VTPM_TAG_REQ;
+  UINT32 index;
+
+  printf("Copying hTPM PCRs...\n");
+
+  for (index=0; index < TPM_NUM_PCR; index ++) {
+    if (index = 8) { // Skip pcrs 8-16
+       index = 17;
+       continue;
+    }
+
+    if (vtpm_tx_fh < 0) {
+      vtpm_tx_fh = open(VTPM_TX_FIFO, O_WRONLY);
+    }
+
+    if (vtpm_tx_fh < 0) {
+      return -1;
+    }
+
+    // Send request to VTPM Manager to encrypt data
+    out_data_size = len = VTPM_COMMAND_HEADER_SIZE_SRV + data_length;
+    out_data = ptr = (BYTE *) malloc(len);
+
+    if (ptr == NULL
+            || tpm_marshal_UINT32(&ptr, &len, dmi_id)
+            || tpm_marshal_UINT16(&ptr, &len, tag)
+            || tpm_marshal_UINT32(&ptr, &len, out_data_size -
sizeof(uint32_t))
+            || tpm_marshal_UINT32(&ptr, &len, VTPM_ORD_TPMCOMMAND)
+            || tpm_marshal_UINT32(&ptr, &len, index)) {
+          free(out_data);
+          return -1;
+    }
+    printf("\tCopying HW PCR %d.\n", index);
+    res = write(vtpm_tx_fh, out_data, out_data_size);
+    free(out_data);
+    if (res != out_data_size) return -1;
+
+    if (vtpm_rx_fh < 0) {
+      if (vtpm_rx_name == NULL) {
+        vtpm_rx_name = malloc(10 + strlen(VTPM_RX_FIFO_D));
+        sprintf(vtpm_rx_name, VTPM_RX_FIFO_D, (uint32_t) dmi_id);
+      }
+      vtpm_rx_fh = open(vtpm_rx_name, O_RDONLY);
+    }
+
+    if (vtpm_rx_fh < 0) {
+          return -1;
+    }
+
+    // Read Header of response so we can get the size & status
+    in_header_size = len = VTPM_COMMAND_HEADER_SIZE_SRV;
+    in_header = ptr = malloc(in_header_size);
+
+    res = read(vtpm_rx_fh, in_header, in_header_size);
+
+    if ( (res != in_header_size)
+             || tpm_unmarshal_UINT32(&ptr, &len, (UINT32*)&dmi_id)
+             || tpm_unmarshal_UINT16(&ptr, &len, &tag)
+             || tpm_unmarshal_UINT32(&ptr, &len, &in_rsp_size)
+             || tpm_unmarshal_UINT32(&ptr, &len, &result) ) {
+             || tpm_unmarshal_BYTE_ARRAY(&ptr, &len,
&tpmData.permanent.data.pc
rValue[index].digest, 20)) {
+            free(in_header);
+            return -1;
+    }
+    free(in_header);
+
+    if (result != VTPM_SUCCESS) {
+        return -1;
+    }
+  }
+
+  printf("\tFinishing up PCR Copy\n");
+  return (0);
+ }
+
+
+
 /*
  * Admin Startup and State ([TPM_Part3], Section 3)
  * This section describes the commands that start a TPM.
@@ -59,12 +146,13 @@ TPM_RESULT TPM_Startup(TPM_STARTUP_TYPE
     /* init session-context nonce */
     SET_TO_RAND(&tpmData.stany.data.contextNonceSession);
     /* reset PCR values */
-    for (i = 0; i < TPM_NUM_PCR; i++) {
-      if (!tpmData.permanent.data.pcrAttrib[i].pcrReset)
-        SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest);
-      else
-        SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest);
-    }
+    copy_pcrs();
+    //for (i = 0; i < TPM_NUM_PCR; i++) {
+    //  if (!tpmData.permanent.data.pcrAttrib[i].pcrReset)
+    //    SET_TO_ZERO(&tpmData.permanent.data.pcrValue[i].digest);
+    //  else
+    //    SET_TO_0xFF(&tpmData.permanent.data.pcrValue[i].digest);
+    //}
     /* reset STCLEAR_FLAGS */
     SET_TO_ZERO(&tpmData.stclear.flags);
     tpmData.stclear.flags.tag = TPM_TAG_STCLEAR_FLAGS;

_______________________________________________
Xense-devel mailing list
Xense-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xense-devel

<Prev in Thread] Current Thread [Next in Thread>