[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] vTPM Deep Quote validation

On Mon, Mar 9, 2015 at 4:40 PM, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx> wrote:
On 03/08/2015 07:41 AM, Emil Condrea wrote:
I am trying to validate a Deep Quote request made by domU but I feel that
something is missing. Right now when a domU requests TPM_ORD_DeepQuote:
1. vTPM:
- unpacks the params: nonce, vTPM PCR selection and physical PCR selection
- packs PCR_INFO_SHORT structure into buf that contains the selected vTPM
PCRs
- computes nonce as a SHA1 of: dquot_hdr, nonce, and previous packed buf
- packs: nonce, physical PCR selection
- receives physical pcr data and signature from manager and returns them to
DomU
2. vTPM Manager
- unpacks the params: nonce, PCR selection
- execute TPM_Quote with: externalData = nonce
- returns pcr data and signature to vTPM

If domU user wants to validate the signature it has to do the exact process
that the vtpm and manager did but the virtual PCR values are not included
in response, just physical ones.

 The virtual machine can use TPM_PCRRead to get the value of the vTPM PCRs.
This is the same method that is used by the TPM_Quote2 command.

I thought of using TPM_PCRRead from virtual machine but it was not clear for me if it is safe.
Is it possible for the selected vTPM PCRs values to be different when performingÂ
composite hash on vTPM from the values read with TPM_PCRRead after executing DeepQuote?Â
The TPM has context management for each application? (eg: when one application extends somethingÂ
into a PCR and another application extends other thing in the same PCR(at the same time moment),Â
are they hashed together?)

When I read the standard I understood that the PCRs can never be overwritten,
just reset and extended.Â

Thanks.


We can include the vTPM PCRS in response or the manager must perform
TPM_Quote using the nonce received from domU in order to be able to have a
successful validation on the client side.

 If you want a quote without any vTPM PCRs, you can specify an empty PCR mask
to get something fairly close to this behavior - the nonce will be combined
with an empty deep quote structure instead of passed directly.

What do you think? Is there something that I am missing ?

 It is useful to be able to ask for the current value of both physical and
virtual PCRs in a single atomic operation. Including the value of all PCRs
in the response could make the reply packet too large (which is part of the
reason why TPM_Quote2 removed them).

--
Daniel De Graaf
National Security Agency

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.