November 2021 - tpm2 - Ml01.01.Org

Calculating name of created AK- server side

by kuba.michal.n＠gmail.com

Hello! I would like to know if it is possible to calculate name of AK generated by host on a remote server? I have read about remote attestation. To ensure the AK matches EK we have to make credential using name of the AK. To achieve this we have to either: a) calculate name of the AK on server b) receive name of the AK from host and believe it's a name for a proper AK Am I missing something? I have searched for explanation in docs posted on TCG's site, but I just can't find anything useful for nameAlg. I would be thankful for any help or advice :D

1 day, 23 hours

3
6
2 / 0

abrmd crashing - how to debug?

by Kenneth Goldman

Ubuntu focal with WSL, abrmd compiled from source After about 5 minutes of sending commands, abrmd crashes. I originally found it with keylime, but I can reproduce it with a simple bash loop on pcrread. abrmd exits, the tool output is: ** (process:21067): CRITICAL **: 17:25:10.862: failed to allocate dbus proxy object: Could not connect: Connection refused WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7ff5f6dbbe10 failed with a0008 WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-abrmd ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: tabrmd ERROR:tcti:src/tss2-tcti/tctildr.c:416:Tss2_TctiLdr_Initialize_Ex() Failed to instantiate TCTI ERROR: Could not load tcti, got: "tabrmd:bus_name=com.intel.tss2.Tabrmd" How would I debug? I would expect that nothing that a single application does should crash abrmd. -- Ken Goldman kgoldman(a)us.ibm.com 914-945-2415 (862-2415)

1 month

6
13
0 / 0

Re-provision TPM

by Anthony Arrascue

Hello, I am learning about the TSS and TPM techonologies. I have provisioned the TPM with the default settings, which means I am now using the ECC profile (P_ECCP256SHA256). However, encryption was a requirement I needed to fulfill. I just didn't know that ECC encryption is currently not supported and now I realize RSA would be a better fit for me. So here is my question: * I see there is another profile in /usr/local/etc/tpm2-tss/fapi-profiles, namely P_RSA2048SHA256.json. Is there a way I can encrypt using the RSA profile instead of the ECC one? I tried to re-run tss2_provision, after setting it in fapi-config.json, but it seems this is not the way to proceed. I get the message that the TPM has been already provisioned. What is the correct way of "changing" profile? Is it even possible or do I need to reset the TPM? Thank you for your help. Anthony Arrascue

3 months

4
5
1 / 0

Re: Schema of object.json

by Anthony Arrascue

Hi David, Thank you for your reply. Do you know if I can find documentation about this? I found what I believe is the serialization / deserialization of those JSON objects: https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260... https://github.com/tpm2-software/tpm2-tss/blob/04a2853994eb31747c3e19c260... But this encryption process of the PrivK, with the PubKey of the SRK is then somewhere else? Best, Anthony From: David Challener <david.c.challener(a)gmail.com> Sent: Tuesday, 16 November 2021 16:56 To: Anthony Arrascue <AArrascue(a)neuroloop.de> Subject: Re: [tpm2] Schema of object.json I expect the private key is the encrytion of the real private key with the srk oublic key. On Tue, Nov 16, 2021, 9:31 AM Anthony Arrascue <AArrascue(a)neuroloop.de<mailto:AArrascue@neuroloop.de>> wrote: Hello, I am using TPM2-TSS v. 2.4.x and TPM2-TOOLS v. 4.X. Let’s suppose I create a key running: tss2_createkey --path=HS/SRK/MyKey --type="sign,noDa,decrypt,system" --authValue=blabla This creates a folder MyKey in […]/keystore/P_RSA2048SHA256/HS/SRK/MyKey and a file object.json inside. I was wondering what the public / private keys are? public":{ "size":278, "publicArea":{…}, … "unique":"acc645e440fce2b34772dc94658c2b0daf3c18053ecfd7924ef3346dd764d7c5dd91ca207683a5ea884f03adf7e198728c39a8a59f01326a80f768a0f7302dd0b7e37b0c1efa22e8604f85c061c0a81e60ab97edb1e81cdc2b889ad2414045c273ce6af38260a91dd6857013bdffd7e5541a0a9f3221ea6bd1c41f650dd3f52f5cac75e76e0618541c622f48e0967867e1d40c632f5e87600442d7e534390741d4b4f0a9b7ac0a141ce07c0d5d7447c598183d2c48a8bccf9ddb867193518e2cb10c86f03bc996d3b054b383df7f10f2c6d0d070358c72a325e2ad5301ae1f4834160aaefa1cecb3e8e0441e1fb0ab60feefd35e2c9ec6439fdc9a0e5b6456ff" } }, … "serialization":"", "private":"00201f93bbec6eb3d00f08cb8cafd48dffe6b06150fa45b989072922b2049c962de80010baf3c7683d5039a27cb73036531a869137bc3a57d30b8c348b73ce134eb11066e45803e5ee7bba20192ab4f6881b21004261ab06af37c68a22758284d9d21fc91d49748f6eee1bc8f1011d0e4fd228642e98f3ee65a4161d1cc53af6b0dfb48aafc9cefde1ca8212b08e16b4c15d0a16adc36b19133350f73bace6f12d11c084d9eb953cf9c87d0a2f2b34617a2369ffc9fb299113bba531d9be465e033ec54511cf6b6e3463e84018e40eaded1fa6ad13da671946cd03a567f3", … Questions: what is the meaning of the “unique” and “private” keys? Is there a place where a schema can be found for a key? The private part cannot be the private key right? It would not make sense that this is stored as plain text. Thank you very much for any help. Best, Anthony Arrascue _______________________________________________ tpm2 mailing list -- tpm2(a)lists.01.org<mailto:tpm2@lists.01.org> To unsubscribe send an email to tpm2-leave(a)lists.01.org<mailto:tpm2-leave@lists.01.org> %(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

6 months

2
2
0 / 0

Schema of object.json

by Anthony Arrascue

Hello, I am using TPM2-TSS v. 2.4.x and TPM2-TOOLS v. 4.X. Let’s suppose I create a key running: tss2_createkey --path=HS/SRK/MyKey --type="sign,noDa,decrypt,system" --authValue=blabla This creates a folder MyKey in […]/keystore/P_RSA2048SHA256/HS/SRK/MyKey and a file object.json inside. I was wondering what the public / private keys are? public":{ "size":278, "publicArea":{…}, … "unique":"acc645e440fce2b34772dc94658c2b0daf3c18053ecfd7924ef3346dd764d7c5dd91ca207683a5ea884f03adf7e198728c39a8a59f01326a80f768a0f7302dd0b7e37b0c1efa22e8604f85c061c0a81e60ab97edb1e81cdc2b889ad2414045c273ce6af38260a91dd6857013bdffd7e5541a0a9f3221ea6bd1c41f650dd3f52f5cac75e76e0618541c622f48e0967867e1d40c632f5e87600442d7e534390741d4b4f0a9b7ac0a141ce07c0d5d7447c598183d2c48a8bccf9ddb867193518e2cb10c86f03bc996d3b054b383df7f10f2c6d0d070358c72a325e2ad5301ae1f4834160aaefa1cecb3e8e0441e1fb0ab60feefd35e2c9ec6439fdc9a0e5b6456ff" } }, … "serialization":"", "private":"00201f93bbec6eb3d00f08cb8cafd48dffe6b06150fa45b989072922b2049c962de80010baf3c7683d5039a27cb73036531a869137bc3a57d30b8c348b73ce134eb11066e45803e5ee7bba20192ab4f6881b21004261ab06af37c68a22758284d9d21fc91d49748f6eee1bc8f1011d0e4fd228642e98f3ee65a4161d1cc53af6b0dfb48aafc9cefde1ca8212b08e16b4c15d0a16adc36b19133350f73bace6f12d11c084d9eb953cf9c87d0a2f2b34617a2369ffc9fb299113bba531d9be465e033ec54511cf6b6e3463e84018e40eaded1fa6ad13da671946cd03a567f3", … Questions: what is the meaning of the “unique” and “private” keys? Is there a place where a schema can be found for a key? The private part cannot be the private key right? It would not make sense that this is stored as plain text. Thank you very much for any help. Best, Anthony Arrascue

6 months

1
0
0 / 0

tss2_createkey - unable to set persistent handle

by z4pu＠pm.me

Hello everyone I am having issues using the Feature_API to create a key under the `/P_ECCP256SHA256/HS/SRK/` path. This is using `tss2_createkey` as well as using the Feature API programmatically. The issue is that I am able to generate a key at the path, but I am never able to set a persistent handle for it. I would like to set a persistent handle for my child key as I am looking to use https://github.com/tpm2-software/tpm2-tss-engine/ programmatically. When loading a key using the engine library, according to https://github.com/tpm2-software/tpm2-tss-engine/blob/89327fa8b51962348c4..., I can load a key by: - specifying the persistent handle or - providing the path to the encrypted TSS key file. I am using the following: - Ubuntu 20.04 - swtpm --version: TPM emulator version 0.7.0, Copyright (c) 2014-2021 IBM Corp. This is running in a Docker container exposing ports 2322 and 2321 using `docker run --name swtpm -p 2322:2322 -p 2321:2321 --rm --detach swtpm:latest` - https://github.com/tpm2-software/tpm2-tss: latest master branch, based on release 2.4.6 - https://github.com/tpm2-software/tpm2-tools: latest master branch, based on 5.2 2021-09-28 fapi-config.json : ``` { "profile_name": "P_ECCP256SHA256", "profile_dir": "/usr/local/etc/tpm2-tss/fapi-profiles/", "user_dir": "~/.local/share/tpm2-tss/user/keystore", "system_dir": "/usr/local/var/lib/tpm2-tss/system/keystore", "tcti": "swtpm:port=2321", "ek_cert_less":"YES", "system_pcrs" : [], "log_dir" : "/usr/local/var/run/tpm2-tss/eventlog/" } ``` The profiles at /usr/local/etc/tpm2-tss/fapi-profiles are the defaults: ``` cat /usr/local/etc/tpm2-tss/fapi-profiles/P_ECCP256SHA256.json { "type": "TPM2_ALG_ECC", "nameAlg":"TPM2_ALG_SHA256", "srk_template": "system,restricted,decrypt,0x81000001", "srk_description": "Storage root key SRK", "srk_persistent": 0, "ek_template": "system,restricted,decrypt", "ek_description": "Endorsement key EK", "ecc_signing_scheme": { "scheme":"TPM2_ALG_ECDSA", "details":{ "hashAlg":"TPM2_ALG_SHA256" }, }, "sym_mode":"TPM2_ALG_CFB", "sym_parameters": { "algorithm":"TPM2_ALG_AES", "keyBits":"128", "mode":"TPM2_ALG_CFB" }, "sym_block_size": 16, "pcr_selection": [ { "hash": "TPM2_ALG_SHA1", "pcrSelect": [ ], }, { "hash": "TPM2_ALG_SHA256", "pcrSelect": [ 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23 ] } ], "curveID": "TPM2_ECC_NIST_P256", "ek_policy": { "description": "Endorsement hierarchy used for policy secret.", "policy":[ { "type":"POLICYSECRET", "objectName": "4000000b", } ] } } ``` I'm also making sure to remove the following folders in between my experiments: - /usr/local/var/lib/tpm2-tss/system/keystore/P_ECCP256SHA256 - /root/.local/share/tpm2-tss/user/keystore/P_ECCP256SHA256 (as my Docker container is running as root) - ~/.local/share/tpm2-tss/user/keystore/P_ECCP256SHA256 The handle I am choosing for the child key is `0x81020001`, based on my reading of Table 7 of and the surrounding text at https://www.trustedcomputinggroup.org/wp-content/uploads/131011-Registry-... The sequence of commands I am running as root is: - tss2_provision to provision the TPM - tpm2_getcap handles-persistent to list the used handles: Output is `- 0x81800000 - 0x81800001` - tss2_list to confirm that the keys under the hierarchies have been created. Output is `/P_ECCP256SHA256/HN:/P_ECCP256SHA256/HE:/P_ECCP256SHA256/HE/EK:/P_ECCP256SHA256/LOCKOUT:/P_ECCP256SHA256/HS/SRK:/P_ECCP256SHA256/HS` - tss2_createkey --path="/P_ECCP256SHA256/HS/SRK/device_key" --type="sign, decrypt, noDa, 0x81020001" --authValue="" - tss2_list again, Output is `/P_ECCP256SHA256/HN:/P_ECCP256SHA256/HE:/P_ECCP256SHA256/HE/EK:/P_ECCP256SHA256/LOCKOUT:/P_ECCP256SHA256/HS/SRK:/P_ECCP256SHA256/HS:/P_ECCP256SHA256/HS/SRK/device_key` - tpm2_getcap handles-persistent does not list the requested handle: Output is `- 0x81800000 - 0x81800001` However, when I restart the TPM, and do not provision it, I can run the following commands as root to generate a child key and the parent key with a persistent handle: - tpm2_getcap handles-persistent: Output is `- 0x81800000 - 0x81800001` - tpm2_createprimary --hierarchy=o --key-algorithm=ecc256 --key-context=owner_primary.ctx --format=pem --output=owner_primary_public_key.pem output is ``` name-alg: value: sha256 raw: 0xb attributes: value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|restricted|decrypt raw: 0x30072 type: value: ecc raw: 0x23 curve-id: value: NIST p256 raw: 0x3 kdfa-alg: value: null raw: 0x10 kdfa-halg: value: (null) raw: 0x0 scheme: value: null raw: 0x10 scheme-halg: value: (null) raw: 0x0 sym-alg: value: aes raw: 0x6 sym-mode: value: cfb raw: 0x43 sym-keybits: 128 x: 9eecfa05a9a8ddadc8adabe4c9ce3d34b60afe0fd35cc799e28badc638cae6ad y: 30dfc43266c2aa3480f31366ac5d189abf793dae100f30b50b344b7207f03994 ``` - tpm2_create --parent-context=owner_primary.ctx --key-algorithm=ecc256 --public=child_public.key --private=child_private.key Output is ``` name-alg: value: sha256 raw: 0xb attributes: value: fixedtpm|fixedparent|sensitivedataorigin|userwithauth|decrypt|sign raw: 0x60072 type: value: ecc raw: 0x23 curve-id: value: NIST p256 raw: 0x3 kdfa-alg: value: null raw: 0x10 kdfa-halg: value: (null) raw: 0x0 scheme: value: null raw: 0x10 scheme-halg: value: (null) raw: 0x0 sym-alg: value: null raw: 0x10 sym-mode: value: (null) raw: 0x0 sym-keybits: 0 x: 801553461b62972e1e3894e1baa1d56196774f829285f714a163c63a57a219de y: ebfd148f186f2560a0a6713b5f6f50bfaa39b7a320304f8620c36bdee4dfa379 ``` - tpm2_load --parent-context=owner_primary.ctx --public=child_public.key --private=child_private.key --key-context=child_key.ctx Output is `name: 000b18738b4a5366d3f863920c7b98db696c723fd88e030b7cad32e1d3ac33e6fb6c` - tpm2_evictcontrol --hierarchy=o --object-context=child_key.ctx 0x81020001 Output is ``` persistent-handle: 0x81020001 action: persisted ``` - tpm2_evictcontrol --hierarchy=o --object-context=owner_primary.ctx 0x81010001 Output is ``` persistent-handle: 0x81010001 action: persisted ``` - tpm2_getcap handles-persistent Output is ``` - 0x81010001 - 0x81020001 - 0x81800000 - 0x81800001 ``` - tss2_list Output is an error message ``` WARNING:fapi:src/tss2-fapi/api/Fapi_List.c:216:Fapi_List_Finish() Path not found: ERROR:fapi:src/tss2-fapi/api/Fapi_List.c:81:Fapi_List() ErrorCode (0x00060034) Entities_List Fapi_List(0x60034) - fapi:Provisioning was not executed. ``` There isn't anything in `/usr/local/var/run/tpm2-tss/eventlog/` for me to look at, possibly because of the Dockerised setup. I can later delete these persistent handles using e.g. tpm2_evictcontrol --hierarchy=o --object-context=0x81020001 Thanks very much in advance Cheers z.

6 months, 1 week

5
4
0 / 0

Help implementing "OR" PCR policy using C lib

by michael.g.millsap＠intel.com

I'm implementing the sealing of a LUKS key against secure boot PCRs and am trying to enable firmware updates using Esys_PolicyOR(). I can't find any example code. I am currently doing an Esys_PolicyPCR(), followed by Esys_PolicyGetDigest() and then I seal against that digest. How would I add the PolicyOR step? Would I do an Esys_PolicyPCR() & Esys_PolicyGetDigest() for each set of PCR values, followed by a Esys_PolicyOR() and then another Esys_PolicyGetDigest() to get the final digest to seal against? What would the unseal process look like? Thanks, Mike

6 months, 3 weeks

4
3
0 / 0

2022

2021

2020

2019

2018

2017

tpm2 November 2021