Changes between Version 6 and Version 7 of tpm


Ignore:
Timestamp:
03/13/2024 11:28:50 PM (2 months ago)
Author:
Tim Harvey
Comment:

refactor and add uboot info

Legend:

Unmodified
Added
Removed
Modified
  • tpm

    v6 v7  
     1[[PageOutline]]
     2
    13= Trusted Protection Module
    2 [[PageOutline]]
    3 Gateworks has an optional TPM on some SBCs.
    44
    5 The below models can optionally have it loaded:
     5A Trusted Platform Module (TPM) is a small piece of hardware designed to provide various security functionalities. It offers numerous features, such as storing secrets, ‘measuring’ boot, and may act as an external cryptographic engine.
     6
     7[https://trustedcomputinggroup.org/ The Trusted Computing Group (TCG)] delivers a document called TPM Interface Specifications (TIS) which describes the architecture of such devices and how they are supposed to behave as well as various details around the concepts. Additionally they provide a Library Specification.
     8
     9TPM chips are either compliant with the initial specification or the v2.0+ specification: See [https://en.wikipedia.org/wiki/Trusted_Platform_Module#TPM_1.2_vs_TPM_2.0 TPM v1.2 vs TPM 2.0] for details.
     10
     11== Microchip ATTPM20P
     12Gateworks has an optional TPM on the Venice and Malibu family SBCs:
    613 * Malibu GW8901
    714 * Venice:
    8   * GW74xx-B
    9   * GW73xx-F
    10   * GW72xx-F
    11   * GW71xx-E
     15  * GW74xx (revision B+)
     16  * GW73xx (revision F+)
     17  * GW72xx (revision F+)
     18  * GW71xx (revision E+)
    1219
    13 The boards can contain an onboard Microchip ATTPM20P-H6MA1-10 TPM connected to the SPI bus.
     20The TPM used is a Microchip ATTPM20P-H6MA1-10 TPM connected to the SPI bus and is compliant to the Trusted Computing Group (TCG) [https://trustedcomputinggroup.org/ Trusted Platform Module (TPM) Version 2.0]
    1421
    15 This is compliant to the Trusted Computing Group (TCG) Trusted Platform Module (TPM) Version 2.0,
    16 r116 Trusted Platform Module Library. See link here: [https://trustedcomputinggroup.org/ Link]
    17 
    18 Cryptographic Support for:
     22This provides cryptographic support for:
    1923 - HMAC
    2024 - AES-128
     
    2226 - SHA-256
    2327 - ECC BN_P256, ECCNIST_P256
    24  -RSA 1024-2048 bit keys
     28 - RSA 1024-2048 bit keys
    2529
    26 It is controlled via generic TCG SPI Linux driver:
    27  *  drivers/char/tpm/tpm_tis_spi.c: CONFIG_TCG_TIS, CONFIG_TCG_TIS_SPI
     30== Linux Driver
     31The TIS compliant TPM devices are supported by the TCG SPI Linux driver:
     32 * drivers/char/tpm/ (CONFIG_TCG_TIS_CORE, CONFIG_TCG_TIS, CONFIG_TCG_TIS_SPI)
    2833
    29 TPM 2.0 provides direct access via /dev/tpm0 (with one client at a time), and can be accessed through the tpm2-abrmd resource manager daemon, or kernel-managed access via /dev/tpmrm0
     34This driver provides access via:
     35 - /dev/tpm0
     36 - /dev/tpmrm0
    3037
    31 The TPM device is at /dev/tpm0
     38A solid [https://github.com/tpm2-software TPM 2.0 software stack is available for Linux]:
     39 - [https://github.com/tpm2-software/tpm2-tss tpm2-tss] TPM Software Stack (tss)
     40 - [https://github.com/tpm2-software/tpm2-tools tpm2-tools] TPM2 tools based on the tpm2-tss stack
     41 - [https://github.com/tpm2-software/tpm2-abrmd tpm2-abrmd] TPM2 Access Broker and Resource Manager
    3242
    33 The TPM tool set (over 100 different commands) can be installed with the following command:
    34 {{{
     43Examples:
     44 - Install packages
     45{{{#!bash
    3546apt install tpm2-tools tpm2-abrmd
    3647}}}
    37 
    38 Example tpm2-tools showing the properties:
    39 {{{
     48 - Show tpm capabilities/properties:
     49{{{#!bash
    4050root@jammy-malibu:~# tpm2_getcap properties-fixed
    4151TPM2_PT_FAMILY_INDICATOR:
     
    5767  raw: 0x0
    5868  value: ""
    59   etc.....
    60 
     69  .....
    6170}}}
    62 
    63 == PCR Values
    64 
    65 Platform Configuration Registers (PCRs) are registers that represent ‘fingerprints’ of different pieces of a specific system. These pieces can be things such as the bootloader, Linux kernel, and Initramfs. If the stored PCR values in the TPM do not match the currently booting system PCRs, access will not be granted. For example, someone trying to boot a Ubuntu Live CD would not be able to access the TPM key as the PCRs generated from the original disk and stored in the TPM will not match the newly generated PCRs from the boot CD. PCRs use hashing and thus any new value is concatenated with the old and then hashed. This new hash will replace the old hash. The definition of each specific PCR register can be found online.   
    66 
    67 Read the PCR Values:
    68 {{{
    69 #!bash
     71 - Read the PCR Values:
     72{{{#!bash
    7073root@jammy-venice:~# tpm2_pcrread
    7174  sha1:
     
    9598    23: 0x0000000000000000000000000000000000000000
    9699  sha256:
    97 
    98100}}}
    99 
    100 == Clearing the TPM
    101 
    102 Only do this if you need to clear the TPM
    103 {{{
     101 - Clearing the TPM
     102{{{#!bash
    104103tpm2_clear
    105104}}}
    106 
    107 
    108 == Generate Random Number
    109 
    110 See example below
    111 {{{
     105 - Generate Random Number
     106{{{#!bash
    112107tpm2_getrandom --hex 8
    113108}}}
    114109
     110== PCR Values
     111A cryptographic hash (sometimes called a 'digest') is a kind of 'signature' for a set of data. For example the SHA-256 algorithm can be used to generate an almost-unique 256-bit (32-byte) signature (aka 'hash' or 'digest') for a file. Note that this signature/hash/digest is not 'encryption' - it is a one way cryptographic function and is a fixed size for any source of data.
     112
     113Starting from a root of trust (typically the SoC BOOT ROM) each software stage during the boot process is supposed to to some measurements and store them in a safe place. A 'measure' is just a signature/hash/digest of a memory region. This value can be sent to the TPM as a measure which will merge with measurement with the previous ones.
     114
     115The hardware feature used to store and merge these measurements is called Platform Configuration Registers (PCR). At power-up a PCR is set to a known value (typically either 0x00's or 0xff's) and sending a new value to the TPM is called 'extending a PCR' because the chosen register will extend its value with the one received. This way a PCR can only evolve in one direction and never go back unless the platform is reset. Each software stage will be in charge of extending a set of PCRs with digests of the next software stage. Once in Linux for example user software may ask the TPM to deliver its secrects but the only way to get them is having all PCRs matching a known pattern which can only be obtained by extending the PCRs in the right order with the right digets.
     116
     117If the stored PCR values in the TPM do not match the currently booting system PCRs, access will not be granted. For example, someone trying to boot a Ubuntu Live CD would not be able to access the TPM key as the PCRs generated from the original disk and stored in the TPM will not match the newly generated PCRs from the boot CD. PCRs use hashing and thus any new value is concatenated with the old and then hashed. This new hash will replace the old hash. The definition of each specific PCR register can be found online.   
     118
    115119== TPM Key Flow
     120A general flow for loading a key into the TPM: (arguments needed for below commands specific to each application )
     121{{{#!bash
     122tpm2_createpolicy  # Create PCR Policy
     123tpm2_createprimary  # Create primary TPM object
     124tpm2_create  # Create TPM Object with Secret
     125tpm2_load  # Load object into the TPM
     126tpm2_evictcontrol  # Make TPM Object Persistant
     127rm files #remove your working files
     128}}}
    116129
    117 A general flow for loading a key into the TPM: (arguments needed for below commands specific to each application )
    118 {{{
    119 #!bash
    120 tpm2_createpolicy  # Create PCR Policy
     130== U-Boot
     131U-Boot has TPM support as well:
     132 * drivers/tpm/tpm2_tis_spi.c (CONFIG_TPM,CONFIG_TPM2_TIS_SPI)
    121133
    122 tpm2_createprimary  # Create primary TPM object
     134Usage Example:
     135{{{#!bash
     136u-boot=> tpm2 device
     137device 0: tpm@0 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]
     138u-boot=> tpm2 info
     139tpm@0 v2.0: VendorID 0x1114, DeviceID 0x3205, RevisionID 0x01 [open]u-boot=> tpm2 init
     140u-boot=> tpm2 init
     141u-boot=> tpm2 startup TPM2_SU_CLEAR
     142u-boot=> tpm2 self_test full                 
     143u-boot=> tpm2 self_test continue
     144}}}
    123145
    124 tpm2_create  # Create TPM Object with Secret
     146# now we can pursue measured boot (see https://bootlin.com/blog/measured-boot-with-a-tpm-2-0-in-u-boot/)
     147# extend the PCR as needed giving the PCR number and the address where the digtest is stored
     148u-boot=> tpm2 extend 0 $loadaddr # extend PCR 0 using digest loaded to $loadaddr
     149^^^ what's the digest? I think this refers to whatever you are using for key/auth the next phase
    125150
    126 tpm2_load  # Load object into the TPM
     151see also:
     152 - [https://lwn.net/Articles/571031/ Verified U-Boot]
     153 - [https://bootlin.com/blog/measured-boot-with-a-tpm-2-0-in-u-boot/ Measured boot with a TPM 2.0 in U-Boot]
    127154
    128 tpm2_evictcontrol  # Make TPM Object Persistant
    129 
    130 rm files #remove your working files
    131 
    132 }}}
    133 == Resources
    134 
     155== Additional Resources
    135156 * Gateworks Venice Secure Boot Wiki: https://trac.gateworks.com/wiki/venice/secure_boot
    136157 * Security Considerations for Embedded Designs: https://www.gateworks.com/security-considerations-for-embedded-designs-single-board-computers/