For question1: PO NV Index attribute definition is correct, did you see this
issue when reading from the index? What was the platform and SINIT ACM used in
finding this issue?
For question2: this is correct by design, OsSinitData_Capabilities bit in
PolicyControl works only with TPM1.2 and legacy PCR mapping.
For details/authorities PCR mapping, OsSinitData.Capabilities are always
extended into PCR17 and have special event for it.
-Ning
From: Marco Vanotti [mailto:mvano...@google.com]
Sent: Tuesday, May 23, 2017 10:15 PM
To: Sun, Ning <ning....@intel.com>
Cc: tboot-devel@lists.sourceforge.net
Subject: Re: [tboot-devel] Questions about Launch Control Policies
Thanks for your answer, Ning.
I have been using tpm2.0-tools and tpm2.0-TSS to work with the TPM. They have
been very useful so far :).
I have a couple more questions regarding the Intel TXT Guide:
The Intel TXT Guide (Appendix J "TPM NV") says that the NVRAM PO Index should
have the following attributes:
- TPMA_NV_OWNERWRITE
- TPMA_NV_POLICYWRITE
- TPMA_NV_AUTHREAD
- TPMA_NV_NO_DA
That sets of attributes translate to 0x204000A, but that results in a
0xc0081c41 TXT Error (ERR_TPM_NV_INDEX_INVALID_PO_ATTR). I removed the
TPMA_NV_NO_DA flag and it ended up working. What would the correct solution for
this issue be?
The Policy Control field in the LCP has a field that specifies whether the OS
INIT DATA Capabilities should be extended or not. I tried changing that field
in my PO LCP, but that didn't make a difference: the capabilites are always
extended, regardless of the value in the field. I can see that my Policy is
being read by checking the TPM Event log (type 0x414 tells me that my index is
being read, and type 0x40c shows that my policy control is being loaded). I was
playing with this to see the effect of changing things in the policy.
These are minor issues that I are not blocking me, but I would like to get an
answer to better understand how TXT works.
Best Regards,
Marco
On Tue, May 23, 2017 at 5:12 PM, Sun, Ning
<ning....@intel.com<mailto:ning....@intel.com>> wrote:
Hi Marco,
Thanks for the write-up, you got most of the answers correct for your questions.
Both lcptools and lcptools-v2 folders (in tboot source package) are for LCP V2
on TPM 1.2 platforms
Folder lcp-gen2 is for LCP V3 creation on TPM 2.0 platform, so far tboot does
not provide tpm 2.0 tools to write the LCP to TPM nv index, there are TPM 2.0
TSS and tools from Intel as well, see below.
For tboot VLP, there is a default VLP in tboot source code, if there is no VLP
found from TPM NV index, tboot will apply the default VLCP.
For TPM 2.0 TSS and tools, here are the website for your reference:
https://github.com/01org/TPM2.0-TSS
https://github.com/01org/tpm2.0-tools
-Ning
From: Marco Vanotti [mailto:mvano...@google.com<mailto:mvano...@google.com>]
Sent: Tuesday, May 23, 2017 1:32 PM
To: tboot-devel@lists.sourceforge.net<mailto:tboot-devel@lists.sourceforge.net>
Subject: Re: [tboot-devel] Questions about Launch Control Policies
Hi All!
After reading a lot of documentation [*], I think I figured out the answers to
some of the questions. I would like to confirm if what I think is correct.
TBOOT sets up an environment and executes GETSEC[SENTER], which handles control
over to the SINIT ACM. The SINIT ACM will measure the MLE and execute the
policy engine, which validates the LCPs. The ACM will extend the MLE hash to
PCR17 among other things. After that, the ACM will handle control back to
TBOOT, which will execute the post_launch mechanism. There, it will look for
VLCPs, first in a special NV Index (0x01200001 or 0x01c10131), or as a
LCP_CUSTOM_ELEMENT in the policy data file, and then validates it.
For remote attestation, you would want to get PCR17 and PCR18, maybe PCR0 to
make sure that BIOS is still the same? What I find unclear is how one should
handle updates, BIOS, Kernel and TBOOT. It seems like the best way is to have a
replicated setup for testing the updates and do all the measurements there.
---------------------------
The problem with the NV Indices that I had (index 0x1400001 was being deleted
on every reboot) was a BIOS issue. I contacted the platform supplier and asked
for a BIOS update.
The way to check which set of indices are used by your ACM is by checking the
tpm_nv_index_set under the TPM capabilities in the loaded SINIT ACM (tables A-8
and A-9 from the intel txt guide, in Appendix A). The NVRAM Indices and
attributes can be found in the Table J-2 (Appendix J TPM NV). For example, it
says that the LCP PO index is 0x1400001 or 0x1c10106 (depending on the
tpm_nv_index_set).
I have more questions, but I will try to write another email for them, as they
are not related to this problem.
Thank you all for your time :)
Best Regards,
Marco
[*]:
Intel TXT Software Development Guide:
http://www.intel.com/content/www/us/en/software-developers/intel-txt-software-development-guide.html
TPM 2.0 Spec: https://trustedcomputinggroup.org/tpm-library-specification/
A practical guide to TPM 2.0: http://www.apress.com/us/book/9781430265832
Intel Trusted Execution for Server Platforms:
http://www.apress.com/us/book/9781430261483
TPM 2.0 registry of reserved handles:
https://trustedcomputinggroup.org/registry-reserved-tpm-2-0-handles-localities/
On Thu, May 4, 2017 at 7:19 PM, Marco Vanotti
<mvano...@google.com<mailto:mvano...@google.com>> wrote:
Hi All!
I hope you are having a wonderful day today :). I am trying to get tboot to
work in my machine. My computer has a TPM 2.0 and I am trying to understand
some of the available features.
The Intel TXT Software Development Guide defines Launch Control Policies.
Given that I have TPM 2.0, I believe I should use version 3.0 or 3.1, there
seem to be some utilities to write these files in the lcp-gen2 folder.
Looking at the source code, I found that there's also TBOOT Control Policies,
which seem to be referred as Verified Launch Control Policies. What is the
difference between them? When should I use each of them? Are they also executed
by the ACM? if not, when?
It seems that VLCPs don't support policy data files, is that so?
Regarding LCPs, where should I define them in NVRAM? I've tried using
0x1400001, but that index gets deleted every time I reboot the system,
regardless of using TXT. I'm defining the space with attr 0xF00F, and size 102
bytes, which is the size of the lcp_policy_2 struct. There's another index to
use that doesn't get deleted: 0x01c10106, but I am not sure how to tell TXT to
use it.
My original goal was to install a policy with POLTYPE_ANY, just to test, but I
can't see anything related to it in txt-stat, should it be logged somehow?
Any help with these issues would be really appreciated :)
Best Regards,
Marco
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel