[tboot-devel] tboot + TPM 2.0 + TXT (boot with grub2)

Wed, 12 Jul 2017 18:02:35 -0700 

Hi,

Wish everyone has a good day.

I have been trying to use tpm2-tools and tboot to setup LCP policy for my
platform using TPM 2.0. I have successfully done it with tboot provided
nvdef and nvwrite with a TPM 1.2 chip on the same host. However when it
comes to TPM2.0 my setup never succeeds.

I have tried to use nvindex:
#0x01C10131
#0x01C10106
#0x01400001
they all behaved a bit different from each other, but all seem like tboot
failed to load launch control policy:


My first attempt was using the following commands:

tpm2_takeownership -o new -e new -l new
tpm2_nvdefine -x 0x01C10106 -a 0x40000001 -s 70 -t 0x204000A -P new
lcp2_mlehash --verbose --create --alg sha256 --cmdline
"logging=serial,memory,vga extpol=sha256" /boot/tboot.gz > mle_hash
lcp2_crtpolelt --verbose --create --type mle --alg sha256 --ctrl 0x00
--minver 0 --out tbootmle.elt mle_hash
lcp2_crtpollist --verbose --create --out list_unsig.lst tbootmle.elt
lcp2_crtpol --verbose --create --type list --pol list.pol --alg sha256
--data list.data list_unsig.lst
tpm2_nvwrite -x 0x01C10106 -a 0x40000001 -f list.pol -P new

The nvwrite to 0x01C10106 succeeds, but then this would automatically
disable TXT in my BIOS...



My second attempt used 0x01C10131, and txt-stat gives the following logs:

# TBOOT: SGX:verify_IA32_se_svn_status is called
# TBOOT: SGX is not enabled, cpuid.ebx: 0x21cbfbb
# TBOOT: reading Verified Launch Policy from TPM NV...
# TBOOT:  :70 bytes read
# TBOOT: policy:
# TBOOT: unsupported version (0)
# TBOOT:  :reading failed
# TBOOT: reading Launch Control Policy from TPM NV...
# TBOOT: TPM: fail to get public data of 0x01C10106 in TPM NV
# TBOOT:  :reading failed
# TBOOT: failed to read policy from TPM NV, using default
# TBOOT: policy:
# TBOOT:   version: 2
# TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
# TBOOT:   hash_alg: TB_HALG_SHA1
# TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
# TBOOT:   num_entries: 3
# TBOOT:   policy entry[0]:
# TBOOT:           mod_num: 0
# TBOOT:           pcr: none
# TBOOT:           hash_type: TB_HTYPE_ANY
# TBOOT:           num_hashes: 0
# TBOOT:   policy entry[1]:
# TBOOT:           mod_num: any
# TBOOT:           pcr: 19
# TBOOT:           hash_type: TB_HTYPE_ANY
# TBOOT:           num_hashes: 0
# TBOOT:   policy entry[2]:
# TBOOT:           mod_num: nv_raw
#                  nv_index: 40000010
# TBOOT:           pcr: 22
# TBOOT:           hash_type: TB_HTYPE_ANY
# TBOOT:           num_hashes: 0
# TBOOT: TPM: write NV 01c10132, offset 00000000, 00000004 bytes, return
value = 0000018B
# TBOOT: Error: write TPM error: 0x18b.
# TBOOT: no policy in TPM NV.


When using 0x01400001 instead, I got this:

# TBOOT: reading Verified Launch Policy from TPM NV...
# TBOOT: TPM: fail to get public data of 0x01200001 in TPM NV
# TBOOT:  :reading failed
# TBOOT: reading Launch Control Policy from TPM NV...
# TBOOT:  :70 bytes read
# TBOOT: in unwrap_lcp_policy
# TBOOT:  :reading failed
# TBOOT: failed to read policy from TPM NV, using default
# TBOOT: policy:
# TBOOT:   version: 2
# TBOOT:   policy_type: TB_POLTYPE_CONT_NON_FATAL
# TBOOT:   hash_alg: TB_HALG_SHA1
# TBOOT:   policy_control: 00000001 (EXTEND_PCR17)
# TBOOT:   num_entries: 3
# TBOOT:   policy entry[0]:
# TBOOT:           mod_num: 0
# TBOOT:           pcr: none
# TBOOT:           hash_type: TB_HTYPE_ANY
# TBOOT:           num_hashes: 0
# TBOOT:   policy entry[1]:
# TBOOT:           mod_num: any
# TBOOT:           pcr: 17
# TBOOT:           hash_type: TB_HTYPE_ANY
# TBOOT:           num_hashes: 0
# TBOOT:   policy entry[2]:
# TBOOT:           mod_num: nv_raw
#                  nv_index: 40000010
# TBOOT:           pcr: 22
# TBOOT:           hash_type: TB_HTYPE_ANY
# TBOOT:           num_hashes: 0
# TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return
value = 0000018B
# TBOOT: Error: write TPM error: 0x18b.
# TBOOT: no policy in TPM NV.


I was suspecting my list.pol file wasn't correct so I tried to use
tb_polgen --show --verbose to check its content, got the following result:

tb_polgen --show --verbose list.pol
# params:
# cmd = 6
# policy_type = -1
# policy_control = 1
# mod_num = -1
# pcr = -1
# hash_type = -1
# pos = 0
# cmdline length = 0
# cmdline =
# image_file =
# elt_file =
# policy_file = list.pol
# policy:
# unsupported version (0)
# Policy file list.pol is corrupt
# Error reading policy file list.pol

It seems like the policy generated for tpm 2.0 is not recognizable by
tboot? And I'm not sure why tboot would fall back to use SHA1 instead of
SHA256 even explicitly added extpol=sha256 in tboot command line?

I'm kind of stuck here and not sure if I should experiment directly with
verified launch policy. I've tried to modify tboot.gz and cmdline for
tboot.gz, but nothing makes boot halt. I assume this is expected due to the
policy wasn't actually loaded. I'm also wondering if I could simple use
TPM1.2 LCP policy files and specify sha1 to tboot?


Thanks in advance,
Xiao Li

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to