Home

Jon McCune

Flicker: Minimal TCB Code Execution

Flicker is a project to execute security-sensitive code in isolation from an operating system such as Windows or Linux. Flicker works on x86-class systems from AMD and Intel with support for dynamic root of trust.

Introduction

Flicker is a technique leveraging new features of CPUs from AMD and Intel, including support for dynamic root of trust, to execute application-specific code with an extremely small TCB, while maintaining compatibility with a legacy operating system. We propose an architecture that allows a Piece of Application Logic (PAL) to execute in complete isolation from other software while trusting only a tiny software base that is orders of magnitude smaller than even minimalist virtual machine monitors. Our technique also enables more meaningful attestation than previous proposals, since only measurements of the security-sensitive portions of an application need to be included. We achieve these guarantees by leveraging hardware support provided by commodity processors from AMD and Intel that are shipping today.

Hardware Requirements

To use Flicker, a PC platform supporting dynamic root of trust is needed. AMD and Intel have implemented this differently. A v1.2 TPM is also required (and it must be enabled and activated in the BIOS).

The AMD version of Flicker requires a processor supporting the SKINIT instruction, a v1.2 TPM, and a chipset which provides memory protection for the Flicker code. The SKINIT instruction is available with newer AMD64 processors. Look for 'svm' in /proc/cpuinfo. In the BIOS, you must enable hardware virtualization support.

The Intel version of Flicker requires a processor supporting the GETSEC[SENTER] instruction, a v1.2 TPM, and a chipset which provides memory protection for the Flicker code. These features are available on vPro-branded systems supporting Intel Trusted eXecution Technology (TXT). Look for 'smx' and 'vmx' in /proc/cpuinfo. In BIOS, you must enable hardware virtualization support (VT), Trusted eXecution Technology (TXT), and VT-d. There are known-bad (really bad; you could RUIN YOUR MOTHERBOARD) BIOSes out there for TXT. Upgrade your BIOS to the newest available version.

To verify that your system has a v1.2 TPM:

$ modprobe tpm_tis force=1 interrupts=0 
$ cat `find /sys -name pcrs`

You should have 24 PCRs listed (0-23). If you have only 16 PCRs (0-15), then you have a v1.1b TPM, and Flicker won't work.

Software Requirements

Flicker is currently compatible with 32-bit, non-PAE Windows 7 and Linux. Most of the testing that is done currently is run on Ubuntu 12.04 LTS. Note that you will need to install a "-generic" kernel to ensure that it is non-PAE. The default installed kernel often ends in "-generic-pae", which will not work.

Frequently Asked Questions (FAQ)

  • Q: Will Flicker run on my machine?
    • If it meets the Prerequisites above, Flicker should run. However, it has only been tested on the machines that we have.
  • Q: I don't have a Flicker-capable machine. Can I still develop a Flicker module?
    • Yes, AMD's SimNow supports the skinit instruction. However, there will be no TPM support included. In fact, we have encountered machines in the wild that will execute skinit but do not include a TPM. These can be useful for developing application-specific functionality without requiring a reboot during a debug cycle.
  • Q: I want to buy a machine to run Flicker. What should I buy?

  • Q: Hardware that "should" work but doesn't

    • HP ProLiant ML110 G7. Both the CPU and Chipset datasheets show them to be TXT-capable, but there is no BIOS version available that includes the relevant support.
  • Q: Is Flicker bug-free?

    • Certainly not in this version. However, its extremely small size suggests that a bug-free implementation may be attainable by buggy human beings. :) Many known issues are described in the code release's README file.
  • Q: I want to develop a PAL that uses TPM command Foo, but I'm having trouble debugging TPM commands in my PAL.
    • It may be easier to get something working in userspace with TrouSerS first, and use a debug trace as a reference for your development.
    • Have a look at this [Signing Key Example]

Revision History

  • Please see newer revision history in the README file or browse the git repository.
  • 2011.05.13. Initial public release of Version 0.5. Integration of AMD and Intel versions and adds support for Windows 7.
  • 2009.10.13. Initial public release of Version 0.2. Adds Intel TXT support and an Intel-specific "hellopal" with printf support.
  • 2008.04.15. Initial public release of Version 0.1. Contains Flicker kernel module, barebones PAL with 250-line TCB, and "Hello, world" PAL with debug code.

Related

Wiki: Signing Key Example
Wiki: Success Reports