From: Joseph C. <jos...@in...> - 2010-01-26 00:49:29
|
changeset 7fd9ab83a871 in /var/www/tboot.hg details: tboot.hg?cmd=changeset;node=7fd9ab83a871 description: Add support for LCP v2, as defined in December 2009 MLE Developers Guide chapt. 3 and Appendix E There are minor changes in tboot/* to support the new policy format, specifically to detect the new policy data file. New tools have been added to the lcptools sub-project. These are "documented" in the file lcptools/lcptools2.txt. The existing tools are (mostly) unchanged and are still needed for v1 policies (as used by the <= 2009 platforms). The overall documentation for policy creation has been split into docs/policy_v1.txt and docs/policy_v2.txt, as appropriate. Signed-off-by: Joseph Cihula <jos...@in...> Signed-off-by: Shane Wang <sha...@in...> diffstat: docs/policy.txt | 70 ------ docs/policy_v1.txt | 85 +++++++ docs/policy_v2.txt | 85 +++++++ include/lcp2.h | 189 +++++++++++++++++ lcptools/Makefile | 57 ++++- lcptools/crtpol2.c | 404 ++++++++++++++++++++++++++++++++++++ lcptools/crtpolelt.c | 271 ++++++++++++++++++++++++ lcptools/crtpollist.c | 579 ++++++++++++++++++++++++++++++++++++++++++++++++++++ lcptools/custom_elt.c | 258 +++++++++++++++++++++++ lcptools/defindex.c | 4 +- lcptools/hash.c | 155 ++++++++++++++ lcptools/lcptools2.txt | 64 +++++ lcptools/lcputils2.c | 346 +++++++++++++++++++++++++++++++ lcptools/lcputils2.h | 83 +++++++ lcptools/mle_elt.c | 160 ++++++++++++++ lcptools/pconf_elt.c | 243 ++++++++++++++++++++++ lcptools/pol.c | 138 ++++++++++++ lcptools/pol.h | 57 +++++ lcptools/poldata.c | 181 ++++++++++++++++ lcptools/poldata.h | 62 +++++ lcptools/polelt.c | 124 +++++++++++ lcptools/polelt.h | 56 +++++ lcptools/polelt_plugin.h | 80 +++++++ lcptools/pollist.c | 542 +++++++++++++++++++++++++++++++++++++++++++++++++ lcptools/pollist.h | 79 +++++++ lcptools/readme.txt | 53 ---- tboot/common/loader.c | 41 ++- tboot/include/loader.h | 2 + tboot/txt/txt.c | 18 +- 29 files changed, 4336 insertions(+), 150 deletions(-) diffs (truncated from 4716 to 300 lines): diff -r aa8da2cd748b -r 7fd9ab83a871 docs/policy.txt --- a/docs/policy.txt Tue Jan 12 08:36:16 2010 -0800 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,76 +0,0 @@ -These are some example instructions for creating and provisioning both an -Intel(R) TXT Launch Control Policy (LCP) and a Verified Launch policy. - -These steps assume that all referenced binaries have already been built and -paths are relative to the tboot/ directory: - -Create LCP policy: ------------------ -1. lcptools/lcp_mlehash -c "the command line for tboot from grub.conf" - /boot/tboot.gz > mle_hash -2. lcptools/lcp_crtpol -t hashonly -m mle_hash -o lcp.pol - -Note: - There is a new '-c' parameter to lcp_mlehash to specify tboot's - command line. It can be omitted if no command line parameters are - specified in grub.conf. It should not include the module name - (e.g. "/tboot.gz"). - - -Create Verified Launch policy: ------------------------------ -1. tb_polgen/tb_polgen --create --type nonfatal vl.pol -2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image - --cmdline "the command line for xen from grub.conf" - --image /boot/xen.gz - vl.pol -3. tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image - --cmdline "the command line for dom0 from grub.conf" - --image /boot/vmlinuz-2.6.18.8-xen - vl.pol -4. tb_polgen/tb_polgen --add --num 2 --pcr 19 --hash image - --cmdline "" - --image /boot/initrd-2.6.18.8-xen.img - vl.pol - -Note: - The command lines should not include the module name (e.g. "/xen.gz"). - This is a change from the previous version of policy support and was done - because a module's measurement should only depend on its content and not - on its location. -Note 2: - It is not necessary to specify a PCR for module 0, since this module's - measurement will always be extended to PCR 18. If a PCR is specified, - then the measurement will be extended to that PCR in addition to PCR 18. - - -Take ownership of the TPM: -------------------------- -1. modprobe tpm_tis (you may need 'force=1 interrupts=0') -2. tcsd -3. tpm_takeownership -z - - choose password for TPM - -Note: - When taking ownership of the TPM it is important to set the SRK auth to - all 0s so that tboot will be able to seal/unseal the measurements. The - '-z' flag to tpm_takeownership will do this. - - -Define tboot error TPM NV index: -------------------------------- -1. lcptools/tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 - -p TPM-password - - -Define LCP and Verified Launch policy indices: ---------------------------------------------- -1. lcptools/tpmnv_defindex -i owner -p TPM-password-from-taking-ownership -2. lcptools/tpmnv_defindex -i 0x20000001 -s 256 -pv 0x02 -p TPM-password - - -Write LCP and Verified Launch policies to TPM: ---------------------------------------------- -(modprobe tpm_tis; tcsd;) -1. lcptools/lcp_writepol -i owner -f lcp.pol -p TPM-password -2. lcptools/lcp_writepol -i 0x20000001 -f vl.pol -p TPM-password diff -r aa8da2cd748b -r 7fd9ab83a871 docs/policy_v1.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docs/policy_v1.txt Mon Jan 25 14:35:32 2010 -0800 @@ -0,0 +1,85 @@ +**************************************************************************** +*** *** +*** Launch Control Policy v1 *** +*** *** +**************************************************************************** + +This document describes Launch Control Policies for platforms produced before +2009 (Weybridge, Montevina, McCreary). + +These are some example instructions for creating and provisioning both an +Intel(R) TXT Launch Control Policy (LCP) and a Verified Launch policy. + +These steps assume that all referenced binaries have already been built and +paths are relative to the tboot/ directory: + +Create LCP policy: +----------------- +1. lcptools/lcp_mlehash -c "the command line for tboot from grub.conf" + /boot/tboot.gz > mle_hash +2. lcptools/lcp_crtpol -t hashonly -m mle_hash -o lcp.pol + +Note: + The '-c' parameter to lcp_mlehash is used to specify tboot's + command line, as it would appear in grub.conf. It can be omitted if no + command line parameters are specified in grub.conf (or it can be empty). + It should not include the module name (e.g. "/tboot.gz"). + + +Create Verified Launch policy: +----------------------------- +1. tb_polgen/tb_polgen --create --type nonfatal vl.pol +2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image + --cmdline "the command line for xen from grub.conf" + --image /boot/xen.gz + vl.pol +3. tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image + --cmdline "the command line for dom0 from grub.conf" + --image /boot/vmlinuz-2.6.18.8-xen + vl.pol +4. tb_polgen/tb_polgen --add --num 2 --pcr 19 --hash image + --cmdline "" + --image /boot/initrd-2.6.18.8-xen.img + vl.pol + +Note: + The command lines should not include the module name (e.g. "/xen.gz"). + This is a change from the previous version of policy support and was done + because a module's measurement should only depend on its content and not + on its location. +Note 2: + It is not necessary to specify a PCR for module 0, since this module's + measurement will always be extended to PCR 18. If a PCR is specified, + then the measurement will be extended to that PCR in addition to PCR 18. + + +Take ownership of the TPM: +------------------------- +1. modprobe tpm_tis (you may need 'force=1 interrupts=0') +2. tcsd +3. tpm_takeownership -z + - choose password for TPM + +Note: + When taking ownership of the TPM it is important to set the SRK auth to + all 0s so that tboot will be able to seal/unseal the measurements. The + '-z' flag to tpm_takeownership will do this. + + +Define tboot error TPM NV index: +------------------------------- +1. lcptools/tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 + -p TPM-password + + +Define LCP and Verified Launch policy indices: +--------------------------------------------- +1. lcptools/tpmnv_defindex -i owner -p TPM-password-from-taking-ownership +2. lcptools/tpmnv_defindex -i 0x20000001 -s 256 -pv 0x02 -p TPM-password + + +Write LCP and Verified Launch policies to TPM: +--------------------------------------------- +(modprobe tpm_tis; tcsd;) +1. lcptools/lcp_writepol -i owner -f lcp.pol -p TPM-password +2. lcptools/lcp_writepol -i 0x20000001 -f vl.pol -p TPM-password diff -r aa8da2cd748b -r 7fd9ab83a871 docs/policy_v2.txt --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/docs/policy_v2.txt Mon Jan 25 14:35:32 2010 -0800 @@ -0,0 +1,85 @@ +**************************************************************************** +*** *** +*** Launch Control Policy v2 *** +*** *** +**************************************************************************** + +This document describes Launch Control Policies for platforms produced after +2008. + +These are some example instructions for creating and provisioning both an +Intel(R) TXT Launch Control Policy (LCP) and a Verified Launch policy. + +These steps assume that all referenced binaries have already been built and +paths are relative to the tboot/ directory: + +Create LCP policy: +----------------- +o See the file lcptools/lcptools2.txt for instructions on creating + policies and policy data files using the new tools. + + +Create Verified Launch policy: +----------------------------- +1. tb_polgen/tb_polgen --create --type nonfatal vl.pol +2. tb_polgen/tb_polgen --add --num 0 --pcr none --hash image + --cmdline "the command line for xen from grub.conf" + --image /boot/xen.gz + vl.pol +3. tb_polgen/tb_polgen --add --num 1 --pcr 19 --hash image + --cmdline "the command line for dom0 from grub.conf" + --image /boot/vmlinuz-2.6.18.8-xen + vl.pol +4. tb_polgen/tb_polgen --add --num 2 --pcr 19 --hash image + --cmdline "" + --image /boot/initrd-2.6.18.8-xen.img + vl.pol + +Note: + The command lines should not include the module name (e.g. "/xen.gz"). + This is a change from the previous version of policy support and was done + because a module's measurement should only depend on its content and not + on its location. +Note 2: + It is not necessary to specify a PCR for module 0, since this module's + measurement will always be extended to PCR 18. If a PCR is specified, + then the measurement will be extended to that PCR in addition to PCR 18. + + +Take ownership of the TPM: +------------------------- +1. modprobe tpm_tis (you may need 'force=1 interrupts=0') +2. tcsd +3. tpm_takeownership -z + - choose password for TPM + +Note: + When taking ownership of the TPM it is important to set the SRK auth to + all 0s so that tboot will be able to seal/unseal the measurements. The + '-z' flag to tpm_takeownership will do this. + + +Define tboot error TPM NV index: +------------------------------- +1. lcptools/tpmnv_defindex -i 0x20000002 -s 8 -pv 0 -rl 0x07 -wl 0x07 + -p TPM-password + + +Define LCP and Verified Launch policy indices: +--------------------------------------------- +1. lcptools/tpmnv_defindex -i owner -s 0x36 -p TPM-owner-password +2. lcptools/tpmnv_defindex -i 0x20000001 -s 256 -pv 0x02 -p TPM-owner-password + + +Write LCP and Verified Launch policies to TPM: +--------------------------------------------- +(modprobe tpm_tis; tcsd;) +1. lcptools/lcp_writepol -i owner -f list.pol -p TPM-password +2. lcptools/lcp_writepol -i 0x20000001 -f vl.pol -p TPM-password + + +Modify grub.conf to load the policy data file: +--------------------------------------------- +1. Edit grub.conf and add the following: + module /list.data + where you should use the path to this file. diff -r aa8da2cd748b -r 7fd9ab83a871 include/lcp2.h --- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/include/lcp2.h Mon Jan 25 14:35:32 2010 -0800 @@ -0,0 +1,189 @@ +/* + * Copyright 2001 - 2009 Intel Corporation. All Rights Reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * Redistributions of source code must retain the above copyright notice, this + * list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name Intel Corporation nor the names of its contributors may be + * used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +#ifndef __TXT_LCP2_H__ +#define __TXT_LCP2_H__ + +#ifndef __packed +#define __packed __attribute__ ((packed)) +#endif + +/*--------- LCP UUID ------------*/ |