Menu
▾
▴
Re: [tboot-devel] PCR 17 computation (SinitMleData.Version 8)
|
From: Sahil R. <sa...@pr...> - 2013-01-31 18:41:26
|
Hi Jimmy, Thanks for your quick response. I double checked the data lengths and they seem to be correct. I'm copying the Python code I'm using below. I was able to use a slightly modified version of the function below to validate the PCR 17 computed by Jonathan McCune's Perl script (http://sourceforge.net/mailarchive/message.php?msg_id=23257129), so I'm reasonably confident the basic code (unhexlify, update, etc.) is correct. Thanks, Sahil def computePcr17(): # all_zeroes_ascii = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" bios_acm_id_ascii = "80 00 00 00 20 12 05 09 00 00 1d 00 ff ff ff ff ff ff ff ff" # edx_senter_flags_ascii = "00 00 00 00" mseg_valid_ascii = "00 00 00 00 00 00 00 00" sinit_hash_ascii = "7e e6 40 51 b4 2b 49 18 4f fe 41 6d 60 09 46 3e e2 84 3d 04" mle_hash_ascii = "d0 29 d7 7e 2f 4f 32 4b a2 d4 23 53 db 06 79 b5 13 d8 33 34" stm_hash_ascii = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" lcp_policy_hash_ascii = "00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00" lcp_policy_control_ascii = "00 00 00 00" os_sinit_capabilities_ascii = "00 00 00 00" scrtm_status_ascii = "00 00 00 01" # all_zeroes_hex = binascii.unhexlify(all_zeroes_ascii.replace(' ', '')) sinit_hash_hex = binascii.unhexlify(sinit_hash_ascii.replace(' ', '')) # edx_senter_flags_hex = binascii.unhexlify(edx_senter_flags_ascii.replace(' ', '')) bios_acm_id_hex = binascii.unhexlify(bios_acm_id_ascii.replace(' ', '')) mseg_valid_hex = binascii.unhexlify(mseg_valid_ascii.replace(' ', '')) stm_hash_hex = binascii.unhexlify(stm_hash_ascii.replace(' ', '')) lcp_policy_control_hex = binascii.unhexlify(lcp_policy_control_ascii.replace(' ', '')) lcp_policy_hash_hex = binascii.unhexlify(lcp_policy_hash_ascii.replace(' ', '')) os_sinit_capabilities_hex = binascii.unhexlify(os_sinit_capabilities_ascii.replace(' ', '')) scrtm_status_hex = binascii.unhexlify(scrtm_status_ascii.replace(' ', '')) sha1_pcr17_second = hashlib.sha1() sha1_pcr17_second.update(bios_acm_id_hex) sha1_pcr17_second.update(mseg_valid_hex) sha1_pcr17_second.update(stm_hash_hex) sha1_pcr17_second.update(lcp_policy_control_hex) sha1_pcr17_second.update(lcp_policy_hash_hex) sha1_pcr17_second.update(os_sinit_capabilities_hex) sha1_pcr17_second.update(scrtm_status_hex) pcr17 = hashlib.sha1() pcr17.update(sinit_hash_hex) pcr17.update(sha1_pcr17_second.digest()) print "sha1_pcr17_second: " + sha1_pcr17_second.hexdigest() print "final pcr17: " + pcr17.hexdigest() This is the output from tboot that I'm using to initialize the variables in the function: TBOOT: sinit_mle_data (@0xcf7311b8, 0x224): TBOOT: version: 8 TBOOT: bios_acm_id: 80 00 00 00 20 12 05 09 00 00 1d 00 ff ff ff ff ff ff ff ff TBOOT: edx_senter_flags: 0x00000000 TBOOT: mseg_valid: 0x0 TBOOT: sinit_hash: 7e e6 40 51 b4 2b 49 18 4f fe 41 6d 60 09 46 3e e2 84 3d 04 TBOOT: mle_hash: d0 29 d7 7e 2f 4f 32 4b a2 d4 23 53 db 06 79 b5 13 d8 33 34 TBOOT: stm_hash: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 TBOOT: lcp_policy_hash: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 TBOOT: lcp_policy_control: 0x00000000 TBOOT: rlp_wakeup_addr: 0xcf701220 TBOOT: num_mdrs: 7 TBOOT: mdrs_off: 0x9c TBOOT: num_vtd_dmars: 224 TBOOT: vtd_dmars_off: 0x144 TBOOT: sinit_mdrs: TBOOT: 0000000000000000 - 00000000000a0000 (GOOD) TBOOT: 0000000000100000 - 0000000001000000 (GOOD) TBOOT: 0000000001000000 - 00000000cf800000 (GOOD) TBOOT: 0000000100000000 - 0000000430000000 (GOOD) TBOOT: 0000000000000000 - 0000000000000000 (GOOD) TBOOT: 00000000cf800000 - 00000000d0000000 (SMRAM NON-OVERLAY) TBOOT: 00000000e0000000 - 00000000e4000000 (PCIE EXTENDED CONFIG) TBOOT: proc_scrtm_status: 0x00000001 I expect that it should match the value of PCR 17 after SENTER (and before it is extended by tboot): TBOOT: PCRs before extending: TBOOT: PCR 17: a9 6f c9 dd 99 f7 5d 07 18 eb e5 3d 38 c7 eb 8f 14 9e 76 95 TBOOT: PCR 18: a4 1b b3 ef 12 f6 d6 65 58 60 b9 05 4d 72 6f f0 ca 78 21 54 TBOOT: PCR 19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 On Wed, Jan 30, 2013 at 5:54 PM, Wei, Gang <gan...@in...> wrote: > Sahil Rihan wrote on 2013-01-31: > > Hi list, > > > > Like a few before me, I'm trying to calculate in software the value of > PCR17 > > after SENTER. I'm taking the value of the first extend as a given (from > > SinitMleData.SinitHash) and am trying to reconstruct the value at the end > of > > the second extend. > > > > I took Jonathan McCune's Perl script as a starting point and was able to > > reproduce his result (which I'm assuming is for SinitMleData.Version 6, > given > > his computation of the first PCR17 extend in his Perl script) using a > Python > > script I wrote. I then modified my script to use the value from > > SinitMleData.SinitHash directly, since my understanding is that it > contains the > > value of PCR17 after the first extend for SinitMleData.Version 8). > > > > So my computation is now identical to the one in the MLE Developer's > Guide. > > > > SHA-1 ( SinitMleData.SinitHash | SHA-1 ( SinitMleData.BiosAcm.ID | > > SinitMleData.MsegValid | SinitMleData.StmHash | > > SinitMleData.PolicyControl | SinitMleData.LcpPolicyHash | > > (OsSinitData.Capabilities, 0) | SinitMleData.ProcessorSCRTMStatus) ) > > > > Unfortunately, I'm not able to get to the value for PCR 17 that tboot > dumps, > > before it performs its own extend to PCR17. > > > > If anyone has successfully computed PCR 17 or has thoughts on what I > might > be > > doing wrong, I'd appreciate your input. > > Please make sure the data length you used for PCR17 value calculation is > right: > > SinitMleData.MsegValid 8bytes > SinitMleData.PolicyControl 4bytes > (OsSinitData.Capabilities, 0) 4bytes > SinitMleData.ProcessorSCRTMStatus 4bytes > > And (OsSinitData.Capabilities,0) means: > > if SinitMleData.PolicyControl.bit2 is 1, use value of > OsSinitData.Capabilities > if SinitMleData.PolicyControl.bit2 is 0, use a 4-byte 0s. > > Wish those will help. > > Jimmy > |