Menu
▾
▴
Re: [Linux-ima-user] TPM Quote: data signed is different from PcrRead
|
From: Reiner S. <sa...@us...> - 2008-07-30 13:07:51
|
Should be in the TCG TPM specification: https://www.trustedcomputinggroup.org/specs/TPM/mainP3Commandsrev103.zip page 161, quote output values. Look also attached gif, a copy from the spec (copyright TCG). You see how the output is generated in 'actions'. TPM_PCR_COMPOSITE should include the selected PCR values as you see them when reading the PCR. In front of the List of PCR entries, you will find the PCR selector telling you which PCRs are represented in the list (bit =1 means PCR present in list, bit position gives you PCR number). (Embedded image moved to file: pic08853.gif) __________________________________________________________ Reiner Sailer, RSM and Manager Security Services (GSAL) Team IBM T J Watson Research Ctr, 19 Skyline Drive, Hawthorne NY 10532 Phone: 914 784 6280 (t/l 863) Fax: 914 784 6205, sa...@us... http://www.research.ibm.com/people/s/sailer/ From: "Lavina Jain" <lav...@gm...> To: lin...@li... Cc: lav...@gm... Date: 07/30/2008 02:52 AM Subject: [Linux-ima-user] TPM Quote: data signed is different from PcrRead Hi, It looks like the data signed by Tspi_TPM_Quote is not the same as PCR value. I wrote a small program that reads PCR 10, and then gets Quote of PCR Composite consisting of only PCR 10. The data signed differs from the output of Tspi_TPM_PcrRead. Following is the part of my code doing this: --------------------------------------------------------------------------------- // read PCR 10 printf("Read PCR..."); UINT32 len; BYTE *value = (BYTE *)malloc(sizeof(BYTE)); int i; for(i = 10; i <= 10; i++) { retCode = Tspi_TPM_PcrRead(hTPM, i, &len, &value); PRINT_RETCODE(retCode); if(retCode == TSS_SUCCESS) { printf("PCR i: %d, len: %d\n", i, len); printf("value: "); // print in hex format printHex(value, len); } } // Create PCR composite object consisting PCR 10 printf("Create PCR composite object..."); TSS_HPCRS hPcrComposite; retCode = Tspi_Context_CreateObject(hContext, TSS_OBJECT_TYPE_PCRS, 0, &hPcrComposite); PRINT_RETCODE(retCode); UINT32 pcrIndex; for (pcrIndex = 10; pcrIndex <= 10; pcrIndex++) { Tspi_PcrComposite_SelectPcrIndex(hPcrComposite,pcrIndex); } // 20-byte input (challenge) to Quote command BYTE *buf = (BYTE *)malloc(20); TSS_VALIDATION validationData; validationData.rgbExternalData = (BYTE *)malloc(20 * sizeof(BYTE)); memset(validationData.rgbExternalData, 1, 20); printf("20-byte hash input to Quote: "); printHex(validationData.rgbExternalData, 20); // Obtain Quote printf("Quote PCR..."); retCode = Tspi_TPM_Quote(hTPM, hAIK, hPcrComposite, &validationData); printf("Data signed: \n"); printHex(validationData.rgbData, validationData.ulDataLength); ----------------------------------------------------------------------------------------------------------------------------- The results are as follows: Value of PCR 10 read by Tspi_TPM_PcrRead is: ce24d4cfe4d39e2da331326d44680a4946bb7486 Data signed is: 0101000051554f54abbf4dd198d4df503f7a25291f332fa70a237bc601010101 01010101010101010101010101010101 I know that first 4 bytes (01010000) is the version. Next 4 bytes (51554f54) is the ordinal. Last 20 bytes is the input that I had given to the Quote command. Can somebody please explain how is the remaining 20 bytes (abbf4dd198d4df503f7a25291f332fa70a237bc6) obtained from PCR registers? Kind Regards, Lavina ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Linux-ima-user mailing list Lin...@li... https://lists.sourceforge.net/lists/listinfo/linux-ima-user |
