Menu
▾
▴
Re: [tboot-devel] Questions about Launch Control Policies
|
From: Marco V. <mva...@go...> - 2017-05-26 22:28:35
|
Hi Ning, Again, thank you for your answer. After a bit of tinkering with the NUC, I've come to a problem with that attributes. As I mentioned in another email, I'm having trouble with an Invalid RSDP once I add files to multiboot in the NUC. A side effect of that problem + using 0x4000A for the PO LCP is that the TPM gets into lockout mode and I have to clear ownership in order to use the same index again. The error I get is 0xc9210441: Module Type: 1 Class Code: 0x4 Major Error Code: 0x1 Minor Error Code: 0x121 (289) SW Source: 0 External: 1 Valid: 1 Which actually means that the TPM gave an error 0x??21 (the second byte is missing because tpm1.2 had 1 byte errors whilst tpm 2.0 has two bytes... txt only reports one byte). After reading the tboot log, I see that there are errors 0x921 while trying to read the VLCPs, which mean... $ tpm2_rc_decode 0x921 error layer hex: 0x0 identifier: TSS2_TPM_ERROR_LEVEL description: Error produced by the TPM format 0 warning code hex: 0x21 name: TPM_RC_LOCKOUT description: authorizations for objects subject to DA protection are not allowed at this time because the TPM is in DA lockout mode So I believe using the NO_DA flag while defining the policy is a requirement. Maybe there's a problem with my bios or sinit module? Do you know how can I debug that problem? I have another system and the policy works there, it has tpm_nv_index_set = 0, and has the NO_DA attribute set (0x204000A) Have a nice weekend! Best Regards, Marco On Fri, May 26, 2017 at 10:05 AM, Sun, Ning <nin...@in...> wrote: > Ok, it looks like different tpm_nv_index_set should use different PO NV > index attributes: > > > > If tpm_nv_index_set is 0, attributes should be 0x004000A, if > tpm_nv_index_set is 1, attributes should be 0x204000A. > > > > If you have other Intel TXT clients ranther than NUC, you can try your LCP > policy on them as well. > > > > Hope this helps… > > > > -ning > > > > *From:* Marco Vanotti [mailto:mva...@go...] > *Sent:* Thursday, May 25, 2017 2:23 PM > > *To:* Sun, Ning <nin...@in...> > *Cc:* tbo...@li... > *Subject:* Re: [tboot-devel] Questions about Launch Control Policies > > > > Hi Ning, > > > > Thank you for your answer. > > > > 1) I can't read the index, I believe it's because of the attributes (I > would need owner_read flag) I'm doing: > > > > # tpm2_nvread -x 0x1400001 -a 0x40000001 -s 10 > > Failed to read NVRAM area at index 0x1400001 (20971521).Error:0x149 > > > > # tpm2_rc_decode 0x149 > > error layer > > hex: 0x0 > > identifier: TSS2_TPM_ERROR_LEVEL > > description: Error produced by the TPM > > format 0 error code > > hex: 0x49 > > name: TPM_RC_NV_AUTHORIZATION > > description: NV access authorization fails in command actions (this > failure does not affect lockout.action) > > > > This issue occurs in an Intel NUC NUC5i5MYHE, > with "5th_gen_i5_i7_SINIT_79.BIN" (downloaded from the Intel website). > The bios is up to date. > > > I was able to test this on a different server and it doesn't give me the > error (same policy). > > > > 2) Ok. Thanks! I was trying to see whether I could see things changing > with a POLTYPE_ANY. I couldn't find anything on the Intel TXT Guide saying > that the capabilities won't be extended on TPM 2.0 (I might have missed it > too :)). > > > > Thank you for your reply! > > > Best Regards, > > Marco > > > > > > > > On Thu, May 25, 2017 at 6:58 AM, Sun, Ning <nin...@in...> wrote: > > For question1: PO NV Index attribute definition is correct, did you see > this issue when reading from the index? What was the platform and SINIT ACM > used in finding this issue? > > > > For question2: this is correct by design, OsSinitData_Capabilities bit in > PolicyControl works only with TPM1.2 and legacy PCR mapping. > > For details/authorities PCR mapping, OsSinitData.Capabilities are always > extended into PCR17 and have special event for it. > > > > -Ning > > > > > > *From:* Marco Vanotti [mailto:mva...@go...] > *Sent:* Tuesday, May 23, 2017 10:15 PM > *To:* Sun, Ning <nin...@in...> > *Cc:* tbo...@li... > > > *Subject:* Re: [tboot-devel] Questions about Launch Control Policies > > > > Thanks for your answer, Ning. > > > > I have been using tpm2.0-tools and tpm2.0-TSS to work with the TPM. They > have been very useful so far :). > > > > I have a couple more questions regarding the Intel TXT Guide: > > > > The Intel TXT Guide (Appendix J "TPM NV") says that the NVRAM PO Index > should have the following attributes: > > - TPMA_NV_OWNERWRITE > > - TPMA_NV_POLICYWRITE > > - TPMA_NV_AUTHREAD > > - TPMA_NV_NO_DA > > > > That sets of attributes translate to 0x204000A, but that results in a > 0xc0081c41 TXT Error (ERR_TPM_NV_INDEX_INVALID_PO_ATTR). I removed the > TPMA_NV_NO_DA flag and it ended up working. What would the correct solution > for this issue be? > > > > The Policy Control field in the LCP has a field that specifies whether > the OS INIT DATA Capabilities should be extended or not. I tried changing > that field in my PO LCP, but that didn't make a difference: the capabilites > are always extended, regardless of the value in the field. I can see that > my Policy is being read by checking the TPM Event log (type 0x414 tells me > that my index is being read, and type 0x40c shows that my policy control is > being loaded). I was playing with this to see the effect of changing things > in the policy. > > > > These are minor issues that I are not blocking me, but I would like to get > an answer to better understand how TXT works. > > > > Best Regards, > Marco > > > > On Tue, May 23, 2017 at 5:12 PM, Sun, Ning <nin...@in...> wrote: > > Hi Marco, > > > > Thanks for the write-up, you got most of the answers correct for your > questions. > > > > Both lcptools and lcptools-v2 folders (in tboot source package) are for > LCP V2 on TPM 1.2 platforms > > > > Folder lcp-gen2 is for LCP V3 creation on TPM 2.0 platform, so far tboot > does not provide tpm 2.0 tools to write the LCP to TPM nv index, there are > TPM 2.0 TSS and tools from Intel as well, see below. > > > > For tboot VLP, there is a default VLP in tboot source code, if there is no > VLP found from TPM NV index, tboot will apply the default VLCP. > > > > For TPM 2.0 TSS and tools, here are the website for your reference: > > > > https://github.com/01org/TPM2.0-TSS > > > > https://github.com/01org/tpm2.0-tools > > > > -Ning > > > > *From:* Marco Vanotti [mailto:mva...@go...] > *Sent:* Tuesday, May 23, 2017 1:32 PM > *To:* tbo...@li... > *Subject:* Re: [tboot-devel] Questions about Launch Control Policies > > > > Hi All! > > > > After reading a lot of documentation [*], I think I figured out the > answers to some of the questions. I would like to confirm if what I think > is correct. > > > > TBOOT sets up an environment and executes GETSEC[SENTER], which handles > control over to the SINIT ACM. The SINIT ACM will measure the MLE and > execute the policy engine, which validates the LCPs. The ACM will extend > the MLE hash to PCR17 among other things. After that, the ACM will handle > control back to TBOOT, which will execute the post_launch mechanism. There, > it will look for VLCPs, first in a special NV Index (0x01200001 or > 0x01c10131), or as a LCP_CUSTOM_ELEMENT in the policy data file, and then > validates it. > > > > For remote attestation, you would want to get PCR17 and PCR18, maybe PCR0 > to make sure that BIOS is still the same? What I find unclear is how one > should handle updates, BIOS, Kernel and TBOOT. It seems like the best way > is to have a replicated setup for testing the updates and do all the > measurements there. > > > > --------------------------- > > > > The problem with the NV Indices that I had (index 0x1400001 was being > deleted on every reboot) was a BIOS issue. I contacted the platform > supplier and asked for a BIOS update. > > > > The way to check which set of indices are used by your ACM is by checking > the *tpm_nv_index_set* under the TPM capabilities in the loaded SINIT ACM > (tables A-8 and A-9 from the intel txt guide, in Appendix A). The NVRAM > Indices and attributes can be found in the Table J-2 (Appendix J TPM NV). > For example, it says that the LCP PO index is 0x1400001 or 0x1c10106 > (depending on the tpm_nv_index_set). > > > > I have more questions, but I will try to write another email for them, as > they are not related to this problem. > > > > Thank you all for your time :) > > > > Best Regards, > Marco > > > > [*]: > > Intel TXT Software Development Guide: http://www.intel.com/ > content/www/us/en/software-developers/intel-txt-software- > development-guide.html > > TPM 2.0 Spec: https://trustedcomputinggroup.org/tpm-library-specification/ > > A practical guide to TPM 2.0: http://www.apress.com/us/book/9781430265832 > > Intel Trusted Execution for Server Platforms: http://www.apress. > com/us/book/9781430261483 > > TPM 2.0 registry of reserved handles: https://trustedcomputinggroup.org/ > registry-reserved-tpm-2-0-handles-localities/ > > > > On Thu, May 4, 2017 at 7:19 PM, Marco Vanotti <mva...@go...> wrote: > > Hi All! > > > > I hope you are having a wonderful day today :). I am trying to get tboot > to work in my machine. My computer has a TPM 2.0 and I am trying to > understand some of the available features. > > > > The Intel TXT Software Development Guide defines Launch Control Policies. > Given that I have TPM 2.0, I believe I should use version 3.0 or 3.1, there > seem to be some utilities to write these files in the lcp-gen2 folder. > > > > Looking at the source code, I found that there's also TBOOT Control > Policies, which seem to be referred as Verified Launch Control Policies. > What is the difference between them? When should I use each of them? Are > they also executed by the ACM? if not, when? > > > > It seems that VLCPs don't support policy data files, is that so? > > > > Regarding LCPs, where should I define them in NVRAM? I've tried using > 0x1400001, but that index gets deleted every time I reboot the system, > regardless of using TXT. I'm defining the space with attr 0xF00F, and size > 102 bytes, which is the size of the lcp_policy_2 struct. There's another > index to use that doesn't get deleted: 0x01c10106, but I am not sure how to > tell TXT to use it. > > > > My original goal was to install a policy with POLTYPE_ANY, just to test, > but I can't see anything related to it in txt-stat, should it be logged > somehow? > > > > Any help with these issues would be really appreciated :) > > > > Best Regards, > Marco > > > > > > > |
