henkbirkholz
commented
5 years ago This pr has been vetted by the authors. There might be more merges or pushes before cut-off.
Closed shwethab closed 5 years ago
henkbirkholz
commented
5 years ago This pr has been vetted by the authors. There might be more merges or pushes before cut-off.
module: ietf-basic-remote-attestation +--ro rats-support-structures +--ro supported-algos uint16 +--ro tpms [tpm_name] //is version info needed here? | +--ro tpm_name string | +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? +--ro compute-nodes* [node-name]
| +--ro node-name string | +--ro node-physical-index? int32 {ietfhw:entity-mib}? +--ro endorsement-certificates //Is this the TCG specified EK certificate, or AK used here for RA, or a unified one? Is it better to move this under the respective tpm_name in tpms above, and delete this structure?
[SB]Good idea. Done The certs are TPM specific makes sense to group them under tpm
rpcs: +---x tpm12-challenge-response-attestation | +---w input | | +---w tpm1-attestation-challenge | | +---w pcr-indices uint8 | | +---w nonce-value binary | | +---w TPM_SIG_SCHEME-value uint8
| | +---w (key-identifier)? | | | +--:(public-key) | | | | +---w pub-key-id? binary | | | +--:(TSS_UUID) | | | +---w TSS_UUID-value | | | +---w ulTimeLow? uint32 | | | +---w usTimeMid? uint16 | | | +---w usTimeHigh? uint16 | | | +---w bClockSeqHigh? uint8 | | | +---w bClockSeqLow? uint8 | | | +---w rgbNode uint8 | | +---w add-version? boolean | | +---w tpm_name? string | | +---w tpm-physical-index? int32 {ietfhw:entity-mib}? | +--ro output | +--ro tpm12-attestation-response [tpm_name] | +--ro tpm_name string | +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? | +--ro up-time? uint32 | +--ro node-name? string | +--ro node-physical-index? int32 {ietfhw:entity-mib}? | +--ro (tpm12-quote) | +--:(tpm12-quote) | | +--ro version [] | | | +--ro major? uint8 | | | +--ro minor? uint8 | | | +--ro revMajor? uint8 | | | +--ro revMinor? uint8 | | +--ro fixed? binary | | +--ro digest-value? binary | | +--ro external-data? binary | | +--ro TPM_PCR_COMPOSITE [] | | | +--ro pcr-indices uint8 | | | +--ro value-size? uint32 | | | +--ro tpm12-pcr-value binary | | +--ro signature-size? uint32 | | +--ro signature? binary | +--:(tpm12-quote2) | +--ro tag? uint8 | +--ro fixed? binary | +--ro external-data? binary | +--ro pcr-indices uint8 | +--ro locality-at-release? uint8 | +--ro digest-at-release? binary | +--ro signature-size? uint32 | +--ro signature? binary +---x tpm2-challenge-response-attestation | +---w input | | +---w tpm2-attestation-challenge //should we consider supporting multiple tpms in one challenge-response interaction? And the output below has already multiple tpms~~
[SB] Right. Addressed.
[SB] how else? We need multiple PCRs to be selected for attestation. | | | | +---w pcr | | | | +---w pcr-indices uint8 | | | | +---w (algo-registry-type) | | | | +--:(tcg) | | | | | +---w tcg-hash-algo-id? uint16 | | | | +--:(ietf) | | | | +---w ietf-ni-hash-algo-id? uint8 | | | +---w nonce-value binary | | | +---w (signature-identifier-type)
| | | | +--:(TPM_ALG_ID) | | | | | +---w TPM_ALG_ID-value? uint16 | | | | +--:(COSE_Algorithm) | | | | +---w COSE_Algorithm-value? int32 | | | +---w (key-identifier)?
| | | +--:(public-key) | | | | +---w pub-key-id? binary | | | +--:(uuid) | | | +---w uuid-value? binary
| | +---w tpm_name? string
| | +---w tpm-physical-index? int32 {ietfhw:entity-mib}?
| +--ro output | +--ro tpm2-attestation-response [tpm_name] | +--ro tpm_name string | +--ro tpm-physical-index? int32 {ietfhw:entity-mib}? | +--ro up-time? uint32 | +--ro node-name? string | +--ro node-physical-index? int32 {ietfhw:entity-mib}? | +--ro tpms-attest
| | +--ro pcrdigest? binary | | +--ro tpms-attest-result? binary | | +--ro tpms-attest-result-length? uint32 | +--ro tpmt-signature? binary //is signature-length missed here? [SB] No, it is binary the wire encapsulation of the model will have a way to frame it and indicate the length. IT doesnt have to be explicit.
[SB] How will it be different for TPM1.2? This RPC fetches the AIK certificate that can be validated and then used for verifying attested data.
[SB] rats-support-structures provides all the unique certs for the TPM. Should provide both EK and AK.
[SB] updated the input. We did have the input selection based on compute node name earlier. But i think it didnt make it to the draft model.
[SB] updated the description in rats-support-structure
[SB] This can be considered.
[SB] Can you please propose an alternate that you have in mind? It is a list so we can represent multiple PCR in the selection.
[SB] You are right, The logs only which PCR index was extended. So it makes sense to organize the logs with node-name,tpm_name as the key. If a node has multiple TPMs it would extend the PCR and maintain logs separately per TPM from my experience. Bill, Eric, Henk is this right?
[SB] No it is pcr-index. The logs tell which pcr is extended. the digest will indicate the hash that was extended into this pcr.
| +--ro digest-list []
| | +--ro (algo-registry-type) | | | +--:(tcg) | | | | +--ro tcg-hash-algo-id? uint16 | | | +--:(ietf) | | | +--ro ietf-ni-hash-algo-id? uint8 | | +--ro digest binary | +--ro event-size? uint32 | +--ro event-data uint8 +--:(ima) +--ro ima-event-logs +--ro ima-event-entry [event-number] +--ro event-number uint64 +--ro ima-template? string +--ro filename-hint? string +--ro filedata-hash? binary +--ro template-hash-algorithm? string +--ro template-hash? binary +--ro pcr-index? uint16 //should this be the pcr-value? [SB] No it is pcr-index. The logs tell which pcr is extended. the digest will indicate the hash that was extended into this pcr.