Open jx6f opened 7 months ago
jx6f
commented
7 months ago I forgot to write. I think the following document also has a similar script and has the same issue.
TCG CPU to TPM Bus Protection Guidance for Active Attacks Version 1.0 Revision 30
idesai
commented
7 months ago Thank you for sharing your valuable insights.
I read Protecting Secrets At Tpm Interface article and tried the demo script while capturing packets using SWTPM simulator. And then I found that unsealed secret is not encrypted.
I think that adding
--enable-encryptoption to tpm2_sessionconfig command fixes this.--- a/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md +++ b/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md @@ -231,7 +231,7 @@ setup_salted_param_encrypt_session_with_ek() { --tpmkey-context ek.ctx rm -f ek.ctx - tpm2_sessionconfig -Q salted_session.ctx --enable-decrypt + tpm2_sessionconfig -Q salted_session.ctx --enable-decrypt --enable-encrypt } #Here is the result.
If this fix is suitable, I can also submit a merge request. Thanks.
Sure.
jx6f
commented
7 months ago Another problem found.
After cpu_secret_provisioning and runtime_provisioning and seal_data and TPM resets, running runtime_provisioning and unseal_data fails to unseal. This occurs both in the simulator and on the real TPM.
# unseal_data
WARN: Reading full size of the NV index
WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error
ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x0000099d)
ERROR: Esys_Unseal(0x99D) - tpm:session(1):a policy check failed
ERROR: Unable to run tpm2_unseal
UNSEALBLOB=This is because the NV Extended value when sealing and the NV Extended value when unsealing are different. I'm currently looking into the detailed cause. I'll let you know if I find out anything.
Thank you again for sharing your valuable insights.
jx6f
commented
7 months ago runtime_provisioning and unseal_data after TPM reset was successful. I think it is necessary to have a separate session for parameter encryption and authentication when executing NV Extend. My guess is that otherwise the extended NV value may be encrypted.
--- a/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
+++ b/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
@@ -231,7 +231,7 @@ setup_salted_param_encrypt_session_with_ek() {
--tpmkey-context ek.ctx
rm -f ek.ctx
- tpm2_sessionconfig -Q salted_session.ctx --enable-decrypt
+ tpm2_sessionconfig -Q salted_session.ctx --enable-decrypt --enable-encrypt
}
#
@@ -313,12 +313,11 @@ cpu_secret_provisioning() {
# TPM interface.
#
runtime_provisioning() {
+ setup_salted_param_encrypt_session_with_ek --hmac-session
+
tpm2_startauthsession -Q --session bounded_policy_session.ctx \
--policy-session --bind-context $NVIndex --bind-auth $HOST_SECRET
- tpm2_sessionconfig -Q bounded_policy_session.ctx \
- --enable-decrypt --enable-encrypt
-
tpm2_policycommandcode -Q --session bounded_policy_session.ctx \
TPM2_CC_NV_Extend
@@ -326,10 +325,12 @@ runtime_provisioning() {
--policy-list sha256:A.policy,B.policy,C.policy
echo -n $NV_SECRET|tpm2_nvextend -Q -C $NVIndex -i- $NVIndex \
- -P session:bounded_policy_session.ctx
+ -P session:bounded_policy_session.ctx \
+ -S salted_session.ctx
tpm2_flushcontext -Q bounded_policy_session.ctx
- rm -f bounded_policy_session.ctx
+ tpm2_flushcontext -Q salted_session.ctx
+ rm -f bounded_policy_session.ctx salted_session.ctx
}
Thank you for sharing your valuable insights.
I read Protecting Secrets At Tpm Interface article and tried the demo script while capturing packets using SWTPM simulator. And then I found that unsealed secret is not encrypted.
I think that adding
--enable-encryptoption to tpm2_sessionconfig command fixes this.Here is the result.
If this fix is suitable, I can also submit a merge request. Thanks.