diff --git a/thesis/04_implementation.tex b/thesis/04_implementation.tex index 6ca90de..cff4b68 100644 --- a/thesis/04_implementation.tex +++ b/thesis/04_implementation.tex @@ -197,8 +197,50 @@ When IMA is disabled, which is the default, this file has only one entry represe By enabling IMA via kernel command line parameters, this file gets filled according to the policies defined. The first four parameters used in \autoref{code:tbkernelcommandlinetxt} define the behavior of IMA and how the measurement log should look like. +\section{Interaction with TPM2} +\subsection{Prove Certificate Chain} +Every TPM has a corresponding certificate which is part of a certificate chain maintained by the TPM manufacturer. +\begin{enumerate} + \item Collect certificates: Depending on the manufacturer, there are different ways to get the TPM's certificates. + Infineon decided to store it as X.509 DER formatted blob on the TPM's non-volatile memory. + Address \texttt{0x1c00002} holds the certificate for RSA based root keys, whereas \texttt{0x1c0000a} is the ECC equivalent. + Although all TPMs are \emph{Infineon Optiga TPM SLB 9665}, the oldest device uses another intermediate CA from the manufacturer. + \item Download Infineon intermediate and root CA certificates + \item Verify Cert chain with openSSL. +\end{enumerate} +\begin{lstlisting}[float,language=bash, caption={Verifying the TPM Certificate}, label={code:verifytpmcert}] +root@amd1:~# tpm2_nvread -C o 0x1c00002 -o amd1_1.cert +root@amd1:~# tpm2_nvread -C o 0x1c0000a -o amd1_2.cert +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in amd1_1.cert -out amd1_1.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in amd1_2.cert -out amd1_2.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel1_1.cert -out intel1_1.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel1_2.cert -out intel1_2.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel2_2.cert -out intel2_2.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel2_1.cert -out intel2_1.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaEccMfrCA011.crt -out OptigaEccMfrCA011.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaEccMfrCA036.crt -out OptigaEccMfrCA036.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaRsaMfrCA036.crt -out OptigaRsaMfrCA036.pem +michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaRsaMfrCA011.crt -out OptigaRsaMfrCA011.pem +michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA036.pem amd1_2.pem +amd1_2.pem: OK +michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA036.pem amd1_1.pem +amd1_1.pem: OK +michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA036.pem intel2_2.pem +intel2_2.pem: OK +michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA011.pem intel1_2.pem +intel1_2.pem: OK +michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA011.pem intel1_1.pem +intel1_1.pem: OK +michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA036.pem intel2_1.pem +intel2_1.pem: OK +\end{lstlisting} + +\newpage %TODO Edit pointer +tpm2-tools 4.x are usable to interact with the TPM from the command line. +Available on all major releases after summer 2019. +Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions. Similar to trusted boot, Ubuntu requires two installed packages to support the features discussed in this section: \begin{itemize} @@ -214,10 +256,7 @@ The kernel has the correct compile options set. How can camera and fingerprint sensor be trusted? What is the limitation of this solution? -\section{Interaction with TPM2} -tpm2-tools 4.x are usable to interact with the TPM from the command line. -Available on all major releases after summer 2019. -Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions. + \section{Direct Anonymous Attestation} DAA Project from Xaptum: Working DAA handshake and possible TPM integration. diff --git a/thesis/MAIN.pdf b/thesis/MAIN.pdf index 33931c6..e194173 100644 Binary files a/thesis/MAIN.pdf and b/thesis/MAIN.pdf differ