|
|
@ -197,8 +197,50 @@ When IMA is disabled, which is the default, this file has only one entry represe |
|
|
By enabling IMA via kernel command line parameters, this file gets filled according to the policies defined. |
|
|
By enabling IMA via kernel command line parameters, this file gets filled according to the policies defined. |
|
|
The first four parameters used in \autoref{code:tbkernelcommandlinetxt} define the behavior of IMA and how the measurement log should look like. |
|
|
The first four parameters used in \autoref{code:tbkernelcommandlinetxt} define the behavior of IMA and how the measurement log should look like. |
|
|
|
|
|
|
|
|
|
|
|
\section{Interaction with TPM2} |
|
|
|
|
|
\subsection{Prove Certificate Chain} |
|
|
|
|
|
Every TPM has a corresponding certificate which is part of a certificate chain maintained by the TPM manufacturer. |
|
|
|
|
|
\begin{enumerate} |
|
|
|
|
|
\item Collect certificates: Depending on the manufacturer, there are different ways to get the TPM's certificates. |
|
|
|
|
|
Infineon decided to store it as X.509 DER formatted blob on the TPM's non-volatile memory. |
|
|
|
|
|
Address \texttt{0x1c00002} holds the certificate for RSA based root keys, whereas \texttt{0x1c0000a} is the ECC equivalent. |
|
|
|
|
|
Although all TPMs are \emph{Infineon Optiga TPM SLB 9665}, the oldest device uses another intermediate CA from the manufacturer. |
|
|
|
|
|
\item Download Infineon intermediate and root CA certificates |
|
|
|
|
|
\item Verify Cert chain with openSSL. |
|
|
|
|
|
|
|
|
|
|
|
\end{enumerate} |
|
|
|
|
|
\begin{lstlisting}[float,language=bash, caption={Verifying the TPM Certificate}, label={code:verifytpmcert}] |
|
|
|
|
|
root@amd1:~# tpm2_nvread -C o 0x1c00002 -o amd1_1.cert |
|
|
|
|
|
root@amd1:~# tpm2_nvread -C o 0x1c0000a -o amd1_2.cert |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in amd1_1.cert -out amd1_1.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in amd1_2.cert -out amd1_2.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel1_1.cert -out intel1_1.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel1_2.cert -out intel1_2.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel2_2.cert -out intel2_2.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in intel2_1.cert -out intel2_1.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaEccMfrCA011.crt -out OptigaEccMfrCA011.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaEccMfrCA036.crt -out OptigaEccMfrCA036.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaRsaMfrCA036.crt -out OptigaRsaMfrCA036.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl x509 -inform DER -outform PEM -in OptigaRsaMfrCA011.crt -out OptigaRsaMfrCA011.pem |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA036.pem amd1_2.pem |
|
|
|
|
|
amd1_2.pem: OK |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA036.pem amd1_1.pem |
|
|
|
|
|
amd1_1.pem: OK |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA036.pem intel2_2.pem |
|
|
|
|
|
intel2_2.pem: OK |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_ECC_Root_CA-C-v01_00-EN.pem -untrusted OptigaEccMfrCA011.pem intel1_2.pem |
|
|
|
|
|
intel1_2.pem: OK |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA011.pem intel1_1.pem |
|
|
|
|
|
intel1_1.pem: OK |
|
|
|
|
|
michael@luna /run/media/michael/B50A-68E0 % openssl verify -verbose -CAfile Infineon-TPM_RSA_Root_CA-C-v01_00-EN.pem -untrusted OptigaRsaMfrCA036.pem intel2_1.pem |
|
|
|
|
|
intel2_1.pem: OK |
|
|
|
|
|
\end{lstlisting} |
|
|
|
|
|
|
|
|
|
|
|
\newpage |
|
|
%TODO Edit pointer |
|
|
%TODO Edit pointer |
|
|
|
|
|
tpm2-tools 4.x are usable to interact with the TPM from the command line. |
|
|
|
|
|
Available on all major releases after summer 2019. |
|
|
|
|
|
Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions. |
|
|
|
|
|
|
|
|
Similar to trusted boot, Ubuntu requires two installed packages to support the features discussed in this section: |
|
|
Similar to trusted boot, Ubuntu requires two installed packages to support the features discussed in this section: |
|
|
\begin{itemize} |
|
|
\begin{itemize} |
|
|
@ -214,10 +256,7 @@ The kernel has the correct compile options set. |
|
|
How can camera and fingerprint sensor be trusted? |
|
|
How can camera and fingerprint sensor be trusted? |
|
|
What is the limitation of this solution? |
|
|
What is the limitation of this solution? |
|
|
|
|
|
|
|
|
\section{Interaction with TPM2} |
|
|
|
|
|
tpm2-tools 4.x are usable to interact with the TPM from the command line. |
|
|
|
|
|
Available on all major releases after summer 2019. |
|
|
|
|
|
Fallback is using the TPM2 ESAPI or SAPI, which is available on almost all Linux distributions. |
|
|
|
|
|
|
|
|
|
|
|
\section{Direct Anonymous Attestation} |
|
|
\section{Direct Anonymous Attestation} |
|
|
DAA Project from Xaptum: Working DAA handshake and possible TPM integration. |
|
|
DAA Project from Xaptum: Working DAA handshake and possible TPM integration. |
|
|
|
