preisacm
/
masterthesis
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

second presentation finished with questions

master
Michael Preisach 7 years ago
parent
97aec41ff2
commit
465e753fae
7 changed files with 995 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 408
      install/root.hist
  2. 102
      install/user.hist
  3. 62
      presentation/190115_secondshort/header.tex
  4. BIN
      presentation/190115_secondshort/second.pdf
  5. 142
      presentation/190115_secondshort/second.tex
  6. 281
      resources/networkview2.fig
  7. BIN
      resources/networkview2.pdf

408
install/root.hist
View File

@ -0,0 +1,408 @@
1 apt update
2 apt install autoconf automake libtool pkg-config gcc curl curl-dev
3 apt install autoconf automake libtool pkg-config gcc curl curl-dev
4 reboot
5 apt install automake autoconf libtool autoconf-archive gcc libglibc2-0 pkg-config uriparser-dev libgcrypt-dev uthash-dev
6 apt search libglib
7 apt search glibc
8 apt install automake autoconf libtool autoconf-archive gcc glibc-source pkg-config uriparser-dev libgcrypt-dev uthash-dev
9 apt search uriparser
10 apt install automake autoconf libtool autoconf-archive gcc glibc-source pkg-config liburiparser-dev libgcrypt-dev uthash-dev
11 apt install git
12 apt install automake autoconf libtool autoconf-archive gcc glibc-source pkg-config liburiparser-dev libgcrypt-dev uthash-dev g++ libssl-dev uthash-dev m4 build-essential libmocka0 libmocka-dev
13 apt install automake autoconf libtool autoconf-archive gcc glibc-source pkg-config liburiparser-dev libgcrypt-dev uthash-dev g++ libssl-dev uthash-dev m4 build-essential libcmocka0 libcmocka-dev
14 cat /sys/class/tpm/tpm0/power
15 cat /sys/class/tpm/tpm0/power/runtime_status
16 cat /sys/class/tpm/tpm0/power/runtime_enabled
17 cat /sys/class/tpm/tpm0/device/status
18 cat /sys/class/tpm/tpm0/device/uid
19 cat /sys/class/tpm/tpm0/device/description
20 cat /sys/class/tpm/tpm0/device/driver/MSFT0101\:00
21 cat /sys/class/tpm/tpm0/dev
22 cat /sys/class/tpm/tpm0/ppi/tcg_operations
23 cat /sys/class/tpm/tpm0/ppi/version
24 cat /sys/class/tpm/tpm0/ppi/vs_operations
25 cat /sys/class/tpm/tpm0/ppi/transition_action
26 response
27 cat /sys/class/tpm/tpm0/ppi/response
28 cat /sys/class/tpm/tpm0/ppi/request
29 cat /sys/class/tpm/tpm0/ppi/response
30 reboot
31 cd tpm2-tss
32 ./configure --with-ptpm=/sys/class/tpm/tpm0 --with-prefix=/usr --with-udevrulesdir=/etc/udev/rules.d
33 make -j5
34 echo $?
35 make install
36 echo $?
37 udevadm control --reload-rules && udevadm trigger
38 ldconfig
39 ./configure --enable doxygen-doc
40 ./configure --enable-doxygen-doc
41 make doxygen-doc
42 make
43 make clean
44 make
45 make clean
46 ./configure --with-ptpm=/sys/class/tpm/tpm0 --with-prefix=/usr --with-udevrulesdir=/etc/udev/rules.d --enable-doxygen-doc
47 make -j5
48 make install
49 apt install doxygen-dev
50 apt install doxygen
51 ./configure --enable-doxygen-doc
52 make doxygen-doc
53 cd ../tpm2-abrmd/
54 ./bootstrap
55 apt install dbus-1
56 apt search dbus-a
57 apt search dbus
58 apt search dbus-1
59 apt install dbus dbus-1-dbg libdbus-1-dev libdbus-1-3
60 useradd --system --user-group tss
61 ./bootstrap
62 ./configure --help
63 #./configure --dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/usr/lib/udev/rules.d --with-systemdsystemunitdir=/usr/lib/systemd/system --libdir=/usr/lib64 --prefix=/usr
64 exit
65 find / -name udev
66 #./configure --dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/lib/udev/rules.d/ --with-systemdsystemunitdir=/lib/systemd/system --libdir=/lib64/ --prefix=/usr
67 cd tpm2-abmrd
68 cd tpm2-abrmd/
69 ./configure --dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/lib/udev/rules.d/ --with-systemdsystemunitdir=/lib/systemd/system --libdir=/lib64/ --prefix=/usr
70 ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/lib/udev/rules.d/ --with-systemdsystemunitdir=/lib/systemd/system --libdir=/lib64/ --prefix=/usr
71 echo $?
72 apt install libglib2.0-dev
73 ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-udevrulesdir=/lib/udev/rules.d/ --with-systemdsystemunitdir=/lib/systemd/system --libdir=/lib64/ --prefix=/usr
74 echo $?
75 ./configure --with-dbuspolicydir=/etc/dbus-1/system.d --with-systemdsystemunitdir=/lib/systemd/system --libdir=/lib64/ --prefix=/usr
76 make -j5
77 echo $?
78 make install
79 echo $?
80 cd ../tpm2-tools
81 ./bootstrap
82 ./configure --help
83 ./configure --prefix=/usr
84 echo $?
85 apt install libcurl
86 apt install curl-dev
87 apt install curl
88 ./configure --prefix=/usr
89 apt install libcurl-dev
90 apt install libcurl-openssl-dev
91 apt install libcurl4-dev
92 apt install libcurl4-openssl-dev
93 ./configure --prefix=/usr
94 apt install pyyaml
95 apt search pyyaml
96 apt install python-pretty-yaml
97 ./configure --prefix=/usr
98 echo $?
99 make -j5
100 make install
101 echo $?
102 tpm2pcrlist
103 tpm2_pcrlist
104 cd ..
105 git clone htttps://github.com/theopolis/tpm2-examples
106 git clone https://github.com/theopolis/tpm2-examples
107 cd tpm2-examples/
108 make
109 apt install clang
110 apt install clang++
111 apt install clang
112 apt remove clang
113 apt install clang
114 apt install clang++
115 apt install clang+
116 apt install clang
117 make
118 find /lib64 -name tpm20
119 find /lib -name tpm20
120 find /lib -name tpm
121 find / -name tpm20.h
122 cat /lib64/libtss2-tcti-tabrmd.1
123 cat /lib64/libtss2-tcti-tabrmd.a
124 tpm2_quote
125 tpm2_quote -L
126 tpm2_quote -l
127 man tpm2_quote
128 tpm2_nvlist
129 tpm2_getcap
130 tpm2_getmanufec
131 tpm2_listpersistent
132 tpm2_pcrlist
133 tpm2_pcrlist 0
134 tpm2_pcrlist --halg=sha256
135 tpm2_pcrlist --halg=sha384
136 tpm2_pcrlist --halg=sha256 --sel-list=1
137 tpm2_pcrlist --halg=sha256 -L
138 tpm2_pcrlist --halg=sha256 -s
139 tpm2_pcrlist --algs
140 tpm2_hash
141 tpm2_hash --help
142 tpm2_encryptdecrypt
143 tpm2_encryptdecrypt --mode=start
144 cd ..
145 rm -rf tpm2-examples/
146 cd Downloads/
147 dpkg install atom-amd64.deb
148 apt install atom-amd64.deb
149 apt install ./atom-amd64.deb
150 tpm2_encryptdecrypt
151 tpm2_encryptdecrypt --auth-key=helloworld
152 tpm2_encryptdecrypt --auth-key=helloworld 0
153 tpm2_encryptdecrypt --auth-key=helloworld --iv=helloworld
154 apt install unifont
155 ls -la
156 cat README
157 ./autogen.sh
158 ./configure
159 apt install bison
160 apt install flex bison binutils
161 apt install libdevmapper sdl libpciaccess libusb
162 apt search libdevmapper
163 apt search libpciaccess
164 apt searc hsdl
165 apt search sdl
166 apt search libusb
167 apt install libusb-1.0-0-dev libsdl2-dev libpciaccess-dev libdevmapper-dev
168 ./configure
169 configure --help
170 ./configure --help
171 ./configure --enable-efiemu --enable-grub-emu-sdl --enable-grub-emu-pci
172 make
173 echo $?
174 make check
175 make && make install
176 echo $?
177 make clean
178 ./configure --enable-efiemu --enable-grub-emu-sdl --enable-grub-emu-pci --prefix=/usr --target=i386 --with-platform=pc
179 make
180 make install
181 /etc/default/
182 cat /etc/default/grub
183 #/usr/sbin/grub-install --directory=/usr/lib/grub/i386-pc /dev/
184 mount
185 mount | grep boot
186 #/usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg
187 cat /boot/grub/grub.cfg
188 cp /boot/grub/grub.cfg /boot/grub/grub.cfgbak
189 /usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg
190 reboot
191 nano /boot/grub/grub.cfg
192 reboot
193 nano /boot/grub/grub.cfg
194 reboot
195 /usr/sbin/grub-install /dev/nvme0n1
196 reboot
197 cat /boot/grub/grub.cfg
198 nano /boot/grub/grub.cfg
199 /usr/sbin/grub-install /dev/nvme0
200 /usr/sbin/grub-install -v /dev/nvme0
201 reboot
202 /usr/sbin/grub-install --directory=/usr/lib/grub/i386-pc /dev/nvme0
203 /usr/sbin/grub-install --directory=/usr/lib/grub/i386-pc /dev/nvme0n1
204 apt install grub-efi
205 cd grub-tpm2/
206 make clean
207 ./configure --enable-efiemu --enable-grub-emu-sdl --enable-grub-emu-pci --prefix=/usr --target=x86_64 --with-platform=efi
208 make
209 make install
210 /usr/sbin/grub-install --efi-directory=/boot/efi --target=x86-64 --boot-directory=/boot /dev/nvme0n1
211 /usr/sbin/grub-install --efi-directory /boot/efi --target=x86-64 --boot-directory=/boot /dev/nvme0n1
212 apt install libfreetype6-dev libfuse-dev liblzma-dev
213 cd ..
214 rm -rf ./grub-tpm2/
215 git clone https://github.com/rhopfer/grub-tpm2.git
216 cd grub-tpm2/
217 ./autogen.sh
218 ./configure --prefix=/usr --target=x86_64 --with-platform=efi --disable-werroro
219 ./configure --prefix=/usr --target=x86_64 --with-platform=efi --disable-werror
220 make && make install
221 /usr/sbin/grub-install --version
222 /usr/sbin/grub-install --efi-directory /boot/efi --target=x86-64 --boot-directory=/boot /dev/nvme0n1
223 /usr/sbin/grub-install --efi-directory /boot/efi --target=x86-64 --boot-directory=/boot /dev/nvme0
224 /usr/sbin/grub-install --efi-directory /boot/efi
225 /usr/sbin/grub-install --target=x86-64 --boot-directory=/boot /dev/nvme0
226 /usr/sbin/grub-install --efi-directory /boot/efi --target=x86-64
227 /usr/sbin/grub-install --target=x86-64 --boot-directory=/boot /dev/nvme0n1
228 reboot
229 cd grub-tpm2/
230 /usr/sbin/grub-install --target=x86-64 --boot-directory=/boot /dev/nvme0n1
231 /usr/sbin/grub-install --target=x86-64-efi --boot-directory=/boot /dev/nvme0n1
232 /usr/sbin/grub-install --efi-directory /boot/efi --target=x86-64-efi
233 /usr/sbin/grub-install --target=x86-64-efi --efi-directory /boot/efi
234 /usr/sbin/grub-install --target=x86-64-efi --efi-directory=/boot/efi --boot-directory=/boot /dev/nvme0n1
235 ls /usr/lib/grub/
236 /usr/sbin/grub-install --target=x86-64-efi --efi-directory=/boot/efi --boot-directory=/boot /dev/nvme0n1
237 /usr/sbin/grub-install --efi-directory=/boot/efi --boot-directory=/boot /dev/nvme0n1
238 reboot
239 nano /boot/grub/grub.cfg
240 reboot
241 tpm2_pcrlist
242 nano /boot/grub/grub.cfg
243 /usr/sbin/grub-mkconfig -o /boot/grub/grub.cfg
244 nano /boot/grub/grub.cfg
245 reboot
246 nc
247 netcat
248 apt install netcat
249 apt install netcat
250 apt install netcat
251 exit
252 apt update && apt upgrade
253 apt install gnome-tweak
254 apt install gnome-tweaks
255 apt install gnome-tweak-tool
256 exit
257 apt update
258 apt install netcat
259 nc -l 3333
260 ip addr
261 nc -l 3333
262 nc -l 80
263 su
264 exit
265 mv /home/michael/Downloads/clion-2018.2.6 /opt
266 /opt/clion-2018.2.6/bin/clion.sh
267 exit
268 LD_LIBRARY_PATH
269 getenv LD_LIBRARY_PATH
270 get LD_LIBRARY_PATH
271 display LD_LIBRARY_PATH
272 printenv
273 printenv | grep LD
274 cd CLionProjects/untitled/
275 gcc main.c -o main -L/usr/local/lib -llibtss2-esys
276 gcc main.c -o main -L/usr/local/include -llibtss2-esys
277 gcc main.c -o main -L/usr/local/include/tpm2 -llibtss2-esys
278 gcc main.c -o main -L/usr/local/include/tpm2 -ltss2-esys
279 cc main.c -o main -L/usr/local/include/tpm2 -ltss2-esys
280 LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH
281 cc main.c -o main -L/usr/local/include/tpm2 -ltss2-esys
282 LIBRARY_PATH=/usr/local/lib:$LIBRARY_PATH
283 gcc -v main.c -o main -L/usr/local/include/tpm2 -ltss2-esys
284 cc main.c -o main -L/usr/local/include/tpm2/ -ltss2-esys
285 gcc -v main.c -o main -L/usr/local/include -ltss2-esys
286 LIBRARY_PATH=/usr/local/include/tss2:$LIBRARY_PATH
287 getenv
288 printenv
289 LIBRARY_PATH=/usr/local/include/tss2
290 printenv | LIB
291 printenv | grep LIB
292 exit
293 apt install ldd ldconfig
294 apt install build-essentials
295 apt install build_essentials
296 apt search essentials
297 history | grep install
298 apt install libc-bin
299 ldconfig
300 exit
301 apt install cmake
302 ldconfig
303 ldconfig -p
304 man ldconfig
305 ldconfig -l
306 man ldconfig
307 cd /usr/local/lib/
308 ls
309 ldconfig -l /usr/local/lib/
310 ldconfig -l /usr/local/lib/*
311 ldconfig -p
312 ldconfig -p | local
313 ldconfig -p | grep local
314 cd /home/michael/CLionProjects/untitled/
315 ls
316 /opt/clion-2018.2.6/bin/cmake/linux/bin/cmake --build /home/michael/CLionProjects/untitled/cmake-build-debug --target untitled -- -j 2
317 cmake --build . --target untitled
318 cmake .
319 cmake .
320 ls
321 ls
322 make .
323 ls
324 ls -lha
325 cat Makefile
326 clear
327 ls
328 rm Makefile
329 ls
330 rm CMakeCache.txt
331 rm -r CMakeFiles/
332 ls
333 rm cmake_install.cmake
334 ls
335 rm main
336 ls
337 mkdir build
338 cd build/
339 cmake ..
340 ls
341 cat Makefile
342 ls
343 make
344 ldconfig -p | grep lib
345 ldconfig -p | grep local
346 ls
347 cd ..
348 cd build/
349 rm -rf .
350 ls
351 cd ..
352 rm -rf build/*
353 cd build/
354 cmake ..
355 make
356 tpm2tss-genkey -a rsa -s 2048 mykey_rsa
357 dbus
358 tpm2_pcrlist
359 cd ..
360 ls
361 cd build
362 ls
363 cd ..
364 cd cmake-build-debug/
365 ls
366 ./untitled
367 ls /dev
368 ./untitled
369 systemctl status
370 systemctl status --all
371 systemctl status --all | grep tpm
372 systemctl status --all | grep abrmd
373 systemctl status --all | grep abrm
374 tpm2-abrmd
375 exit
376 tpm2-abrmd --allow-root
377 tpm2-abrmd --allow-root &
378 ./untitled
379 ./cmake-build-debug/untitled
380 ls /dev
381 kill 5912
382 ./cmake-build-debug/untitled
383 ./cmake-build-debug/untitled
384 ./cmake-build-debug/untitled | grep Result
385 ./cmake-build-debug/untitled
386 ./cmake-build-debug/untitled | grep ess
387 ./cmake-build-debug/untitled
388 ./cmake-build-debug/untitled
389 ./cmake-build-debug/untitled
390 apt install valgrind
391 groups michael
392 groups
393 cat /etc/group
394 usermod -a -G tss michael
395 groups michael
396 ls -la /dev/tpm
397 ls -la /dev/tpm*
398 reboot
399 tpm2_getrandom
400 man tpm2_getrandom
401 tpm2_getrandom 5
402 tpm2_getrandom 650
403 tpm2_getrandom 32
404 tpm2_getrandom 32
405 sudo /opt/clion-2018.2.6/bin/clion.sh
406 history
407 /opt/clion-2018.2.6/bin/clion.sh
408 history > root.hist

102
install/user.hist
View File

@ -0,0 +1,102 @@
1 su
2 git clone https://github.com/tpm2-software/tpm2-tss.git
3 git clone https://github.com/tpm2-software/tpm2-tools.git && git clone https://github.com/tpm2-software/tpm2-abrmd.git
4 git clone https://github.com/rhopfer/grub-tpm2.git
5 su
6 ifconfig
7 ip addr
8 cd tpm2-tss
9 ls
10 ./bootstrap
11 ./configure --help
12 ./configure --with-ptpm=/sys/class/tpm/tpm0 --with-prefix=/usr
13 ./configure --with-ptpm=/sys/class/tpm/tpm0 --with-prefix=/usr --with-udevrulesdir=/etc/udev/rules.d
14 cd tpm2-tss
15 su
16 xit
17 exit
18 cd grub-tpm2/
19 su
20 [ -d /sys/firmware/efi ] && echo "EFI boot on HDD" || echo "Legacy boot on HDD"
21 cd /boot/efi/
22 su
23 nano /boot/grub/grub.cfg
24 su
25 tpm2_pcrlist
26 su
27 nc
28 netcat
29 su
30 reboot
31 su
32 gcc
33 su
34 /opt/clion-2018.2.6/bin/clion.sh
35 su
36 printenv
37 printenv | grep LIB
38 setenv
39 export
40 export LIBRARY_PATH=/usr/local/include/tss2
41 printenv | grep LIB
42 gcc -v main.c -o main -ltss2-esys
43 ls
44 cd CLionProjects/untitled/
45 gcc -v main.c -o main -ltss2-esys
46 export LD_LIBRARY_PATH=/usr/local/include/tss2
47 gcc -v main.c -o main -ltss2-esys
48 export C_INCLUDE_PATH=/usr/local/include/tss2:$C_INCLUDE_PATH
49 printenv | grep INC
50 gcc -v main.c -o main -ltss2-esys
51 g++ -v main.c -o main -ltss2-esys
52 export CPLUS_INCLUDE_PATH=/usr/local/include/tss2:$CPLUS_INCLUDE_PATH
53 g++ -v main.c -o main -ltss2-esys
54 gcc -v main.c -o main -ltss2-esys
55 g++ -v main.c -o main -ltss2-esys
56 python ~/Documents/tpmtest.py
57 gcc -v main.c -o main -ltss2-esys
58 gcc -v main.c -o main -ltss2-esys -lesys_iutil
59 export C_PATH=/usr/local/include/tss2:$C_PATH
60 export C_PATH=/home/michael/tpm2-tss/src:$C_PATH
61 gcc -v main.c -o main -ltss2-esys -lesys_iutil
62 export C_PATH=/home/michael/tpm2-tss/src/tss2-esys:$C_PATH
63 gcc -v main.c -o main -ltss2-esys -lesys_iutil
64 gcc -v main.c -o main -ltss2-esys
65 cmake build
66 /opt/clion-2018.2.6/bin/cmake/linux/bin/cmake --build
67 /opt/clion-2018.2.6/bin/cmake/linux/bin/cmake --build .
68 ld
69 ldconfig
70 cd CLionProjects/untitled/
71 gcc -v main.c -o main -ltss2-esys
72 export C_PATH=/usr/local/include/tss2:$C_PATH
73 gcc -v main.c -o main -ltss2-esys
74 export C_PATH=/usr/local/include/tss2:$C_PATH
75 gcc -v main.c -o main -ltss2-esys
76 printenv
77 printenv | grep C_P
78 export C_PATH=/usr/local/include/tss2
79 export C_PATH=/usr/local/include:$C_PATH
80 gcc -v main.c -o main -ltss2-esys
81 export C_INCLUDE_PATH=$C_PATH
82 gcc -v main.c -o main -ltss2-esys
83 gcc main.c -o main -ltss2-esys
84 ./main
85 printenv | grep C_P
86 printenv | grep C_I
87 ldconfig
88 ldd
89 ld
90 su
91 ldconfig
92 su
93 tpm2-abrmd
94 su
95 tpm2_getrandom
96 sudo -i
97 su
98 history
99 sudo -i
100 su
101 history
102 history > user.hist

62
presentation/190115_secondshort/header.tex
View File

@ -0,0 +1,62 @@
\usepackage[naustrian]{babel}
\usepackage[utf8]{inputenc}
\usepackage[T1]{fontenc}
%Designvorlage
\usetheme{Boadilla}
%Font Typeface
\usepackage{paratype}
\usepackage{graphicx}
\usepackage{url}
\usepackage{pgfpages}
\usepackage{lmodern}
\usepackage{listings}
\usepackage{marvosym}
\usepackage{textcomp}
\usepackage{tikz}
\usepackage{geometry}
\usepackage{layout}
\usepackage{amsmath}
\usepackage{amssymb}
\usepackage{textcomp}
%properties for listings:
\lstset{
language=[LaTeX]TeX, %language
basicstyle=\footnotesize\ttfamily, %common font style
xleftmargin=8pt,
numbers=left, %line numbers
numberstyle=\tiny,
numberfirstline=true,
stepnumber=1,
numbersep=5pt,
tabsize=2, %size of tabulator
columns=flexible,
upquote=true,
literate= %Umlauts in source files
{Ö}{{\"O}}1
{Ä}{{\"A}}1
{Ü}{{\"U}}1
{ß}{{\ss}}2
{ü}{{\"u}}1
{ä}{{\"a}}1
{ö}{{\"o}}1
}
%Beamer preferences
\AtBeginSection[]
{
\begin{frame}
\frametitle{Inhalt}
\tableofcontents[
currentsection,
sectionstyle=show/show,
hideothersubsections]
\end{frame}
}

BIN
presentation/190115_secondshort/second.pdf
View File

Binary file not shown.

142
presentation/190115_secondshort/second.tex
View File

@ -0,0 +1,142 @@
\documentclass[naustrian,notes]{beamer}
\input{header}
%Titelinformationen
\title[Digidow Biometric Sensor]{Digital Shadow: Biometric Sensor}
\subtitle{Master's Thesis Seminar}
\author[Michael Preisach]{Michael Preisach}
\date{January 15, 2019}
\institute[INS]{\includegraphics[width=0.1\textwidth]{../../resources/ins}}
\begin{document}
\begin{frame}
\titlepage
\end{frame}
\begin{frame}
\frametitle{Project Overview Digital Shadow}
\begin{figure}
\centering
\includegraphics[width=0.9\textwidth]{../../resources/globalview}
\end{figure}
\end{frame}
\begin{frame}
\frametitle{Physical Overview}
\begin{figure}
\centering
\includegraphics[height=0.8\textheight]{../../resources/networkview2.pdf}
\end{figure}
\end{frame}
\begin{frame}
\frametitle{TPM2: Platform Configuration Registers (PCR)\footnote{Arthur, Challener: \emph{A Practical Guide to TPM 2.0}}}
\begin{columns}
\begin{column}{0.5\textwidth}
\begin{itemize}
\item 24 Registers (for the PC)
\item represents state of measured unit
\item reset only by power cycle
\item SHA1 or SHA256
\item modify by \emph{Extend()}: \\
{\scriptsize\texttt{newPCR = Digest(oldPCR || data)}}
\item extension chain possible
\end{itemize}
\end{column}
\begin{column}{0.5\textwidth} %%<--- here
\begin{scriptsize}
\begin{tabular}{c|p{3.5cm}}
PCR &Allocation\\\hline
0 &BIOS \\
1 &BIOS Config \\
2 &Option ROM \\
3 &Option ROM Config \\
4 &MBR \\
5 &MBR Config \\
6 &State transition and wake events\\
7 &Platform specific measurements\\
8-15 &Static OS\\
16 &Debug\\
17-22 &General Purpose\\
23 &Application Support\\
\end{tabular}
\end{scriptsize}
\end{column}
\end{columns}
\end{frame}
\begin{frame}
\frametitle{TPM2: Platform Configuration Registers (PCR)\footnote{\url{https://github.com/Rohde-Schwarz-Cybersecurity/TrustedGRUB2}}}
\begin{center}
\begin{tabular}{l|l}
Component &measured by\\\hline
BIOS &CRTM \\
TrustedGRUB MBR bootcode &BIOS \\
TrustedGRUB kernel (\texttt{diskboot.img}) &TrustedGRUB MBR bootcode \\
TrustedGRUB kernel (\texttt{core.img}) &\texttt{diskboot.img} \\
GRUB modules + OS &TrustedGRUB kernel \\
Applications &OS (e.g. Linux IMA) \\
\end{tabular}
\end{center}
\end{frame}
\begin{frame}
\frametitle{Linux Integrity Measurement Architecture (IMA)
\footnote{\url{https://wiki.strongswan.org/projects/strongswan/wiki/IMA}}
\footnote{\url{https://sourceforge.net/p/linux-ima/wiki/Home/}}}
\begin{itemize}
\item Kernel extension for measuring accessed files
\item configurable via policies (access mode, files, users, \ldots)
\item standardized log file entries
\item extend PCR and create log file entry
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Attestation}
\begin{enumerate}
\item hash a number of PCR values (= \emph{Quote})
\item sign hash with TPM key
\item remote party validates signing key
\item remote party validates values of PCRs
\item remote party validates values of (IMA-)Event log
\end{enumerate}
\end{frame}
\begin{frame}
\frametitle{State of the Project: What is Done}
\begin{itemize}
\item small PC with dedicated TPM2 device
\item installed GRUB-TPM2
\item installed TPM2-ESAPI and development environment
\item read most parts of the book \emph{Trusted Computing Platforms -
TPM2.0 in Context} and implemented basic examples
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{State of the Project: What is next}
\begin{itemize}
\item solve remaining problems with GRUB-TPM2
\item implementing more complex tasks with the TPM2
\item understanding \emph{Direct Anonymous Attestation} (DAA)
\item define and develop a trusted environment between BS and PA
\end{itemize}
\end{frame}
\begin{frame}
\frametitle{Questions}
\begin{itemize}
\item IMA also works for other system calls?
\item Details about CRTM
\end{itemize}
\end{frame}
\end{document}

281
resources/networkview2.fig
View File

@ -0,0 +1,281 @@
#FIG 3.2 Produced by xfig version 3.2.7
Landscape
Center
Inches
Letter
100.00
Single
-2
1200 2
0 32 #c6b797
0 33 #eff8ff
0 34 #dccba6
0 35 #404040
0 36 #808080
0 37 #c0c0c0
0 38 #e0e0e0
0 39 #8e8f8e
0 40 #aaaaaa
0 41 #555555
0 42 #c7c3c7
0 43 #565151
0 44 #8e8e8e
0 45 #d7d7d7
0 46 #85807d
0 47 #d2d2d2
0 48 #3a3a3a
0 49 #4573aa
0 50 #aeaeae
0 51 #7b79a5
0 52 #444444
0 53 #73758c
0 54 #f7f7f7
0 55 #414541
0 56 #635dce
0 57 #bebebe
0 58 #515151
0 59 #e7e3e7
0 60 #000049
0 61 #797979
0 62 #303430
0 63 #414141
0 64 #c7b696
6 8250 3750 9000 5025
1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 8625 4927 76 69 8625 4927 8679 4976
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
8304 3799 8946 3799 8946 4829 8304 4829 8304 3799
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
9000 5025 9000 3750 8250 3750 8250 5025 9000 5025
-6
6 6075 6000 6825 7275
1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 6450 7177 76 69 6450 7177 6504 7226
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
6129 6049 6771 6049 6771 7079 6129 7079 6129 6049
2 4 0 1 0 7 50 -1 -1 0.000 0 0 5 0 0 5
6825 7275 6825 6000 6075 6000 6075 7275 6825 7275
-6
6 6913 3234 7918 3609
4 0 0 50 -1 1 10 0.0000 0 150 1005 6913 3564 Signed Response\001
4 0 0 50 -1 1 10 0.0000 0 135 690 6913 3339 Trust(CA)\001
-6
6 1015 2203 6715 5128
6 1015 2653 4765 5128
6 2215 4453 2815 5053
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
2215 5053 2815 5053 2815 4453 2215 4453 2215 5053
4 1 0 50 -1 2 12 0.0000 0 150 465 2515 4828 TPM\001
-6
6 1240 3478 1990 4603
5 1 0 1 -1 -1 0 0 -1 0.000 0 1 0 0 1615.000 3553.000 1240 4453 1615 4528 1990 4453
1 2 0 1 0 7 50 -1 -1 0.000 1 0.0000 1615 3553 375 75 1240 3478 1990 3628
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
1990 3553 1990 4453
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
1240 3553 1240 4453
-6
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
3565 3403 4615 3403 4615 3928 3565 3928 3565 3403
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
3565 2803 4615 2803 4615 3328 3565 3328 3565 2803
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
3565 4003 4615 4003 4615 4528 3565 4528 3565 4003
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
2515 2803 3565 2803 3565 3328 2515 3328 2515 2803
2 2 1 1 0 7 51 -1 -1 4.000 0 0 -1 0 0 5
4690 2728 2215 2728 2215 5053 4690 5053 4690 2728
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
1015 2653 4765 2653 4765 5128 1015 5128 1015 2653
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
2515 3028 1990 3703
4 0 0 50 -1 1 10 0.0000 0 105 1320 2890 4978 Trusted Environment\001
4 1 0 50 -1 1 10 0.0000 0 135 480 3040 3028 Manage\001
4 1 0 50 -1 1 10 0.0000 0 105 465 3040 3223 Sensors\001
4 1 0 50 -1 1 10 0.0000 0 105 570 4090 3028 Network\001
4 1 0 50 -1 1 10 0.0000 0 105 555 4090 3223 Interface\001
4 1 0 50 -1 1 10 0.0000 0 150 615 4090 3628 Operating\001
4 1 0 50 -1 1 10 0.0000 0 135 450 4090 3823 System\001
4 1 0 50 -1 1 10 0.0000 0 105 615 4090 4228 Firmware\001
4 1 0 50 -1 1 10 0.0000 0 105 615 4090 4423 Hardware\001
4 1 0 50 -1 1 10 0.0000 0 105 615 1615 3028 Biometric\001
4 1 0 50 -1 1 10 0.0000 0 105 540 1615 3253 Database\001
-6
# Desktop tower
# Drawn by Dirko van Schalkwyk
6 5440 2428 6715 4303
1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 6044 3238 20 18 6044 3238 6063 3256
1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 6040 3342 37 34 6040 3342 6077 3375
1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 5825 3545 12 11 5825 3545 5827 3556
1 1 0 1 0 7 50 -1 -1 0.000 1 0.0000 5823 3608 12 11 5823 3608 5825 3619
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
5775 4066 5775 4156 5868 4162 5866 4066 5770 4061
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
5549 2620 5549 2784 6133 2804 6129 2636 5549 2620
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
5549 2786 5551 2950 6136 2979 6134 2804
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
5555 2956 5555 3116 6141 3147 6136 2982
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
5559 3154 5559 3253 5949 3278 5951 3172 5557 3152
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 4
5561 3253 5559 3356 5947 3385 5949 3276
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 9
5479 2597 5487 3613 5489 4145 5489 4179 5500 4183 5515 4183
5541 4183 5554 4183 5556 3426
0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
0.000
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 14
5556 4186 5556 4193 5556 4202 5688 4226 5847 4248 6002 4262
6074 4270 6149 4272 6144 4250 6141 4229 6139 4202 6131 3875
6133 3597 6144 3207
0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
1.000 1.000 1.000 1.000 1.000 0.000
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 5
6146 4275 6154 4268 6164 4262 6169 4256 6151 3361
0.000 1.000 1.000 1.000 0.000
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 12
6172 4260 6218 4262 6254 4260 6270 4260 6252 3104 6244 2645
6242 2623 6234 2616 6224 2611 5855 2606 5580 2600 5479 2594
0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
1.000 1.000 1.000 0.000
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 17
6265 4260 6267 4260 6280 4250 6298 4236 6303 4229 6298 4140
6288 3563 6280 3030 6272 2643 6272 2625 6267 2609 6265 2601
6254 2600 5598 2577 5567 2575 5520 2573 5518 2575
0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
1.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
0.000
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 15
5474 2592 5641 2542 5927 2467 6046 2436 6509 2441 6664 2445
6682 2443 6687 2455 6690 2469 6695 2527 6705 3781 6705 3823
6685 3844 6486 4049 6303 4234
0.000 1.000 1.000 1.000 1.000 1.000 1.000 1.000
1.000 1.000 1.000 1.000 1.000 1.000 0.000
3 0 0 1 0 7 50 -1 -1 0.000 0 0 0 2
6278 2652 6692 2488
0.000 0.000
-6
2 1 4 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
4765 5128 6262 4261
2 1 4 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
1015 2653 6055 2442
4 1 0 50 -1 3 12 0.0000 0 150 270 6115 2353 PA\001
-6
6 1575 6450 5400 8925
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
1575 6450 5400 6450 5400 8925 1575 8925 1575 6450
2 4 0 1 0 7 50 -1 20 0.000 0 0 7 0 0 5
2700 7575 1800 7575 1800 7200 2700 7200 2700 7575
2 4 0 1 0 7 50 -1 20 0.000 0 0 7 0 0 5
2700 8025 1800 8025 1800 7650 2700 7650 2700 8025
2 4 0 1 0 7 50 -1 20 0.000 0 0 7 0 0 5
2700 7125 1800 7125 1800 6750 2700 6750 2700 7125
2 2 1 1 0 7 51 -1 -1 4.000 0 0 -1 0 0 5
5325 6525 2250 6525 2250 8850 5325 8850 5325 6525
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
2250 8850 2850 8850 2850 8250 2250 8250 2250 8850
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
3150 6825 2700 6900
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
3150 6825 2700 7350
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 2
3150 6825 2700 7800
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
4200 7200 5250 7200 5250 7725 4200 7725 4200 7200
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
4200 6600 5250 6600 5250 7125 4200 7125 4200 6600
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
4200 7800 5250 7800 5250 8325 4200 8325 4200 7800
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
3150 6600 4200 6600 4200 7125 3150 7125 3150 6600
4 1 0 50 -1 1 10 0.0000 0 135 480 3675 6825 Manage\001
4 1 0 50 -1 1 10 0.0000 0 105 465 3675 7020 Sensors\001
4 1 0 50 -1 1 10 0.0000 0 150 720 2250 6975 Fingerprint\001
4 1 0 50 -1 1 10 0.0000 0 105 225 2250 7425 Iris\001
4 1 0 50 -1 1 10 0.0000 0 15 195 2250 7875 . . .\001
4 1 0 50 -1 2 12 0.0000 0 150 465 2550 8625 TPM\001
4 1 0 50 -1 1 10 0.0000 0 105 570 4725 6825 Network\001
4 1 0 50 -1 1 10 0.0000 0 105 555 4725 7020 Interface\001
4 1 0 50 -1 1 10 0.0000 0 150 615 4725 7425 Operating\001
4 1 0 50 -1 1 10 0.0000 0 135 450 4725 7620 System\001
4 1 0 50 -1 1 10 0.0000 0 105 615 4725 8025 Firmware\001
4 1 0 50 -1 1 10 0.0000 0 105 615 4725 8220 Hardware\001
4 0 0 50 -1 1 10 0.0000 0 105 1320 2925 8775 Trusted Environment\001
-6
6 6495 7800 7095 9000
6 6495 7800 7095 8775
1 2 0 1 0 7 100 0 -1 4.000 1 0.0000 6792 7925 113 114 6705 7851 6880 7997
2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 3
6502 8772 6792 8479 7083 8772
2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 16
6792 8479 6792 8450 6792 8421 6792 8392 6792 8362 6792 8333
6792 8304 6792 8275 6792 8245 6792 8216 6792 8187 6792 8158
6792 8128 6792 8099 6792 8070 6792 8041
2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 2
6502 8187 7083 8187
-6
4 1 0 50 -1 2 10 0.0000 0 105 300 6795 9000 User\001
-6
6 4500 5175 6075 5775
4 2 0 50 -1 1 10 0.0000 0 135 1080 6075 5550 Trust(CA,DAA)\001
4 2 0 50 -1 1 10 0.0000 0 105 1020 6075 5775 Data Submission\001
4 2 0 50 -1 1 10 0.0000 0 135 1530 6075 5325 Discover(UID, Verifier)\001
-6
6 9975 3375 10575 4575
6 9975 3375 10575 4350
1 2 0 1 0 7 100 0 -1 4.000 1 0.0000 10272 3500 113 114 10185 3426 10360 3572
2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 3
9982 4347 10272 4054 10563 4347
2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 16
10272 4054 10272 4025 10272 3996 10272 3967 10272 3937 10272 3908
10272 3879 10272 3850 10272 3820 10272 3791 10272 3762 10272 3733
10272 3703 10272 3674 10272 3645 10272 3616
2 1 0 1 0 7 100 0 -1 4.000 0 0 -1 0 0 2
9982 3762 10563 3762
-6
4 1 0 50 -1 2 10 0.0000 0 105 450 10275 4575 Officer\001
-6
6 8550 5475 10800 7350
6 8625 5550 9675 6075
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
8625 5550 9675 5550 9675 6075 8625 6075 8625 5550
4 1 0 50 -1 1 10 0.0000 0 135 480 9150 5775 Manage\001
4 1 0 50 -1 1 10 0.0000 0 105 900 9150 5970 Authorization\001
-6
6 9675 5550 10725 7275
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
9675 6150 10725 6150 10725 6675 9675 6675 9675 6150
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
9675 5550 10725 5550 10725 6075 9675 6075 9675 5550
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
9675 6750 10725 6750 10725 7275 9675 7275 9675 6750
4 1 0 50 -1 1 10 0.0000 0 105 570 10200 5775 Network\001
4 1 0 50 -1 1 10 0.0000 0 105 555 10200 5970 Interface\001
4 1 0 50 -1 1 10 0.0000 0 150 615 10200 6375 Operating\001
4 1 0 50 -1 1 10 0.0000 0 135 450 10200 6570 System\001
4 1 0 50 -1 1 10 0.0000 0 105 615 10200 6975 Firmware\001
4 1 0 50 -1 1 10 0.0000 0 105 615 10200 7170 Hardware\001
-6
2 2 0 1 0 7 50 -1 -1 0.000 0 0 -1 0 0 5
8550 5475 10800 5475 10800 7350 8550 7350 8550 5475
-6
2 1 4 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
10800 5475 8978 3769
2 1 4 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
8550 7350 8250 4950
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
2 1 1.00 90.00 150.00
8250 4725 6825 6450
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 0 2
2 1 1.00 90.00 150.00
6701 3627 8250 3975
2 1 0 1 0 7 50 -1 -1 0.000 0 0 -1 1 1 2
2 1 1.00 90.00 150.00
2 1 1.00 90.00 150.00
6227 5992 6021 4260
2 1 4 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
6117 6005 1575 6450
2 1 4 1 0 7 50 -1 -1 3.000 0 0 -1 0 0 2
5400 8925 6814 7243
4 1 0 50 -1 3 12 0.0000 0 150 135 8625 3675 V\001
4 0 0 50 -1 1 10 0.0000 0 150 900 7200 6225 Request(UID)\001
4 1 0 50 -1 3 12 0.0000 0 150 225 6450 5925 BS\001

BIN
resources/networkview2.pdf
View File

Binary file not shown.
Write Preview
Loading…
Cancel
Save