You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
357 lines
8.6 KiB
357 lines
8.6 KiB
\documentclass{beamer}
|
|
\usepackage{graphicx}
|
|
\usetheme{Madrid}
|
|
|
|
\title[TPM Programming]{Programming for the TPM \\ and other practical topics}
|
|
\author{Ariel Segall \\ ariels@alum.mit.edu}
|
|
\date{Day 2 \\ \bigskip Approved for Public Release: 12-2749 \\ Distribution unlimited}
|
|
%\date{May 31, 2012}
|
|
|
|
\begin{document}
|
|
|
|
\begin{frame}
|
|
\maketitle
|
|
\end{frame}
|
|
|
|
\begin{frame}{License}
|
|
|
|
All materials are licensed under a Creative Commons ``Share Alike'' license.
|
|
\begin{itemize}
|
|
\item http://creativecommons.org/licenses/by-sa/3.0
|
|
\end{itemize}
|
|
\includegraphics[width=4in]{creativecommons.png}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Why Straight Into Programming?}
|
|
|
|
FAQ: ``Where can I buy commercial products with TPM feature X?''
|
|
|
|
\smallskip
|
|
|
|
Usual Answer: ``You can't yet''.
|
|
|
|
\begin{itemize}
|
|
\item Software vendors have generally not started integrating TPMs
|
|
\begin{itemize}
|
|
\item Demand not there
|
|
\end{itemize}
|
|
\item Only a few isolated products provide support
|
|
\begin{itemize}
|
|
\item Usually specialized
|
|
\item Not always friendly to other applications
|
|
\end{itemize}
|
|
\item For today, expect to build your own, or convince vendor to support
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{The Exceptions}
|
|
|
|
\begin{itemize}
|
|
\item Most mature: trusted computing work in open source community
|
|
\begin{itemize}
|
|
\item Largely driven by IBM, European OpenTC initiative, grad students
|
|
\item tpm-tools: Linux package (orphaned?) with basic command line utilities
|
|
\item Thunderbird integration: TPM protection of key store
|
|
\item tboot: GRUB (boot loader) version with extra TPM compatibility, features
|
|
\item Generally aimed at individual tinkerers
|
|
\end{itemize}
|
|
\item Microsoft beginning TPM integration
|
|
\begin{itemize}
|
|
\item Prominently: Bitlocker drive encryption
|
|
\item Automatic provisioning tools, but \textbf{do not use}
|
|
\begin{itemize}
|
|
\item Do not meet security recommendations
|
|
\item Reports of incompatibility with anything but Bitlocker
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\item Wave Software does enterprise TPM integration
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Programming for the TPM}
|
|
|
|
Two primary approaches:
|
|
\begin{itemize}
|
|
\item Trusted Software Stack
|
|
\begin{itemize}
|
|
\item ``High-level'' (C) API for TPM; back end handles some complexity
|
|
\item TrouSerS on Linux
|
|
\end{itemize}
|
|
\item Driver-level coding
|
|
\begin{itemize}
|
|
\item Byte arrays for TPM's direct consumption, or close to it
|
|
\item Microsoft's Trusted Base Services
|
|
\item Flicker
|
|
\end{itemize}
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Advantages of Each Approach}
|
|
|
|
TSS:
|
|
\begin{itemize}
|
|
\item C API allows integration at many applications' level
|
|
\item Manages authorization sessions, keys for you
|
|
\item Book about how to use it!
|
|
\end{itemize}
|
|
|
|
Driver-level:
|
|
\begin{itemize}
|
|
\item TPM spec (while complicated) relatively well-defined
|
|
\item Very clean if comfortable working at low level
|
|
\item For simple applications, much lower overhead
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Downsides to Each Approach}
|
|
|
|
TSS:
|
|
\begin{itemize}
|
|
\item Spec is \textit{even more complicated} than TPM, and less well-written
|
|
\item Multiple abstraction levels, unclear how to use
|
|
\item High overhead for even simple applications
|
|
\item Debugging extremely difficult
|
|
\end{itemize}
|
|
|
|
\medskip
|
|
|
|
Driver-level:
|
|
\begin{itemize}
|
|
\item Managing nonces and authorization sessions complicated and fragile
|
|
\item Lower-level than many applications
|
|
\item Difficult to read and debug unless driver or kernel programmer
|
|
\item Only documentation is TPM spec
|
|
\item Debugging extremely difficult
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Drilling Down (Slightly)}
|
|
|
|
\begin{itemize}
|
|
\item TSS
|
|
\item Driver-level
|
|
\end{itemize}
|
|
|
|
Note: Either of these could be a multi-day course on its own!
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{The Trusted Software Stack}
|
|
|
|
\begin{itemize}
|
|
\item Spec from TCG; intended to be standard interface to TPM
|
|
\item ``TSS'' really refers to two pieces:
|
|
\begin{itemize}
|
|
\item API for coding for the TSS
|
|
\item Back-end driver which exports API, handles TPM communications
|
|
\end{itemize}
|
|
\item Working implementations:
|
|
\begin{itemize}
|
|
\item TrouSerS (Linux; buggy port to Windows 7)
|
|
\begin{itemize}
|
|
\item \texttt{trousers} package in most standard Linux distributions
|
|
\end{itemize}
|
|
\item NTRU stack (Windows XP; port to Windows 7 not yet well tested)
|
|
\item ...neither perfect, but fairly reliable
|
|
\end{itemize}
|
|
\end{itemize}
|
|
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{What the TSS Does For You}
|
|
|
|
\begin{itemize}
|
|
\item Authorization Sessions
|
|
\begin{itemize}
|
|
\item Associate passwords with keys, other resources
|
|
\item In some implementations, secure password input
|
|
\end{itemize}
|
|
\item Basic Key Management
|
|
\begin{itemize}
|
|
\item Swap keys out when TPM out of space
|
|
\begin{itemize}
|
|
\item Rarely necessary feature today
|
|
\end{itemize}
|
|
\item In some implementations, stores created keys in internal store
|
|
\end{itemize}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{TSS Code: Example (incomplete!)}
|
|
|
|
\begin{verbatim}
|
|
result = Tspi\_Context\_Create( \&hContext);
|
|
|
|
result = Tspi\_Context\_Connect(hContext, NULL);
|
|
|
|
// Get the TPM handle
|
|
|
|
result=Tspi\_Context\_GetTpmObject(hContext,
|
|
&hTPM);
|
|
|
|
// Get the SRK handle
|
|
|
|
result=Tspi\_Context\_LoadKeyByUUID(hContext,
|
|
|
|
TSS\_PS\_TYPE\_SYSTEM, SRK\_UUID, \&hSRK);
|
|
|
|
//Get the SRK policy
|
|
|
|
result = Tspi\_GetPolicyObject(hSRK,
|
|
|
|
TSS\_POLICY\_USAGE, \&hSRKPolicy);
|
|
|
|
//Then set the SRK policy to be the well known secret
|
|
|
|
result=Tspi\_Policy\_SetSecret(hSRKPolicy,
|
|
|
|
TSS\_SECRET\_MODE\_SHA1, 20, wks);
|
|
|
|
result=Tspi\_Context\_CreateObject(hContext,
|
|
|
|
TSS\_OBJECT\_TYPE\_RSAKEY,initFlags, \&hESS\_Bind\_Key );
|
|
|
|
result=Tspi\_Key\_CreateKey(hESS\_Bind\_Key,hSRK, 0);
|
|
\end{verbatim}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Learning to Code with the TSS}
|
|
|
|
\begin{itemize}
|
|
\item Resources exist!
|
|
\item Dave Challener (author of much of TSS spec) wrote book:\\ \textit{A Practical Guide to Trusted Computing}
|
|
\item Has also taught short workshops whose materials are online
|
|
\begin{itemize}
|
|
\item On your quick reference sheet
|
|
\end{itemize}
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{Drilling Down}
|
|
|
|
\begin{itemize}
|
|
\item TSS
|
|
\item {\color{red}Driver-level}
|
|
\end{itemize}
|
|
\end{frame}
|
|
|
|
\begin{frame}{Driver Level Variations}
|
|
|
|
Nothing so coordinated as TSS standard!
|
|
|
|
\begin{itemize}
|
|
\item Used when in extremely minimal environments
|
|
\begin{itemize}
|
|
\item Flicker: running in CPU secure mode, stripped down
|
|
\end{itemize}
|
|
\item Windows 7 native support: TBS
|
|
\begin{itemize}
|
|
\item TBS is (theoretically) a direct pass-through to TPM
|
|
\item \textbf{TBS modifies code unpredictably! Serious problem.}
|
|
\end{itemize}
|
|
\item Homebrew your own driver!
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Driver-Level Coding, In Brief}
|
|
|
|
\begin{itemize}
|
|
\item Assemble your data structures, based on TPM structures spec
|
|
\item Assemble your command blob, based on TPM command spec
|
|
\item Send to TPM
|
|
\item Deconstruct response blob, based on TPM command spec
|
|
\item Deconstruct relevant data structures, based on TPM structures spec
|
|
\item Interpret and use as needed
|
|
\end{itemize}
|
|
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Driver-Level Code: Example}
|
|
|
|
\begin{verbatim}
|
|
|
|
int slb\_TPM\_Extend(unsigned char *buffer,
|
|
|
|
unsigned long pcrindex, unsigned char *hash)\{
|
|
|
|
int res;
|
|
|
|
((unsigned int *)buffer)[0] = 0x0000c100;
|
|
|
|
((unsigned int *)buffer)[1] = 0x00002200; /* length = 34 */
|
|
|
|
((unsigned int *)buffer)[2] = 0x00001400;
|
|
|
|
*((unsigned int *) (buffer+10))=ntohl(pcrindex);
|
|
|
|
TPM\_COPY\_TO(hash, 4, TCG\_HASH\_SIZE);
|
|
|
|
res = slb\_tis\_transmit(buffer, 34, TCG\_BUFFER\_SIZE,
|
|
|
|
TIS\_LOCALITY\_2);
|
|
|
|
TPM\_COPY\_FROM(hash, 0, TCG\_HASH\_SIZE);
|
|
|
|
return res < 0 ? res : (int) ntohl(*((unsigned int *)
|
|
|
|
(buffer+6)));\}
|
|
|
|
\end{verbatim}
|
|
%% Flicker sample code
|
|
\tiny{Code copyright Jon McCune and Bernhard Kauer, released under GPL 2}
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{The Simple TPM API: A Sales Pitch}
|
|
|
|
\begin{itemize}
|
|
\item Adoption severely slowed by difficulty of use
|
|
\item The vast majority of applications use a fraction of TPM commands
|
|
\item No need for full range of options
|
|
\begin{itemize}
|
|
\item Just build in recommended choices-- advanced users can brew their own
|
|
\end{itemize}
|
|
\item Make conceptually atomic actions take one command
|
|
\begin{itemize}
|
|
\item Hide key handling; hide authorization sessions; hide intermediate steps
|
|
\end{itemize}
|
|
\item Use TPM at the level people understand it
|
|
\end{itemize}
|
|
|
|
Straightforward project; just needs someone to do it.
|
|
|
|
\end{frame}
|
|
|
|
|
|
\begin{frame}{TPM Programming Summary}
|
|
|
|
\begin{itemize}
|
|
\item No good choices today!
|
|
\begin{itemize}
|
|
\item TSS overcomplicated and high overhead
|
|
\item Driver-level API overcomplicated, extremely low-level
|
|
\end{itemize}
|
|
\item Support architectures exist, but not universally
|
|
\begin{itemize}
|
|
\item Windows support particularly patchy
|
|
\end{itemize}
|
|
\item Lots of room for improvement, and vendors
|
|
\end{itemize}
|
|
|
|
\end{frame}
|
|
|
|
\begin{frame}{Questions?}
|
|
|
|
\end{frame}
|
|
|
|
\end{document}
|
|
|