TSS TAB and Resource Manager Specification. Contact: Please provide public review comments by Thursday, March 5, 2015

Similar documents
TCG. TCG Public Review. TCG TSS 2.0 TAB and Resource Manager Specification. Work in Progress:

TCG. TCG Published. TSS System Level API and TPM Command Transmission Interface Specification. Family "2.0" Level 00, Revision 01.

FOR TCG ACPI Specification

ERRATA FOR. Protection Profile PC Client Specific TPM. Errata Version 1.0 June 16, 2018 DRAFT. Specification Version 1.

ERRATA FOR. TCG TPM I2C Interface Specification. Errata Version 1.0 April 6, Family 2.0 Level 00 Revision 1.

TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification

ERRATA FOR. TCG Platform Attribute Credential Profile. Errata Version Published. Specification Version 1.0 Revision January 2018

TCG. TCG Certification Program. TNC Certification Program Suite. Document Version 1.1 Revision 1 26 September 2011

TCG Specification TCG. TPM 2.0 Mobile Command Response Buffer Interface. TCG Published. Family 2.0. Level 00 Revision 12.

TCG. TCG Storage Interface Interactions Specification. Specification Version 1.0. January 27, Contacts:

TCG. TCG TSS 2.0 Overview and Common Structures Specification. TCG Public Review Copyright TCG Version 0.90 Revision 03 January 4, 2018 Draft

R E F E R E N C E TCG. Trusted Multi-Tenant Infrastructure Work Group. Use Cases. Version 1.1. November 15, 2013

TCG. Public Review. TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification. Family "2.0" Version 1.0 Revision April 2018

TCG Physical Presence Interface Specification

TCG Physical Security Interoperability Alliance IP Video Use Case 002 (PSI-UC-IPV002) Specification Version 1.0 Revision 0.2

Creating the Complete Trusted Computing Ecosystem:

TCG Storage Opal SSC Feature Set: PSID. Specification Version 1.00 Revision August 5, Contact:

TCG Compliance TNC IF-MAP Metadata for Network Security Compliance Test Plan

TCG Storage Interface Interactions Specification (SIIS) Specification Version 1.02 Revision December, 2011 TCG

TPM Software Stack. The Stack: a High-Level View. Chapter 7

TCG TPM2 Software Stack & Embedded Linux. Philip Tricca

Auditing TPM Commands

TPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies

TCG Storage Work Group. Storage Certification Program. Program Version 1.0 Document Revision 1.22 March 16, Contact: Doug Gemmill, TCG CPM T C G

TCG. SNMP MIB for TPM-Based Attestation

TCG Storage Application Note: Encrypting Drives Compliant with Opal SSC

OpenFlow Switch Errata

VMware vcenter Log Insight Manager. Deployment Guide

Packet Trace Guide. Packet Trace Guide. Technical Note

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

MERIDIANSOUNDINGBOARD.COM TERMS AND CONDITIONS

INCLUDING MEDICAL ADVICE DISCLAIMER

SDLC INTELLECTUAL PROPERTY POLICY

IETF TRUST. Legal Provisions Relating to IETF Documents. February 12, Effective Date: February 15, 2009

Ecma International Policy on Submission, Inclusion and Licensing of Software

TERMS & CONDITIONS. Complied with GDPR rules and regulation CONDITIONS OF USE PROPRIETARY RIGHTS AND ACCEPTABLE USE OF CONTENT

Adobe Connect. Adobe Connect. Deployment Guide

IETF TRUST. Legal Provisions Relating to IETF Documents. Approved November 6, Effective Date: November 10, 2008

Ecma International Policy on Submission, Inclusion and Licensing of Software

Moodle. Moodle. Deployment Guide

Recommendations for LXI systems containing devices supporting different versions of IEEE 1588

Open Source Used In TSP

NTLM NTLM. Feature Description

Intel Stress Bitstreams and Encoder (Intel SBE) 2017 AVS2 Release Notes (Version 2.3)

Splunk. Splunk. Deployment Guide

LoadMaster VMware Horizon (with View) 6. Deployment Guide

Enhanced Serial Peripheral Interface (espi)

Operating Systems Design Exam 3 Review: Spring Paul Krzyzanowski

QPP Proprietary Profile Guide

PageScope Box Operator Ver. 3.2 User s Guide

Migration Tool. Migration Tool (Beta) Technical Note

TCG Physical Presence Interface Specification

RapidIO Interconnect Specification Part 3: Common Transport Specification

SafeNet Authentication Service

Epic. Epic Systems. Deployment Guide

RTI Secure WAN Transport

End User License Agreement

RSA Two Factor Authentication

TCG. TCG Storage Opal SSC: Test Cases Specification. Specification Version 2.01 Revision 2.18 January 30, 2018 Published

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

SAM4 Reset Controller (RSTC)

Configuring Real Servers for DSR

Bluetooth PC Card Transport Layer

DME-N Network Driver Installation Guide for M7CL

Application Security for Java-based BlackBerry Handhelds

Data Deduplication Metadata Extension

SafeNet MobilePKI for BlackBerry V1.2. Administration Guide

EVault Software Oracle Plug-in for Windows Agent 7.5 User Guide

APPLICATION NOTE. Atmel AT03261: SAM D20 System Interrupt Driver (SYSTEM INTERRUPT) SAM D20 System Interrupt Driver (SYSTEM INTERRUPT)

Interlaken Look-Aside Protocol Definition

LoadMaster Clustering

CB-RBE231 PRODUCT GUIDE

Evaluating Real-Time Hypervisor (RTS) version 4.1 using Dedicated Systems Experts (DSE) test suite

MyCreditChain Terms of Use

Lecture Embedded System Security Trusted Platform Module

TCP-Relay. TCP-Relay

UM EEPROM Management of PN746X and PN736X. User manual COMPANY PUBLIC. Rev February Document information

USB2 Debug Device A Functional Device Specification

TCG Guidance for Securing Resource- Constrained Devices. Version 1.0 Revision 22 March 13, Contact:

Hierarchical Data Extension UUID For _DSD

Encrypted Object Extension

Managing Device Software Images

ACCEPTABLE USE POLICIES FOR INFORMATION SERVICES COMPUTING RESOURCES

Windows 7 Overview. Windows 7. Objectives. The History of Windows. CS140M Fall Lake 1

Open Source and Standards: A Proposal for Collaboration

OSEK/VDX. Communication. Version January 29, 2003

HouseLink HL-10E. Installation and Operation Manual Modbus TCP and XML

Conettix Universal Dual Path Communicator B465

MagicInfo Express Content Creator

ComAPI+ API Documentation

Getting Started (No installation necessary) Windows On Windows systems, simply double click the AntGram icon to launch the program.

IP Office. IP Office Mailbox Mode User Guide Issue 11b - (15 May 2010)

RUNNING SPEED AND CADENCE SERVICE

Oracle Plug-in Version 6.85 for Microsoft Windows User s Guide

ISO/IEC INTERNATIONAL STANDARD. Information technology Trusted Platform Module Part 2: Design principles

NetApp Element Software Remote Replication

Preface. Audience. Cisco IOS Software Documentation. Organization

SafeNet Authentication Service

Winnebago Industries, Inc. Privacy Policy

PRODUCT SPECIFIC LICENSE TERMS Sybase Enterprise Portal Version 5 Application Edition ( Program )

Transcription:

TSS TAB and Resource Manager Specification Family "2.0" Level 00, Revision 00.91 3 February 2015 Committee Draft Contact: admin@trustedcomputinggroup.org Please provide public review comments by Thursday, March 5, 2015 Work In Progress: This document is an intermediate draft for comment only and is subject to change without notice. Readers should not design products based on this document. TCG TCG Public Review Copyright TCG 2013 2015

TSS TAB and Resource Manager Specification Family "2.0" Disclaimers, Notices, and License Terms THIS SPECIFICATION IS PROVIDED "AS IS" WITH NO WARRANTIES WHATSOEVER, INCLUDING ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Without limitation, TCG disclaims all liability, including liability for infringement of any proprietary rights, relating to use of information in this specification and to the implementation of this specification, and TCG disclaims all liability for cost of procurement of substitute goods or services, lost profits, loss of use, loss of data or any incidental, consequential, direct, indirect, or special damages, whether under contract, tort, warranty or otherwise, arising in any way out of use or reliance upon this specification or any information herein. This document is copyrighted by Trusted Computing Group (TCG), and no license, express or implied, is granted herein other than as follows: You may not copy or reproduce the document or distribute it to others without written permission from TCG, except that you may freely do so for the purposes of (a) examining or implementing TCG specifications or (b) developing, testing, or promoting information technology standards and best practices, so long as you distribute the document with these disclaimers, notices, and license terms. Contact the Trusted Computing Group at www.trustedcomputinggroup.org for information on specification licensing through membership agreements. Any marks and brands contained herein are the property of their respective owners. Page ii TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification CONTENTS CONTENTS... 3 FIGURES... 4 1 Definition of Terms... 1 2 Acronyms... 2 3 Introduction... 3 3.1 TSS Overview... 3 3.2 Scope... 5 3.3 High Level Description... 6 3.3.1 Multi-User Support... 6 3.3.2 Context Swapping... 6 3.3.3 Get Capability... 7 4 Design Requirements... 8 4.1 Error codes... 8 4.2 Transparency... 8 4.3 Cancel and setlocality Commands... 8 4.4 Per-connection Limits... 9 4.5 Concurrency... 9 4.6 Isolation... 9 4.7 Before Sending a Command... 9 4.8 Handling for Objects and Sequences... 9 4.9 Handling for Sessions... 10 4.10 Invalid Contexts... 10 4.11 Connection Shutdown... 11 5 Non-Design Requirements:... 12 6 Environmental Restrictions:... 13 Family "2.0" TCG Public Review Page iii Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

TSS TAB and Resource Manager Specification Family "2.0" FIGURES Figure 1 Example Implementation Architectures... 4 Figure 2 TSS Stack... 5 Page iv TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification Corrections and Comments Please send comments and corrections to techquestions@trustedcomputinggroup.org. Family "2.0" TCG Public Review Page v Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

Family "2.0" TSS TAB and Resource Manager Specification 1 Definition of Terms Application programming interface or API: the software interface used to communicate between layers in the stack. Caller: in the context of this document, this is the software entity using TCTI to send commands to the TAB/RM. Connection: For the purposes of this document, connection corresponds to a TCTI context southbound from the SAPI to the TAB/RM. ESAPI: TSS Extended System API. This layer is intended to sit on top of the System API. Marshalled data: this is the representation of data used to communicate with the TPM. In order to optimize data communication to and from the TPM, the smallest amount of data possible is sent to the TPM. For instance, if a structure starts with a size field and that field is set to 0, none of the other fields in the structure are sent to the TPM. Another example: if an input structure consists of a union of data structures, the marshalled representation will be the size of just the data structure selected from the union (actually the marshalled version of that structure itself). Also, the marshalled data must be in big-endian format since this is what the TPM expects. Implementation: the source code and binary code that embodies this specification or parts of this specification. Marshal: convert data from C structures to marshalled data. SAPI: TSS System API. This is defined in the TSS System Level API and TPM Command Transmission Interface Specification. TCTI or TPM command transmission interface: this is the interface used to send commands to and receive responses from the TPM. This is defined in the TSS System Level API and TPM Command Transmission Interface Specification. Unmarshal: convert data from marshalled format to C structures. Family "2.0" TCG Public Review Page 1 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

2 Acronyms ABI API NV PCR RM TAB TCTI TDD TPM TSP TSS TAB Application binary interface Application programming interface Non-volatile Platform Configuration Register Resource Manager TPM Access Broker Interface TPM Command Transmission Interface TPM Device Driver Trusted Platform Module TSS Service Provider TPM Software Stack TPM Access Broker Page 2 TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification 3 Introduction The scope of this document is to describe all the requirements for the TSS TAB (TPM access broker) and resource manager (RM) layers in the TSS software stack. These requirements are not APIs, but rather functional requirements that allow upper layers in the TSS software stack to interoperate. Another way of describing this is that these requirements define what the upper layers of the TSS can expect the TAB and resource manager to do for them. This document presents a standard for the TAB and resource manager portions of the TSS. 3.1 TSS Overview The TSS is a software stack designed to isolate TPM application programmers from the low level details of interfacing to the TPM. The TSS consists of multiple layers: Feature API (FAPI), Enhanced System API (ESAPI), System API (SAPI), TPM Command Transmission Interface (TCTI), TPM Access Broker (TAB), Resource Manager (RM), and TPM driver. To see how these layers are related hierarchically, please see Figure 2 below. The TPM driver is the OS-specific driver that handles all the handshaking with the TPM and reading and writing of data to the TPM. The Resource Manager (RM) manages the TPM context in a manner similar to a virtual memory manager. It swaps objects, sessions, and sequences in and out of the limited TPM memory as needed. This layer is mostly transparent to the upper layers of the TSS and is not required. However, if not implemented, the upper layers will be responsible for TPM context management. The TPM access broker (TAB) handles multi-process synchronization to the TPM. A process accessing the TPM can be guaranteed that it will be able to complete a TPM command without interference from other competing processes. The TPM command transmission interface (TCTI) handles all the communication to and from the lower layers of the stack. For instance, different interfaces are required for local HW TPMs, firmware TPMs, virtual TPMs, remote TPMs, and the TPM simulator. The System API (SAPI) is the interface that understands how to build command byte streams (marshalling) and decompose response byte streams (unmarshalling). The SAPI provides a bare metal (meaning very low level) software interface to the Part 3 commands in the TPM 2.0 specification. NOTE: the TCTI and SAPI are described in the TSS System Level API and TPM Command Transmission Interface Specification. The Enhanced System API (ESAPI) is an interface that is intended to sit directly above the System API. The primary purpose of the ESAPI is to reduce the complexity required of applications that desire to send individual system level TPM calls to the TPM, but that also require cryptographic operations on the data being passed to and from the TPM. In particular, applications that wish to utilize secure sessions to perform Hash-based Message Authentication Code (HMAC) operations, parameter encryption, parameter decryption, TPM command audit, and TPM policy operations could benefit from using the ESAPI. The Feature API (FAPI) provides a higher level software abstraction to application developers. For instance, an application may want to create a key without any knowledge of the low level details. This level of abstraction will be provided by the Feature APIs. NOTE: the FAPI is described in the TSS TSS Feature API Specification. Family "2.0" TCG Public Review Page 3 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

Component Interface Standard (Linux) Application / FeatureAPI / ESAPI Standard (Windows / Linux) Application / FeatureAPI / ESAPI (Windows) TSS-defined Usage / Provisioning Unspecified Usage / Provisioning Process Boundaries Platform Boundaries in itia liz e Implementation Instance in itia liz e Implementation Instance initialize Implementation Instance Use case separator TCTI-DBus-API TCTI TCTI-TRUMP-API TCTI TCTI-TBS-API TCTI Direct (Linux) Application / FeatureAPI / ESAPI TCTI-Dbus-Client-Provider TCTI-TRUMP-Client-Provider TCTI-TBS-Wrapping-Provider (Threaded) Firmware / Embedded Application / FeatureAPI / ESAPI in itia liz e Implementation Instance DBus- IP C TCP/ SSL TAB daemon (incl AccessControl, Resource Separation, Access Scheduling, Resource Management, DBus-IPC-Server, TRUMP-Server; might have another systemapi-instance internally) TBS-API in itia liz e TCTI-TIS-API Implementation Instance TCTI TCTI-dev-API TCTI TCTI-TPMDevice-Provider /dev/ tpm 0 TCTI-dev-API TCTI-TPMDevice-Provider /dev/ tpm 0 TCTI TBS Service Libraries M ic r o s o f t- In t e r n a l TCTI-TIS-Provider (or TCTI-CRB-Provider) Kernel-Device-Driver Kernel-Device-Driver Windows-Kernel-Driver TPM TPM TPM TPM Figure 1 Example Implementation Architectures Page 4 TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification Application #1 Application #2 Feature API Enhanced System API System API TCTI TCTI TCTI TCTI RPC Local TPM send TAB Local TPM rcv Sim TPM rcv TAB Sim TPM send Virt TPM rcv TAB Virt TPM send Network Rem TPM rcv RemTPM send RPC Provider Resource Mgr Resource Mgr Resource Mgr TAB Local TPM driver Sim TPM driver Virt TPM driver TAB Resource Mgr Local TPM driver Local TPM TPM Simulator Virtual TPM Remote TPM Remote System Figure 2 TSS Stack 3.2 Scope The TAB/RM specification defines functional properties of a module that is expected to be implemented inside a system-wide scheduling daemon. The daemon could possibly implement other features such as access control restrictions. The internal interfaces between this daemon and the TAB/RM module are implementation specific and will therefore not be specified. Instead only the functional properties are specified and are expected to operate on TPM-Commands and a cancel and set locality call. A vendor of such a daemon is expected to provide a matched pair consisting of this daemon and a TCTI- Client-Provider. The interface between the TCTI and the RM are not specified. Family "2.0" TCG Public Review Page 5 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

In order to meet as many system requirements as possible, this specification attempts to avoid overspecifying and leaves lots of room for different implementations. 3.3 High Level Description 3.3.1 Multi-User Support The TAB layer provides multi-user support to a single TM device. The scheduling is per command from the caller. That is, there is no way for the caller to seize control of the TAB and send multiple consecutive commands with a guarantee that they won t be intermixed with other caller's commands. However, one caller command can map to multiple TPM commands, as described below. The TAB ensures that the TPM completes all commands related to a caller command before its scheduler services the next user. NOTE The above assumes that there is one TAB on the platform. Nothing in an implementation should preclude layers of TABs. However, a TAB can assume that no other process at the same layer is connecting to a lower layer. The TAB maintains a wait queue of caller commands to be scheduled. The TAB is permitted to (but not required to) optimize a command cancel request from the caller. If the command has not yet been sent to the TPM, the TAB may return a TPM_RC_CANCELED response and remove the command from the queue. 3.3.2 Context Swapping The TPM is a limited resource device. It can hold a small number of objects and sessions. If more objects or sessions are used, they must be swapped in and out of the TPM using the TPM2_ContextSave and TPM2_ContextLoad commands. In a single process environment, a caller, perhaps the application, could handle the swapping. In a multiprocess environment, the applications might be unaware of each other. A lower layer, called the resource manager (RM), handles this swapping. The RM keeps a mapping of the following three data items: The TPM handle, returned by and known to the TPM The virtual handle, returned to and known to the caller (for objects, not sessions) The context, returned by TPM2_ContextSave and used by TPM2_ContextLoad The RM deletes entries from tables at several events. The RM monitors TPM commands that flush objects or sessions from the TPM. For sessions, it monitors the response continuesession flag. It uses this information to manage the handle mapping and RM context storage. For example, it may remove the mapping entry and delete the context from its RM memory at the time of the flush. The RM also monitors connections, and removes table entries and ContextFlushes leftover sessions when the caller closes a connection. There are several implications, and they are different for objects and sessions. Page 6 TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification 3.3.2.1 Objects For objects, this can be performed transparently to the caller. However, each time a context is loaded, its TPM handle may change. To do this transparently, the RM returns a virtual handle, which does not change, to the caller. Each time the caller uses the object, it specifies this virtual handle. The RM performs a mapping from the (unchanging) virtual handle to the (currently loaded) TPM handle. It replaces the virtual handle with the TPM handle in the TPM command packet. NOTE: The TPM 2.0 library specification, excluded the handle from command stream HMAC calculations to enable this substitution. Since there is no TPM limit to the number of saved object contexts, the only limit imposed by the RM is based on the 2^24 handle name space per connection. This should not affect a well behaved application, which would normally not try to load more objects than the number of available slots reported by the TPM. 3.3.2.2 Sessions Since a session retains its handle through save/load context cycles, the RM need not virtualize session handles. The TPM places a limit on the number of saved sessions because of the requirement to prevent replays. This limit is global, not per connection. If the total number of sessions for all connections would exceed this limit, the RM must flush a session so the TPM_StartAuthSession command will not fail. The RM strategy for choosing a session to flush is implementation specific, but may for example select the least recently used session. The RM monitors TPM commands that flush sessions (which in this case includes responses with the continuesession flag clear), and uses that information to manage the handle mapping and context storage as with objects. The RM must also handle the session context gap (see the TPM library specification). Since the session handle does not change as sessions are cycled, the process is transparent to the caller except for perhaps a delay in processing. The context gap does have an important side effect that the RM must handle as it supports a context save and load from a caller. First, the RM must keep a copy of the context for use during context gap processing. Second, the caller will be unaware that the saved context changed during context gap processing. Therefore, the context blob returned to the caller cannot be used directly. The RM keeps a mapping between the caller's context blob (which could, for example, contain only a nonce) and its local copy. 3.3.3 Get Capability Because of TPM audit, the RM cannot alter the response to a TPM2_GetCapability command. As a result, a caller can be informed that a TPM has some small number of object slots, but find that more can be loaded (from the viewpoint of the caller) due to the RM context swapping. The limit on the number of loaded contexts will be imposed by RM constraints. Similarly, more loadable session slots will typically be available than the capability indicates, although the number will typically be limited by the maximum number of TPM active sessions, not RM memory. Family "2.0" TCG Public Review Page 7 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

4 Design Requirements The following functional requirements apply to the TAB and resource manager. 4.1 Error codes TAB/RM internal errors MUST be returned to the SAPI layer formatted as TPM error responses with the appropriate error level as described in the error code section above. For a TAB/RM error, it MUST return one of the following error code levels: TSS2_RESMGRTPM_ERROR_LEVEL is an error level indicator used for returning TPM error codes from Part 2 of the TPM 2.0 specification as TAB/RM errors. TSS2_RESMGR_ERROR_LEVEL is used to return TAB/RM specific errors. These are vendorspecific error codes. The new error code levels are defined as: #define TSS2_RESMGRTPM_ERROR_LEVEL #define TSS2_RESMGR_ERROR_LEVEL ( 11 << TSS2_RC_LEVEL_SHIFT)1 ( 12 << TSS2_RC_LEVEL_SHIFT) NOTE: For example, if the TAB/RM can t find an entry in its table for a virtual handle, it could return TPM_RC_HANDLE with the error level set to TSS2_RESMGRTPM_ERROR_LEVEL and the correct encoding to indicate which handle failed and that the error was returned from the Resource Manager. Or, it could return an implementation-specific error code with the error level set to TSS2_RESMGR_ERROR_LEVEL NOTE: An implementation can determine what type of error level and error code to return for each instance of an error. The two error levels above tell the caller how to interpret the error code. 4.2 Transparency Both components MUST operate mostly transparently to upper layers. This means there is no specified API for these, just some behavioral requirements. Note: the only exception to transparency is error codes: errors from the TAB/RM or the layers below them will be returned with level indicators and level-specific error codes. 4.3 Cancel and setlocality Commands The cancel and setlocality commands, if they are implemented in the TCTI layer above the TAB/RM, MUST be handled appropriately by TAB/RM. Specifically: Localities MUST be maintained on a per-connection basis. The TAB/RM, before sending a command to the TPM MUST switch the TPM to the locality last set by the connection via the TCTI setlocality function. A cancel command sent via a connection MUST only affect a TPM command sent over the same connection. If a resource manager removes a command from the wait queue when a cancel is received, it MUST send back a TPM response message on the corresponding connection with (RC == TPM_RC_CANCELED with the level indicator set to TSS2_RESMGRTPM_ERROR_LEVEL). 1 TSS2_RC_LEVEL_SHIFT was defined in the TSS System Level API and TPM Command Transmission Interface Specification Page 8 TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification 4.4 Per-connection Limits A TAB/RM MAY enforce a maximum number of session and/or object and sequence handles per connection and may guarantee a minimum # of such handles per connection. This maximum may be variable for different connections. The TAB MAY also limit the number of concurrent connections in order to guarantee minimums to each connection. NOTE: one reason a RM may allow variable maximums would be to support different levels of privilege. A TAB/RM SHOULD not limit the number of concurrent connections. 4.5 Concurrency TAB MUST guarantee that between the time the TAB sends a command to the TPM and gets that command s response from the TPM that no other TPM commands are sent to or responses attempted to be read from the TPM. During this interval, other commands sent to the TAB/RM are queued up by the TAB/RM. 4.6 Isolation The TAB MUST prevent connections from accessing transient handles or session handles that belong to other connections. A resource manager MUST allow TPM2_ContextSave commands from connections. Any context that has been saved by a command through a connection can be loaded by any connection. 4.7 Before Sending a Command Before executing a command, the RM must ensure that all session, object, and sequence contexts required for execution of that command are context loaded into the TPM before the command byte stream is sent to the TPM. 4.8 Handling for Objects and Sequences For objects and sequences the following must be performed: The TAB/RM MUST maintain a logical mapping between RM assigned virtual handles, TPM real handles, and saved contexts. The RM MUST virtualize the handles: o In responses that return handles, these handles MUST be virtualized before returning the response to the caller: These virtual handles MUST be unique per connection. The RM MUST replace the real handles in the response with virtual handles. Virtual handle substitutions in responses MUST preserve the upper byte from the returned real handles since this contains the handle type, and layers of software above the TAB/RM may need this handle type. o In commands, virtualized handles received from the caller MUST be replaced in the command byte stream with real handles before sending the command to the TPM. Family "2.0" TCG Public Review Page 9 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

A TPM2_ContextSave command MUST appear to be executed normally and the actual object context returned to the caller 4.9 Handling for Sessions For sessions, these are the requirements: The TAB/RM MUST maintain a logical mapping between TPM real handles, and saved contexts. When a command uses sessions this may require the RM to TPM2_ContextLoad a saved session context. During this operation a TPM_RC_CONTEXT_GAP error may be returned by the TPM. The RM must either proactively prevent this error or reactively correct the error by ungapping the stored session contexts, then loading the session, and performing the requested command. Some specific requirements for handling the gap scheme correctly: When a connection sends a TPM2_ContextSave command, the RM MUST save the context, so that it can context load and save (un-gap) it if this context is the reason for a gap response on a different session s TPM2_ContextLoad. When a context that has been un-gapped by the RM is to be loaded via TPM2_ContextLoad (using the previously returned context blob) the RM will substitute the passed in context with the un-gap context saved by the resource manager. NOTE: on a TPM2_ContextSave from a connection, the RM MAY choose to return a placeholder context. The reason for doing this would be to conserve memory without this, the whole saved context plus the most recent context (in the event of a gap event) must be saved. If a RM chooses to return a placeholder context, the placeholder context SHOULD have enough entropy to prevent guessing by rogue applications. Note: Sufficient entropy means that a caller must not be able to guess the saved contexts of a different caller. The requirement of separation of objects, sequences, and sessions of different callers has the sole exception of ContextSave and ContextLoad of objects, sequences, and sessions while passing the context blob between callers. This exception however needs to be handled in a way that protects resources from malicious access. One guaranteed way of sufficient entropy is to use the original context blob as an identifier. If a smaller identifier is used, it needs to be large enough to prevent attacks on it or other measures used, which could also include the forceful closing of a connection with too many failed attempts when smaller identifiers are used. This is implementation specific. TPM2_StartAuthSession MUST never fail due to too many active sessions in order to reduce possibilities of denial of service by rogue applications or too many applications. If the limit of MAX_ACTIVE SESSIONS number of active sessions has been reached, and StartAuthSession command is sent to the RM, the RM MUST evict a session. Which session gets evicted is implementation specific. Subsequent commands using the evicted session s context or handle MUST fail with the error code encoded with TPM_RC_HANDLE and a resource manager level indicator, and, optionally, either a parameter number (when the session handle was in the handle area) or a session number (session handle was in the session area) formatted as if the TPM was returning the error. NOTE: This also implies that applications should be able to recreate the evicted session. 4.10 Invalid Contexts Whenever a session, object, or sequence context is no longer valid, the TAB/RM SHOULD remove its handle to context mapping as well as the saved context itself (garbage collection). Page 10 TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification NOTE: some examples of this are: For sessions: when a session is flushed or when the command s response has the continuesession bit cleared. For transient objects and sequences, a FlushContext command from a connection SHOULD cause the RM to remove its handle to context mapping and associated context (garbage collection). For transient objects, after a TPM Resume or a TPM Restart, if the object s stclear bit is set. For transient objects, a Clear command will invalidate all the objects in the storage and endorsement hierarchies. For transient objects, the ChangePPS command will invalidate all objects in the platform hierarchy. For transient objects, the ChangeEPS command will invalidate all objects in the endorsement hierarchy. For sequences, when the TPM2_SequenceComplete or TPM2_EventSequenceComplete commands successfully execute. If TPM Reset occurs, all transient objects and sequences are invalidated. 4.11 Connection Shutdown When the TAB/RM discovers that a connection is shutdown, e.g. via the TCTI s finalize call: The RM SHOULD flush any objects, sequences, or sessions owned by the connection and remove any entries about these in its internal tables. The RM MAY send a TPM cancel command if the TPM is busy running a command for the connection that shut down. If the RM sends the cancel command, it MUST receive the TPM response. This response is never sent to the caller since the connection is being shutdown. Family "2.0" TCG Public Review Page 11 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

5 Non-Design Requirements: The following are NOT design requirements for the resource manager and TAB: Format of virtual handles, except that the upper byte must specify the handle type. Format of RM s handle to context mapping data structures. Page 12 TCG Public Review Family "2.0" 3 February 2015 Copyright TCG 2013-2015 Level 00, Revision 00.91

Family "2.0" TSS TAB and Resource Manager Specification 6 Environmental Restrictions: Following are some restrictions that must be maintained by the system in order for the TAB/RM to work properly. TAB/RM SHOULD be the only regular entry point by which connections talk to the TPM device driver. Family "2.0" TCG Public Review Page 13 Level 00, Revision 00.91 Copyright TCG 2013-2015 3 February 2015

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback