TCG TPM2 Software Stack & Embedded Linux. Philip Tricca

Similar documents
OVAL + The Trusted Platform Module

TPM Software Stack: Enabling the TPM2.0 Ecosystem in Linux. Peter Huewe, Infineon Technologies Joshua Lock, Intel

Trusted Computing Use Cases and the TCG Software Stack (TSS 2.0) Lee Wilson TSS WG Chairman OnBoard Security November 20, 2017

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Distributed OS Hermann Härtig Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing

Lecture 3 MOBILE PLATFORM SECURITY

Lecture Embedded System Security Trusted Platform Module

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2009

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Creating the Complete Trusted Computing Ecosystem:

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Connecting Securely to the Cloud

TPM v.s. Embedded Board. James Y

Authenticated Booting, Remote Attestation, Sealed Memory aka Trusted Computing. Hermann Härtig Technische Universität Dresden Summer Semester 2007

CSE543 - Computer and Network Security Module: Trusted Computing

Easy Incorporation of OPTIGA TPMs to Support Mission-Critical Applications

TSS TAB and Resource Manager Specification. Contact: Please provide public review comments by Thursday, March 5, 2015

Offline dictionary attack on TCG TPM authorisation data

Leveraging Intel SGX to Create a Nondisclosure Cryptographic library

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Key Threats Melissa (1999), Love Letter (2000) Mainly leveraging social engineering. Key Threats Internet was just growing Mail was on the verge

TPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

TRUSTED SUPPLY CHAIN & REMOTE PROVISIONING WITH THE TRUSTED PLATFORM MODULE

Atmel Trusted Platform Module June, 2014

Unicorn: Two- Factor Attestation for Data Security

TPM Software Stack. The Stack: a High-Level View. Chapter 7

TCG. Public Review. TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification. Family "2.0" Version 1.0 Revision April 2018

The TPM 2.0 specs are here, now what?

Windows 10 IoT Core Azure Connectivity and Security

Trusted Computing in Drives and Other Peripherals Michael Willett TCG and Seagate 12 Sept TCG Track: SEC 502 1

Accelerating the implementation of trusted computing

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Designing Security & Trust into Connected Devices

FIPS Non-Proprietary Security Policy

Threat Model of a Scenario Based on Trusted Platform Module 2.0 Specification

CIS 4360 Secure Computer Systems Secured System Boot

Trusted Platform Module explained

Deploying Secure Boot: Key Creation and Management

Embedded System Security Mobile Hardware Platform Security

How to create a trust anchor with coreboot.

Mobile Platform Security Architectures A perspective on their evolution

Embedded System Security Mobile Hardware Platform Security

New Approaches to Connected Device Security

Sirrix AG security technologies. TPM Laboratory I. Marcel Selhorst etiss 2007 Bochum Sirrix AG

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

Demonstration Lecture: Cyber Security (MIT Department) Trusted cloud hardware and advanced cryptographic solutions. Andrei Costin

Index. Boot sequence DRTM breakout measured launch, 336 local applications, 339 measured launch, 338 SINIT ACM, 338

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Designing Security & Trust into Connected Devices

Trusted Mobile Platform Technology for Secure Terminals

NGSCB The Next-Generation Secure Computing Base. Ellen Cram Lead Program Manager Windows Security Microsoft Corporation

Trusted Computing: Introduction & Applications

Smart Grid Embedded Cyber Security: Ensuring Security While Promoting Interoperability

GSE/Belux Enterprise Systems Security Meeting

Publishing Enterprise Web Applications to BYOD using a Granular. Trust Model. Shachaf Levi IT Client Security & Connectivity May 2013.

From TPM 1.2 to 2.0 and some more. Federico Mancini AFSecurity Seminar,

An Introduction to Trusted Platform Technology

IOS Common Cryptographic Module (IC2M)

Firmware Updates for Internet of Things Devices

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

I Don't Want to Sleep Tonight:

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module Security Policy

Seagate Momentus Thin Self-Encrypting Drives TCG Opal FIPS 140 Module Security Policy

This Security Policy describes how this module complies with the eleven sections of the Standard:

The Future of Security is in Open Silicon Linux Security Summit 2018

Trusted Computing. William A. Arbaugh Department of Computer Science University of Maryland cs.umd.edu

BCM58100B0 Series: BCM58101B0, BCM58102B0, BCM58103B0 Cryptographic Module VC0 Non-Proprietary Security Policy Document Version 0.

Lecture Embedded System Security Introduction to Trusted Computing

TCG. TCG TSS 2.0 Overview and Common Structures Specification. TCG Public Review Copyright TCG Version 0.90 Revision 03 January 4, 2018 Draft

Trusted Computing Group

TCG TSS 2.0 TPM Command Transmission Interface (TCTI) API Specification

Strengthening the Chain of Trust. Kevin Lane HP Jeff Bobzin Insyde Software

Computer Security CS 426 Lecture 17

Lecture Embedded System Security Introduction to Trusted Computing

Platform Configuration Registers

Seagate Secure TCG Enterprise SSC Self-Encrypting Drives FIPS 140 Module. Security Policy. Security Level 2. Rev. 0.

Using the tpm with iot

Protecting your system from the scum of the universe

Click to edit Master. Trusted Storage. title style. Master subtitle style Seagate Technology

Surviving in the wilderness integrity protection and system update. Patrick Ohly, Intel Open Source Technology Center Preliminary version

Technical Brief Distributed Trusted Computing

Lecture Embedded System Security Introduction to Trusted Computing

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Sicherheitsaspekte für Flashing Over The Air in Fahrzeugen. Axel Freiwald 1/2017

Uses of Cryptography

Trusted Mobile Platform

Trusted Platform Modules Automotive applications and differentiation from HSM

SECURITY ARCHITECTURES CARSTEN WEINHOLD

The Early System Start-Up Process. Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu

Operating Systems Design Exam 3 Review: Spring 2011

FIPS SECURITY POLICY FOR

Introducing Hardware Security Modules to Embedded Systems

TCG. TCG Public Review. TCG TSS 2.0 TAB and Resource Manager Specification. Work in Progress:

Windows IoT Security. Jackie Chang Sr. Program Manager

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Server side management system for multiple IoT terminals in industrial systems

Auditing TPM Commands

Distributed Systems. 25. Authentication Paul Krzyzanowski. Rutgers University. Fall 2018

Transcription:

TCG TPM2 Software Stack & Embedded Linux Philip Tricca philip.b.tricca@intel.com

Agenda Background Security basics Terms TPM basics What it is / what it does Why this matters / specific features TPM Software Stack Architecture / Design Getting Started Getting Results

Level Set There is no magic, there are no silver bullets security takes the whole village Architecture to implementation to maintenance There is no such thing as a secure system, only secure enough Ideally the informed CUSTOMER defines secure enough

The Basics Using the TPM does not a secure system make Disable services / exclude tools / minimize attack surface Use writable storage only when you must Regular updates, automatic updates! SIGNED UPDATES! Mandatory access control (SELinux!) Increase complexity in system, increase level of effort to secure it Securing general purpose computers is a nightmare Embedded systems -> security is more tractable

Threat modeling A process by which we identify & document Assets Threats to them Prioritize: decide where your efforts are best spent Identify trade-offs Accurately describe the properties of your system What it protects against: risks mitigated What it does not: risks accepted And most importantly: why

If your team doesn t model threats Please do? Much of the body of knowledge was developed in Microsoft MSDN has lots of free content https://msdn.microsoft.com/en-us/library/ff648644.aspx OWASP Application Threat Modeling https://www.owasp.org/index.php/application_threat_modeling Adam Shostack s book was my introduction (2014) Swiderski and Snyder book (2004)

Terms Classic security concepts: Confidentiality Integrity Authentication Authorization (satisfy TPM2 policy) Non-repudiation Use the TPM2 to build systems that implement these principles

What is a TPM? Authorization Small Crypto Engine Random # Generation Mgmt Operations Cryptographic functions Hashing functions Key Generation Power Mgmt Symmetric Engine(s) Hash Engine(s) Key generation & protection RNG Integrity measurement / reporting Execution Engine Non-Volatile Memory Hierarchy Seeds Monotonic Counters Storage I/O Asymmetric Engine(s) Volatile Memory PCR banks Transient Objects Sessions

BUS TPM2 Implementation: domain separation Discrete IP Block (a chip) Integrated IP Block Shielded Location Protected Capability OS Shielded Location Protected Capability Apps I/O I/O IP block IP block

TPM Protections Documented in TPM Rev 2.0 Part-1: Architecture Frames protections offered by TPM2 in section 10: Protected Capability Shielded Location Protected Object Protected capabilities must TPM severely memory constrained offload storage to application / Resource Manager encrypt protected objects when not in shielded location Nature of physical security protections dictated by customer

Reset PCR Integrity: Measured Boot RTM Platform Firmware Option ROMs Boot Loader OS App App App PCR[0]: 0x. PCR[1]: 0x. PCR[23]: 0x.

Integrity: Measured Boot Platform Configuration Register (PCR) & the Extend operation PCR is a Shielded Location, Extend operation is Protected Capability PCR is volatile memory capable of holding hash value Typically 24 PCRs in a TPM, addressed with index: PCR[0] PCR[23] PCR usage (hashes of components) defined in TCG platform specs Software Measurement is synonymous with the hash produced Extend hash of object (executable, config etc) into PCR Extend: PCR[0] N = H(PCR[0] N-1 X) Requires hash function: computationally infeasible to forge, easy to verify

TCG TPM2 Software Stack: design goals System API (SYS) 1:1 mapping to TPM2 commands No file IO crypto heap Enhanced SAPI (ESYS) 1:1 mapping to TPM2 Commands Additional commands for utility functions Provides Cryptographic functions for sessions No file IO Requires heap Feature API (FAPI) File IO Requires heap Must be able to do retries Context based state Must support the possibility of reduced application code size by offering static libraries TPM Command Transmission Interface (TCTI) Abstract command / response mechanism Decouple APIs driving TPM from command transport / IPC TPM Access Broker and Resource Manager (TABRM) Power management Potentially no file IO depends on power mgmt. No crypto No heap, file I/O Abstract Limitations of TPM Storage No crypto

TPM2 software stack System API & TCTI specification TPM2 Command Transmission Interface (TCTI) Abstraction to hide details of IPC mechanism libtcti-device & libtcti-socket Adds flexibility missing from 1.2 TSS System API (SAPI) Serialize C structures to TPM command buffers One-to-one mapping to TPM commands (all 100+) Minimal external dependencies: libc Suitable for highly embedded applications / UEFI Application Tss2_Sys_XXX SAPI TCTI IPC

IPC Backend Command Response Command Command Response Command Response Response TPM2 TSS Components: w/ resourcemgr Application Application Tss2_Sys_XXX SAPI SAPI SAPI TCTI TCTI TCTI IPC / Transport ResourceMgr Resource Manager Access Broker TCTI TPM2

Implementation & Code Intel implementing TCG TSS as Open Source Project hosted under 01.org on Github https://github.com/01org/tpm2.0-tss https://github.com/01org/tpm2.0-tools 3-clause BSD == maximum flexibility Development on GitHub in the open I don t always have the answer, someone else may though Packages working their way into distros Lots of churn in the next few months

Embedded Builds My personal OSS work meta-measured: https://github.com/flihp/meta-measured TPM1.2 & 2.0 packages Reference live images & initrds Grub2 patches extend measured launch (soon obsoleted by upstream!) + BSP for Minnowboard Max to add TPM2 support as MACHINE_FEATURE Working on ARM reference platform + Infineon SPI TPM Still some work in TSS code to support big-endian systems (facepalm)

Use case: RNG TPM requires RNG for key creation, nonce generation. an entropy source and collector mixing function (typically, an approved hash function) Differentiation between TPMs w/ certification (NIST SP800-90 A) TPM RNG integrated with Linux kernel RNG If you need an entropy source DO NOT use TPM RNG alone Load the tpm_rng kernel driver & setup rng-tools Use /dev/(u)?random https://scotte.org/2015/07/tpm-for-better-random-entropy

Use case: crypto operations TPM2 for basic crypto: sign / encrypt / hash HMAC required for authorization Asymmetric algorithm, RSA 2k for compatibility, usually ECC See Davide Guerri s blog for a great howto: https://dguerriblog.wordpress.com/2016/03/03/tpm2-0-andopenssl-on-linux-2/ tpm2_getpubek: create TPM2 primary key & export pub & name tpm2_getpubak: create TPM2 signing key & export pub & name tpm2_hash: hash some file / data & generate ticket tpm2_sign: use key (from getpubak) to sign hash

Use case: Sealed Storage aka Local Attestation TPM2 policy authorization as access control on TPM protected object Microsoft Bitlocker uses this mechanism for disk crypto keys OpenXT virtualization system uses similar mechanism Assumes measured boot records TCB in PCRs: software identity Create TPM object holding auth data for disk crypto Bind object to PCR policy: select PCRs based on TCB & requirements On successful boot w/ PCRs in expected state, load object Can be used to hold secrets for LUKS volumes

Shout-Outs! Many thanks for contributions to materials: Monty Wiseman @ General Electric Andreas Fuchs @ Fraunhofer SIT Lee Willson @ Security Innovation & Everyone who s contributed code / answered questions on GitHub! Bill Roberts @ Intel OTC Imran Desai @ Intel IOTG

Thanks!

Resources(1) Threat Modeling: Designing for Security Adam Shostack http://www.wiley.com/wileycda/wileytitle/productcd- 1118809998.html Trusted Platforms UEFI, PI and TCG-based firmware https://people.eecs.berkeley.edu/~kubitron/cs194-24/handouts/sf09_efis001_uefi_pi_tcg_white_paper.pdf Open Security Training Trusted Computing Module: http://opensecuritytraining.info/intrototrustedcomputing

Resources(2) Davide Guerri TPM2.0 talk @ FOSDEM https://fosdem.org/2017/schedule/event/tpm2/ TPM RNG linux howto: https://scotte.org/2015/07/tpm-for-better-random-entropy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback