heads
heads copied to clipboard
linuxboot
WIP: Add support for TPM2 in all shell scripts
This is broken and will be for the foreseeable future. The goal is to replace all tpm 1.2 commands with their tpm2 equivalent, as well as following tpm2 best practices to ensure maximum security (ie, enabling parameter encryption, locking the OS out TPM2 platform authorization, etc).
Note: this should be merged on top of #893 but for some reason if I select that as the branch to merge on top of github loses it and wants to merge 116 commits. Whenever that is merged I'll rebase on top of master.
Complementary @aesrentai
https://github.com/hardenedvault/vaultboot/commit/4506fc26d0d9aed1e15030bbf8cd49cede6c4d49
I saw that commit already actually, and I'll probably take some code from it. From a high level it takes a similar approach, creating a generic wrapper for each tpm command and then checking for tpm 1.2 or tpm2 in each wrapper.
Complementary @aesrentai
@jans23 @aesrentai @bluecmd and all others interested in TPM2 support under Heads, the commit referred above includes the whole support, which needs board owners to test the changes. I would be willing to bring the support upstream but do not own any TPM 2.0 board nor KGPE-D16 TPM 2.0 add-on. One or the other would be required for me to test this, otherwise SWTPM is required and would help everyone to test under qemu, which also needs a bit of love and code borrowed from safeboot global Makefile.
One or the other landing first (qemu/one board confirming borrowed code to support 1.2 while changes confirming no regression under 1.2) would help everyone. If you want me to do this, you can contact me personally, donations of hardware/funding of the work always welcome.
@tlaurion I can run a TPM1 or TPM2 interchangeably on one of my boards (already in CB 4.13) so would be willing to test. I also have a TPM2 only board in the lab which ive already ported to coreboot just haven't upstreamed the board yet.
I did check out the above commit from the vaultboot repo and tried to build using the only board that seems to have TPM2 in that commit - BOARD=qemu-hvault-tpm2, but that failed with the openssl build on which tpm2-tss depends. Something wonky with the command line generating the apps/openssl output.
if [ 'libssl.so' != 'libssl.so.1.1' ]; then \
rm -f libssl.so; \
ln -s libssl.so.1.1 libssl.so; \
fi
rm -f apps/openssl
${LDCMD:-/home/user/bios/vaultboot/crossgcc/bin/x86_64-linux-musl-gcc -fdebug-prefix-map=/home/user/bios/vaultboot=heads -gno-record-gcc-switches -D__MUSL__ -isystem /home/user/bios/vaultboot/install/include -L/home/user/bios/vaultboot/install/lib } -pthread -m64 -Wa,--noexecstack -Wall -O3 -L. -L \
-o apps/openssl apps/asn1pars.o apps/ca.o apps/ciphers.o apps/cms.o apps/crl.o apps/crl2p7.o apps/dgst.o apps/dhparam.o apps/dsa.o apps/dsaparam.o apps/ec.o apps/ecparam.o apps/enc.o apps/engine.o apps/errstr.o apps/gendsa.o apps/genpkey.o apps/genrsa.o apps/nseq.o apps/ocsp.o apps/openssl.o apps/passwd.o apps/pkcs12.o apps/pkcs7.o apps/pkcs8.o apps/pkey.o apps/pkeyparam.o apps/pkeyutl.o apps/prime.o apps/rand.o apps/rehash.o apps/req.o apps/rsa.o apps/rsautl.o apps/s_client.o apps/s_server.o apps/s_time.o apps/sess_id.o apps/smime.o apps/speed.o apps/spkac.o apps/srp.o apps/storeutl.o apps/ts.o apps/verify.o apps/version.o apps/x509.o \
apps/libapps.a -lssl -lcrypto -ldl -pthread
x86_64-linux-musl-gcc: error: apps/openssl: No such file or directory
make[2]: *** [Makefile:6460: apps/openssl] Error 1
make[2]: Leaving directory '/home/user/bios/vaultboot/build/openssl-1_1_1h'
make[1]: *** [Makefile:183: build_programs] Error 2
make[1]: Leaving directory '/home/user/bios/vaultboot/build/openssl-1_1_1h'
make: *** [Makefile:455: /home/user/bios/vaultboot/build/openssl-1_1_1h/.build] Error 1
that being said, I do like the wrapper approach to compatibility. neat.
hey together, I'm trying to test this on real hardware, got this:
but can't promise this isn't my fault, as I do not know (yet) all tpm-related information of the platform, mainly how the tpm is connected, or which tpm it actually is, just know it's a tpm2 from my memory of the original bios.
but for reasons unknown I cannot go back to the original firmware, I'll get this sorted out soon then I'll report again, just wanted to make sure you guys know I am also looking into this
mainly how the tpm is connected, or which tpm it actually is, just know it's a tpm2 from my memory of the original bios.
@daringer in your board config did you change the following? For tpmx script to understand which TPM you have it needs to have the correct TPMtype set in boards/
export CONFIG_TPM=y to export CONFIG_TPM2=y
That being said im not sure the tpm2 work is fully complete and it looks like the error is that tpmx is not passed the correct parameters at some point around the ehci module. I am due to start playing with the tpm2 variant soon as I have a tpm2 for one of my boards. might try later this evening.
edit you also need to change CONFIG_USER_TPM1=y to CONFIG_USER_TPM2=y in config/coreboot-board.conf
@daringer the issue appears to be the set -e command in tpmx (line 6). removing this line allows the $1 variable to pass through to the functions reset and extend in the wrapper. Leaving this in means $1 is always 'pipefail'
hey together, I'm trying to test this on real hardware, got this:
but can't promise this isn't my fault, as I do not know (yet) all tpm-related information of the platform, mainly how the tpm is connected, or which tpm it actually is, just know it's a tpm2 from my memory of the original bios.
but for reasons unknown I cannot go back to the original firmware, I'll get this sorted out soon then I'll report again, just wanted to make sure you guys know I am also looking into this
My tree has a bunch of random hacks (not public) and I haven't actually tested this on real hardware yet. Unfortunately I have not had tons of time to work on this recently. In other words, any errors you encounter are almost certainly me, not you, and why this is marked WIP.
@daringer @aesrentai @shamen123 @root-hardenedvault : collaboaration here would be awesome since a working implementation exists here and needs to be modified to be upstreamed under Heads.
yup I can boot my system now, I have seen measured boot values in PCR, no /dev tpm device yet, but this is another issue, so in short: I am progressing towards a state where I can actually help developing on this.
Apart from that TPM2 tooling (the modules from https://github.com/osresearch/heads/pull/893) are not upstream, @tlaurion how do you see this being included into heads ? one big PR including the modules and the tpmx stuff, or should we maybe first include the modules to make things easier to develop on top on it ?
@daringer I couldn't test myself, but having both in a PR wouldn't hurt if tpmx wrapper is still working for TPM 1! Congrats!
I recall that recovery should be in its own file to be measured by tpm2 toolset?
Having a PR to do some regression test for other boards would be a good step.
Looking at discussions that happened on slack would give you insights on what needed to be done on acpi tables to have the device recognised from oses?
Let me know, I don't have a strong opinion, as long as it doesn't break things.
Last time I checked, @root-hardenedvault's implementation was working for him but building instructions were not clear and dependencies not updated, yet his changes were not upstreamed through PR, and he doesn't seem to reply on github on comments on past PR reviews.
okok, sounds good to me, then I will likely first target a PR with something that builds and include all the necessary stuff (under the line this will be: #893 + #1031 on top of the current master) using this we can first check if things work as intended with the tpmx wrapper - feels like a legit 1st step...
Again, wanting to know why not https://github.com/hardenedvault/vaultboot/commit/4506fc26d0d9aed1e15030bbf8cd49cede6c4d49
@aesrentai @daringer
@daringer @tlaurion apologies for the long wait, school got very busy. Now it's summer however and I'll have time to finish this along with #1030 . I completely forgot where I was, however, so I'll get back to you late this week on why I didn't just copy the entire hardenedvault wrapper-- I remember I had a reason but honestly I forgot what it was.
I completely forgot where I was, however, so I'll get back to you late this week on why I didn't just copy the entire hardenedvault wrapper-- I remember I had a reason but honestly I forgot what it was.
@daringer @aesrentai We are at a stage, with KVM/QEMU support under #1188 for swtpm HOTP and local testing, to take a leadership decision on what implementation to chose and go forward.
Personally, I would take @root-hardenedvault implementation, based on #893 and #907 prior work and go from there, making hardenedvault approach upstream (tested and used in hardware already).
@aesrentai @daringer : your input on his approach and why you decided to create/use another one (while similar #1109 ) would be interesting prior of going forward.
#1188 board configurations can be reused easily to create -tpm2 instead of tpm in additional board configurations to test without real hardware first. #1188 will be merged soon.
I'm asking for your input, since I would take that ball and move it forward under paid grant application work, thanks to Nlnet.
#1188 is a very cool thing, TPM2 was not moved forward from my side as I miss some capable tpm2 hardware for some time now...
@aesrentai @daringer : your input on his approach and why you decided to create/use another one (while similar #1109 ) would be interesting prior of going forward.
No strong opinion here, I adopted mainly @aesrentai's approach, so under the line from the risk perspective I would also suggest to go for the hardenedvault
#1188 is a very cool thing, TPM2 was not moved forward from my side as I miss some capable tpm2 hardware for some time now...
@aesrentai @daringer : your input on his approach and why you decided to create/use another one (while similar #1109 ) would be interesting prior of going forward.
No strong opinion here, I adopted mainly @aesrentai's approach, so under the line from the risk perspective I would also suggest to go for the hardenedvault
@aesrentai @daringer @shamen123 : I would call for participation under #1292 !