crypto icon indicating copy to clipboard operation
crypto copied to clipboard

Published 20 hours ago verified publisher icon smallstep

Add support for tapping into TPM communication

Open hslatman opened this issue 1 year ago • 0 comments

This PR adds support for tapping into all communication to and from the TPM. It's currently only supported on Linux.

A couple concrete implementations of taps are provided too, incl. one that writes binary data by simply writing all reads and writes to a single io.Writer, and one that writes in pcapng format. The binary tap is compatible with https://github.com/joholl/tpmstream, and the output of the pcapng tap can be inspected using Wireshark (or compatible tooling).

Example output:

$ tpmstream convert out.bin
Command                                   .
TPMI_ST_COMMAND_TAG                       |   .tag                                       8001                 TPMI_ST_COMMAND_TAG.NO_SESSIONS
UINT32                                    |   .commandSize                               00000016             22
TPM_CC                                    |   .commandCode                               0000017a             TPM_CC.GetCapability
TPMS_COMMAND_HANDLES_GET_CAPABILITY       |   .handles
TPMS_COMMAND_PARAMS_GET_CAPABILITY        |   .parameters
TPM_CAP                                   |   |   .capability                            00000006             TPM_CAP.TPM_PROPERTIES
UINT32                                    |   |   .property                              0000012c             300
UINT32                                    |   |   .propertyCount                         00000001             1
Response                                  .
TPM_ST                                    |   .tag                                       8001                 TPM_ST.NO_SESSIONS
UINT32                                    |   .responseSize                              0000001b             27
TPM_RC                                    |   .responseCode                              00000000             TPM_RC.SUCCESS
TPMS_RESPONSE_HANDLES_GET_CAPABILITY      |   .handles
TPMS_RESPONSE_PARAMS_GET_CAPABILITY       |   .parameters
TPMI_YES_NO                               |   |   .moreData                              01                   1
TPMS_CAPABILITY_DATA                      |   |   .capabilityData
TPM_CAP                                   |   |   |   .capability                        00000006             TPM_CAP.TPM_PROPERTIES
TPMU_CAPABILITIES                         |   |   |   .data
TPML_TAGGED_TPM_PROPERTY                  |   |   |   |   .tpmProperties
UINT32                                    |   |   |   |   |   .count                     00000001             1
TPMS_TAGGED_PROPERTY                      |   |   |   |   |   .tpmProperty[0]
TPM_PT                                    |   |   |   |   |   |   .property              0000012c             TPM_PT.None
Warning: Parsed bad value for TPM_PT .parameters.capabilityData.data.tpmProperties.tpmProperty[0].property = 0x12c = 300 not in ValidValues(TPM_PT)
UINT32                                    |   |   |   |   |   |   .value                 00000300             768
Command                                   .
TPMI_ST_COMMAND_TAG                       |   .tag                                       8001                 TPMI_ST_COMMAND_TAG.NO_SESSIONS
UINT32                                    |   .commandSize                               0000000e             14
TPM_CC                                    |   .commandCode                               00000169             TPM_CC.NV_ReadPublic
TPMS_COMMAND_HANDLES_NV_READ_PUBLIC       |   .handles
TPMI_RH_NV_INDEX                          |   |   .nvIndex                               01c00002             TPM_HR.NV_INDEX.c00002
TPMS_COMMAND_PARAMS_NV_READ_PUBLIC        |   .parameters
Response                                  .
TPM_ST                                    |   .tag                                       8001                 TPM_ST.NO_SESSIONS
UINT32                                    |   .responseSize                              0000003e             62
TPM_RC                                    |   .responseCode                              00000000             TPM_RC.SUCCESS
TPMS_RESPONSE_HANDLES_NV_READ_PUBLIC      |   .handles
TPMS_RESPONSE_PARAMS_NV_READ_PUBLIC       |   .parameters
TPM2B_NV_PUBLIC                           |   |   .nvPublic
UINT16                                    |   |   |   .size                              000e                 14
TPMS_NV_PUBLIC                            |   |   |   .nvPublic
....
Screenshot 2024-06-04 at 13 49 19

hslatman avatar May 30 '24 14:05 hslatman