Re: [tboot-devel] Calculation of PCR 17

Wed, 05 Aug 2009 08:29:37 -0700 

Hi Michael, list,
Attached is a script that I threw together to recreate the contents of the PCR values on a system I've been using, by looking at some of the debug values. I hope that you find it useful. 

-Jon


Michael Gissing wrote:

Hi!


Now I'm trying to calculate PCR 17 by hand. I'm making only little progress on that issue. Here's 
what I'm doing, there are some Questions in there, what I haven't understood. The informations below 
are based on "Measured Launched Environment Developer's Guide - June 2008".


1) Set PCR to all 0s

2) Extend ( SHA-1( SinitMleData.SinitHash | SinitMleData.EdxSenterFlags ) )
   2a) concatenate SinitMleData.SinitHash and SinitMleData.EdxSenterFlags
       *) EdxSenterFlags are reported to be 0x00000000 - is that right?
       *) how can I calculate SinitHash on my own? tboot copies hole SINIT 
image to memory, but
          a hash over the image file isn't the same as SinitMleData.SinitHash


3) MLE Developer's Guide says that all other items are concatenated and extended at one single 
extend. Is that right?

   3a) MLE Dev Guid says "SHA-1 hash of BIOS ACM - SinitMleData.BiosAcmID"
       *) SinitMleData.BiosAcmID is not a hash, must it be hashed or not before 
concatenation?
       *) Where can I get the BiosAcmID of a system?
   3b) MsegValid is 8 byte data, but has only two possible values, 0x0 and 0x1, 
right?
       The only purpose is to indicate whether StmHash is a hash or 0s, right?
   3c) How is determined whether OsSinitData.Capabilities is extended or not?

4) tboot seems to extend SinitMleData.PolicyControl | 
SinitMleData.LcpPolicyHash after ML to PCR 17
    too. Why extend a second time?

any help would be appreciated,
greetz Michael

------------------------------------------------------------------------------

Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel


  



#!/usr/bin/perl

#From: http://www.xav.com/perl/site/lib/Digest/SHA1.html
use Digest::SHA1  qw(sha1 sha1_hex sha1_base64);

# The purpose of this script is to try to reconstruct the PCR values
# on wren (Dell Optiplex 755 -> Intel TXT-capable) following a Flicker
# session. Pasted below are a dump of the sinit_mle_data structure,
# and the PCR values following a Flicker session that did not perform
# any PCR Extends.  Section 1.9 of the Intel MLE Developer's Guide
# explains the contents of the PCRs. This script is a sanity-check.

# PCR values following the Flicker session
# PCR-17: B6 E8 42 6F 6D 9D C1 17 0E 62 8B 07 1E 0E C1 A3 EF 3F BC 9A 
# PCR-18: C0 E7 CE 56 75 57 20 E3 3A 5B 51 52 DC C4 3F CE F1 75 3B 03 

# TBOOT: sinit_mle_data at 7cb1d090, size 144
# 06 00 00 00 80 00 00 00 20 07 09 10 ff ff ff ff
# ff ff ff ff ff ff ff ff 00 00 00 00 00 00 00 00
# 00 00 00 00 d7 c8 b6 ac 59 a5 35 7b e5 54 a8 24
# 0a c8 5a 70 be ca 66 87 25 25 ec fb 1f fb c3 e5
# 3f 82 2c da 71 23 33 df 4a 24 17 de 00 00 00 00
# 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
# 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
# 00 00 00 00 00 00 00 00 18 19 40 7d 00 00 00 00
# 07 00 00 00 98 00 00 00 f0 00 00 00 40 01 00 00

# Put the above data into an array for easier processing
my @sinit_mle_data = qw(06 00 00 00 80 00 00 00 20 07 09 10 ff ff ff ff ff ff 
ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 d7 c8 b6 ac 59 a5 35 7b 
e5 54 a8 24 0a c8 5a 70 be ca 66 87 25 25 ec fb 1f fb c3 e5 3f 82 2c da 71 23 
33 df 4a 24 17 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 19 
40 7d 00 00 00 00 07 00 00 00 98 00 00 00 f0 00 00 00 40 01 00 00);
# Turn the array into a byte string
my $sinit_mle_data_blob;
foreach(@sinit_mle_data) {
        #print "This one: $_\n";
        my $this_byte_as_text = $_;
        $sinit_mle_data_blob .= pack("C", hex($this_byte_as_text));
}
#dump_bytes($sinit_mle_data_blob);

###
### Do PCR 18 first since it is less complex
###

my $pcr18;
# First populate PCR 18 with 20 zeros
my $pcr18;
for($i=0;$i<20;$i++) {
    $pcr18.=pack("C", 0x00); 
}

my $SinitMleData_MleHash = substr($sinit_mle_data_blob, 56, 20);
$pcr18 = sha1($pcr18.$SinitMleData_MleHash);
print "Calculated PCR 18:\n";
dump_bytes($pcr18);

###
### Now do PCR 17
###

# First populate PCR 17 with 20 zeros
my $pcr17;
for($i=0;$i<20;$i++) {
    $pcr17.=pack("C", 0x00); 
}

### Recreate the first Extend of PCR 17
my $SinitMleData_SinitHash = substr($sinit_mle_data_blob, 36, 20);
#dump_bytes($SinitMleData_SinitHash);
my $SinitMleData_EdxSenterFlags = substr($sinit_mle_data_blob, 24, 4);
#dump_bytes($SinitMleData_EdxSenterFlags);
my $firstPcr17ExtendPayload = 
sha1($SinitMleData_SinitHash.$SinitMleData_EdxSenterFlags);
$pcr17 = sha1($pcr17.$firstPcr17ExtendPayload);

### Now recreate the second Extend of PCR 17
my $SinitMleData_BiosAcm_ID = substr($sinit_mle_data_blob, 4, 20);
my $SinitMleData_MsegValid = substr($sinit_mle_data_blob, 28, 8);
my $SinitMleData_StmHash = substr($sinit_mle_data_blob, 76, 20);
my $SinitMleData_PolicyControl = substr($sinit_mle_data_blob, 116, 4);
my $SinitMleData_LcpPolicyHash = substr($sinit_mle_data_blob, 96, 20);
### Just guessing that Capabilities is all zeros since we're not using
### a policy or any of the more sophisticated launch control features.
my $OsSinitData_Capabilities = pack("I", 0);

my $secondPcr17ExtendPayload =
        sha1($SinitMleData_BiosAcm_ID.
                 $SinitMleData_MsegValid.
                 $SinitMleData_StmHash.
                 $SinitMleData_PolicyControl.
                 $SinitMleData_LcpPolicyHash.
                 $OsSinitData_Capabilities);


$pcr17 = sha1($pcr17.$secondPcr17ExtendPayload);
print "Calculated PCR 17:\n";
dump_bytes($pcr17);
exit;



sub dump_bytes {
        my($bytes) = @_;

        my @chars = unpack("C*", $bytes);
    my $i;
        for($i=0; $i<length($bytes); $i++) {
                printf("%02X", $chars[$i]);
                if(($i>0) && !(($i+1)%16)) {
                        print "\n";
                } else {
                        print " ";
                }
        }
        if(length($bytes)%16) {
        print "\n";
    }   
}

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel






















					Reply via email to