Re: [tboot-devel] VLP policy and TPM2 hash agility
On Wed, 2020-01-15 at 15:25 +0100, Lukasz Hawrylko wrote: > On Tue, 2020-01-14 at 11:47 -0500, Paul Moore wrote: > > On Tue, Jan 14, 2020 at 10:31 AM Lukasz Hawrylko > > < > > lukasz.hawry...@linux.intel.com > > > wrote: > > > On Tue, 2020-01-14 at 00:18 +, Paul Moore (pmoore2) wrote: > > > > On Mon, 2020-01-13 at 20:33 +, Paul Moore (pmoore2) via > > > > tboot-devel wrote: > > > > > On Thu, 2020-01-09 at 14:59 +, Hawrylko, Lukasz wrote: > > > > > > On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) via > > > > > > tboot-devel > > > > > > wrote: > > > > > > > Lukasz, is there a way to generate PCR hashes for all > > > > > > > supported > > > > > > > algorithms like tboot does for PCR17/18? > > > > > > > > > > > > > > -Paul > > > > > > > > > > > > > > > > > > > Hello Paul > > > > > > > > > > > > I looks like you can't create policy with different hash > > > > > > algorithms, > > > > > > look at tb_policy_t structure in tb_policy.h There is one > > > > > > field for > > > > > > setting hash algorithm that is common to all policy entries. > > > > > > > > > > Have you been able to create a VLP which causes tboot to > > > > > extend the > > > > > TPM's sha256 PCR bank? > > > > > > > > > > > > > After digging through the code some more, it looks like the key > > > > to > > > > making this work is to specify the correct "extpol=" parameter > > > > on the > > > > tboot command line. It appears to be TPM and ACM dependent (?) > > > > so I'm > > > > not sure this will work for everyone, but on my system > > > > "extpol=embedded" caused tboot to extend all of the TPM PCR > > > > banks; > > > > "extpol=agile" on my system caused the ACM to reset the system. > > > > > > > > -Paul > > > > > > > > > > As far as I remember I was able to extend SHA256 PCRs, because > > > this is > > > the only way to test my changes in tb_polgen. I am not sure, but I > > > think > > > that you have to pass "extpol=sha256" in command line and than you > > > can > > > work with SHA256 policies. Did you try to do that? I will try > > > tomorrow > > > how agile and embedded options work on my platform. > > > > Yes, "extpol=sha256" did work to extend the sha256 PCR bank, but it > > didn't extend the sha1 bank; ideally I would be able to do both and > > that is what "extpol=embedded" did for my system. > > > > I have a suspicion that instead of defaulting to sha1, we may be > > able > > to query the ACM to get the TPM2 extpol setting, but I haven't done > > any serious investigation of that yet. > > > > > > On my platform both "agile" and "embedded" options extends sha1 and > sha256 banks. When using "agile" whole process is much longer because > hash computation is done on TPM. In "embedded" hashes are computed > locally and result is sent to TPM to extend PCRs. The easiest way to > find out how that mechanism work is to look at hash_module() function > in > policy.c file. > > Interesting thing is that on your platform you can't use "agile" > method. > If reset is invoked by SINIT ACM there should be error code value in > TXT.ERRORCODE register, can you check what is there? TBOOT prints its > value during each boot, so just allow platform to boot once again > after > that reset and you will find TXT.ERRORCODE somewhere in logs. My TXT.ERRORCODE was set to 0xc0002081 when trying to boot with extpol=agile. I don't have the Type2 error code decoder spreadsheet/csv to decode the error (the TXT specification document doesn't seem to include the Type2 error codes anymore). In related news, I added a patch to my working-txtsig GH development branch which adds the "extpol=acm" option that cause tboot to query the ACM and and set the extpol based on the ACM header information; it gives the embedded policy priority when the ACM supports both embedded and agile policies. -Paul ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Tue, 2020-01-14 at 11:47 -0500, Paul Moore wrote: > On Tue, Jan 14, 2020 at 10:31 AM Lukasz Hawrylko > < > lukasz.hawry...@linux.intel.com > > wrote: > > On Tue, 2020-01-14 at 00:18 +, Paul Moore (pmoore2) wrote: > > > On Mon, 2020-01-13 at 20:33 +, Paul Moore (pmoore2) via tboot-devel > > > wrote: > > > > On Thu, 2020-01-09 at 14:59 +, Hawrylko, Lukasz wrote: > > > > > On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) via > > > > > tboot-devel > > > > > wrote: > > > > > > Lukasz, is there a way to generate PCR hashes for all supported > > > > > > algorithms like tboot does for PCR17/18? > > > > > > > > > > > > -Paul > > > > > > > > > > > > > > > > Hello Paul > > > > > > > > > > I looks like you can't create policy with different hash algorithms, > > > > > look at tb_policy_t structure in tb_policy.h There is one field for > > > > > setting hash algorithm that is common to all policy entries. > > > > > > > > Have you been able to create a VLP which causes tboot to extend the > > > > TPM's sha256 PCR bank? > > > > > > > > > > After digging through the code some more, it looks like the key to > > > making this work is to specify the correct "extpol=" parameter on the > > > tboot command line. It appears to be TPM and ACM dependent (?) so I'm > > > not sure this will work for everyone, but on my system > > > "extpol=embedded" caused tboot to extend all of the TPM PCR banks; > > > "extpol=agile" on my system caused the ACM to reset the system. > > > > > > -Paul > > > > > > > As far as I remember I was able to extend SHA256 PCRs, because this is > > the only way to test my changes in tb_polgen. I am not sure, but I think > > that you have to pass "extpol=sha256" in command line and than you can > > work with SHA256 policies. Did you try to do that? I will try tomorrow > > how agile and embedded options work on my platform. > > Yes, "extpol=sha256" did work to extend the sha256 PCR bank, but it > didn't extend the sha1 bank; ideally I would be able to do both and > that is what "extpol=embedded" did for my system. > > I have a suspicion that instead of defaulting to sha1, we may be able > to query the ACM to get the TPM2 extpol setting, but I haven't done > any serious investigation of that yet. > > On my platform both "agile" and "embedded" options extends sha1 and sha256 banks. When using "agile" whole process is much longer because hash computation is done on TPM. In "embedded" hashes are computed locally and result is sent to TPM to extend PCRs. The easiest way to find out how that mechanism work is to look at hash_module() function in policy.c file. Interesting thing is that on your platform you can't use "agile" method. If reset is invoked by SINIT ACM there should be error code value in TXT.ERRORCODE register, can you check what is there? TBOOT prints its value during each boot, so just allow platform to boot once again after that reset and you will find TXT.ERRORCODE somewhere in logs. Thanks, Lukasz ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Tue, Jan 14, 2020 at 10:31 AM Lukasz Hawrylko wrote: > On Tue, 2020-01-14 at 00:18 +, Paul Moore (pmoore2) wrote: > > On Mon, 2020-01-13 at 20:33 +, Paul Moore (pmoore2) via tboot-devel > > wrote: > > > On Thu, 2020-01-09 at 14:59 +, Hawrylko, Lukasz wrote: > > > > On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) via tboot-devel > > > > wrote: > > > > > > > > > > Lukasz, is there a way to generate PCR hashes for all supported > > > > > algorithms like tboot does for PCR17/18? > > > > > > > > > > -Paul > > > > > > > > > > > > > Hello Paul > > > > > > > > I looks like you can't create policy with different hash algorithms, > > > > look at tb_policy_t structure in tb_policy.h There is one field for > > > > setting hash algorithm that is common to all policy entries. > > > > > > Have you been able to create a VLP which causes tboot to extend the > > > TPM's sha256 PCR bank? > > > > > > > After digging through the code some more, it looks like the key to > > making this work is to specify the correct "extpol=" parameter on the > > tboot command line. It appears to be TPM and ACM dependent (?) so I'm > > not sure this will work for everyone, but on my system > > "extpol=embedded" caused tboot to extend all of the TPM PCR banks; > > "extpol=agile" on my system caused the ACM to reset the system. > > > > -Paul > > > > As far as I remember I was able to extend SHA256 PCRs, because this is > the only way to test my changes in tb_polgen. I am not sure, but I think > that you have to pass "extpol=sha256" in command line and than you can > work with SHA256 policies. Did you try to do that? I will try tomorrow > how agile and embedded options work on my platform. Yes, "extpol=sha256" did work to extend the sha256 PCR bank, but it didn't extend the sha1 bank; ideally I would be able to do both and that is what "extpol=embedded" did for my system. I have a suspicion that instead of defaulting to sha1, we may be able to query the ACM to get the TPM2 extpol setting, but I haven't done any serious investigation of that yet. -- paul moore www.paul-moore.com ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Tue, 2020-01-14 at 00:18 +, Paul Moore (pmoore2) wrote: > On Mon, 2020-01-13 at 20:33 +, Paul Moore (pmoore2) via tboot-devel wrote: > > On Thu, 2020-01-09 at 14:59 +, Hawrylko, Lukasz wrote: > > > On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) via tboot-devel > > > wrote: > > > > > > > > Lukasz, is there a way to generate PCR hashes for all supported > > > > algorithms like tboot does for PCR17/18? > > > > > > > > -Paul > > > > > > > > > > Hello Paul > > > > > > I looks like you can't create policy with different hash algorithms, > > > look at tb_policy_t structure in tb_policy.h There is one field for > > > setting hash algorithm that is common to all policy entries. > > > > Have you been able to create a VLP which causes tboot to extend the > > TPM's sha256 PCR bank? > > > > After digging through the code some more, it looks like the key to > making this work is to specify the correct "extpol=" parameter on the > tboot command line. It appears to be TPM and ACM dependent (?) so I'm > not sure this will work for everyone, but on my system > "extpol=embedded" caused tboot to extend all of the TPM PCR banks; > "extpol=agile" on my system caused the ACM to reset the system. > > -Paul > As far as I remember I was able to extend SHA256 PCRs, because this is the only way to test my changes in tb_polgen. I am not sure, but I think that you have to pass "extpol=sha256" in command line and than you can work with SHA256 policies. Did you try to do that? I will try tomorrow how agile and embedded options work on my platform. Thanks, Lukasz ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Mon, 2020-01-13 at 20:33 +, Paul Moore (pmoore2) via tboot-devel wrote: On Thu, 2020-01-09 at 14:59 +, Hawrylko, Lukasz wrote: On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) via tboot-devel wrote: On Fri, 2020-01-03 at 20:07 +, Paul Moore (pmoore2) via tboot-devel wrote: On Thu, 2020-01-02 at 22:27 +, Paul Moore (pmoore2) via tboot- devel wrote: I hope everyone had a nice holiday and is enjoying the new year thus far. As you've seen in the other thread, I'm playing around with different tboot/TXT policies and I have a question regarding tboot/VLP policies that can extend PCRs using something other than SHA1: at present tb_polgen seems limited to using SHA1, does anyone have any patches to use SHA256 (or another hash)? To answer my own question, it appears that Lukasz added suppport in 549:ca935709d8a6 ("Add support for SHA256 in tb_polgen"). Lukasz, if I wanted to generate both SHA1 and SHA256 hashes for a TPM2 system, would I need to create two rules in the VLP? For example I do the following now for the TXT/sig patches and PCR20: # tb_polgen --add --num 0 --pcr 20 \ --hash pecoff pecoff.vlp ... but that only writes the SHA1 hash into PCR20, presumably I could do the following to support both hashes? # tb_polgen --add --num 0 --pcr 20 --alg sha1 \ --hash pecoff pecoff.vlp # tb_polgen --add --num 0 --pcr 20 --alg sha256 \ --hash pecoff pecoff.vlp It appears I didn't look close enough at the patch, the hash algorithm selection is done at VLP policy creation and applies to all the rules. Lukasz, is there a way to generate PCR hashes for all supported algorithms like tboot does for PCR17/18? -Paul Hello Paul I looks like you can't create policy with different hash algorithms, look at tb_policy_t structure in tb_policy.h There is one field for setting hash algorithm that is common to all policy entries. Have you been able to create a VLP which causes tboot to extend the TPM's sha256 PCR bank? After digging through the code some more, it looks like the key to making this work is to specify the correct "extpol=" parameter on the tboot command line. It appears to be TPM and ACM dependent (?) so I'm not sure this will work for everyone, but on my system "extpol=embedded" caused tboot to extend all of the TPM PCR banks; "extpol=agile" on my system caused the ACM to reset the system. -Paul ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Thu, 2020-01-09 at 14:59 +, Hawrylko, Lukasz wrote: On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) via tboot-devel wrote: On Fri, 2020-01-03 at 20:07 +, Paul Moore (pmoore2) via tboot-devel wrote: On Thu, 2020-01-02 at 22:27 +, Paul Moore (pmoore2) via tboot- devel wrote: I hope everyone had a nice holiday and is enjoying the new year thus far. As you've seen in the other thread, I'm playing around with different tboot/TXT policies and I have a question regarding tboot/VLP policies that can extend PCRs using something other than SHA1: at present tb_polgen seems limited to using SHA1, does anyone have any patches to use SHA256 (or another hash)? To answer my own question, it appears that Lukasz added suppport in 549:ca935709d8a6 ("Add support for SHA256 in tb_polgen"). Lukasz, if I wanted to generate both SHA1 and SHA256 hashes for a TPM2 system, would I need to create two rules in the VLP? For example I do the following now for the TXT/sig patches and PCR20: # tb_polgen --add --num 0 --pcr 20 \ --hash pecoff pecoff.vlp ... but that only writes the SHA1 hash into PCR20, presumably I could do the following to support both hashes? # tb_polgen --add --num 0 --pcr 20 --alg sha1 \ --hash pecoff pecoff.vlp # tb_polgen --add --num 0 --pcr 20 --alg sha256 \ --hash pecoff pecoff.vlp It appears I didn't look close enough at the patch, the hash algorithm selection is done at VLP policy creation and applies to all the rules. Lukasz, is there a way to generate PCR hashes for all supported algorithms like tboot does for PCR17/18? -Paul Hello Paul I looks like you can't create policy with different hash algorithms, look at tb_policy_t structure in tb_policy.h There is one field for setting hash algorithm that is common to all policy entries. Have you been able to create a VLP which causes tboot to extend the TPM's sha256 PCR bank? -Paul ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Fri, 2020-01-03 at 20:26 +, Paul Moore (pmoore2) wrote: > On Fri, 2020-01-03 at 20:07 +, Paul Moore (pmoore2) via tboot-devel > wrote: > > On Thu, 2020-01-02 at 22:27 +, Paul Moore (pmoore2) via tboot- > > devel > > wrote: > > > I hope everyone had a nice holiday and is enjoying the new year thus > > > far. > > > > > > As you've seen in the other thread, I'm playing around with > > > different > > > tboot/TXT policies and I have a question regarding tboot/VLP > > > policies > > > that can extend PCRs using something other than SHA1: at present > > > tb_polgen seems limited to using SHA1, does anyone have any patches > > > to > > > use SHA256 (or another hash)? > > > > To answer my own question, it appears that Lukasz added suppport in > > 549:ca935709d8a6 ("Add support for SHA256 in tb_polgen"). > > > > Lukasz, if I wanted to generate both SHA1 and SHA256 hashes for a TPM2 > > system, would I need to create two rules in the VLP? For example I do > > the following now for the TXT/sig patches and PCR20: > > > > # tb_polgen --add --num 0 --pcr 20 \ > > --hash pecoff pecoff.vlp > > > > ... but that only writes the SHA1 hash into PCR20, presumably I could > > do > > the following to support both hashes? > > > > # tb_polgen --add --num 0 --pcr 20 --alg sha1 \ > > --hash pecoff pecoff.vlp > > # tb_polgen --add --num 0 --pcr 20 --alg sha256 \ > > --hash pecoff pecoff.vlp > > > > It appears I didn't look close enough at the patch, the hash algorithm > selection is done at VLP policy creation and applies to all the rules. > > Lukasz, is there a way to generate PCR hashes for all supported > algorithms like tboot does for PCR17/18? > > -Paul > Hello Paul I looks like you can't create policy with different hash algorithms, look at tb_policy_t structure in tb_policy.h There is one field for setting hash algorithm that is common to all policy entries. Thanks, Lukasz ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Fri, 2020-01-03 at 20:07 +, Paul Moore (pmoore2) via tboot-devel wrote: > On Thu, 2020-01-02 at 22:27 +, Paul Moore (pmoore2) via tboot- > devel > wrote: > > I hope everyone had a nice holiday and is enjoying the new year thus > > far. > > > > As you've seen in the other thread, I'm playing around with > > different > > tboot/TXT policies and I have a question regarding tboot/VLP > > policies > > that can extend PCRs using something other than SHA1: at present > > tb_polgen seems limited to using SHA1, does anyone have any patches > > to > > use SHA256 (or another hash)? > > To answer my own question, it appears that Lukasz added suppport in > 549:ca935709d8a6 ("Add support for SHA256 in tb_polgen"). > > Lukasz, if I wanted to generate both SHA1 and SHA256 hashes for a TPM2 > system, would I need to create two rules in the VLP? For example I do > the following now for the TXT/sig patches and PCR20: > > # tb_polgen --add --num 0 --pcr 20 \ > --hash pecoff pecoff.vlp > > ... but that only writes the SHA1 hash into PCR20, presumably I could > do > the following to support both hashes? > > # tb_polgen --add --num 0 --pcr 20 --alg sha1 \ > --hash pecoff pecoff.vlp > # tb_polgen --add --num 0 --pcr 20 --alg sha256 \ > --hash pecoff pecoff.vlp > It appears I didn't look close enough at the patch, the hash algorithm selection is done at VLP policy creation and applies to all the rules. Lukasz, is there a way to generate PCR hashes for all supported algorithms like tboot does for PCR17/18? -Paul ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
Re: [tboot-devel] VLP policy and TPM2 hash agility
On Thu, 2020-01-02 at 22:27 +, Paul Moore (pmoore2) via tboot-devel wrote: > I hope everyone had a nice holiday and is enjoying the new year thus > far. > > As you've seen in the other thread, I'm playing around with different > tboot/TXT policies and I have a question regarding tboot/VLP policies > that can extend PCRs using something other than SHA1: at present > tb_polgen seems limited to using SHA1, does anyone have any patches to > use SHA256 (or another hash)? To answer my own question, it appears that Lukasz added suppport in 549:ca935709d8a6 ("Add support for SHA256 in tb_polgen"). Lukasz, if I wanted to generate both SHA1 and SHA256 hashes for a TPM2 system, would I need to create two rules in the VLP? For example I do the following now for the TXT/sig patches and PCR20: # tb_polgen --add --num 0 --pcr 20 \ --hash pecoff pecoff.vlp ... but that only writes the SHA1 hash into PCR20, presumably I could do the following to support both hashes? # tb_polgen --add --num 0 --pcr 20 --alg sha1 \ --hash pecoff pecoff.vlp # tb_polgen --add --num 0 --pcr 20 --alg sha256 \ --hash pecoff pecoff.vlp -Paul ___ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel