On Fri, Jul 20, 2018 at 6:06 PM, <travis.gilb...@dell.com> wrote: > > >From: Sant Y [mailto:satish.va...@gmail.com] > >Sent: Friday, July 20, 2018 05:03 > >To: tboot-devel@lists.sourceforge.net > >Subject: [tboot-devel] Fwd: TXT/TPM 2.0 and tboot Launch control policy > > > >Hello tboot devs! > > > >I wish to revive this old discussion, on generating LCP for TPM2. There were > >at least 2 threads I found in this list, however none of them seem to have > >anything conclusive. > > > >A tboot with the default policies are working, however, for a policy with > >MLE it fails. > > > >For writing to the NV index I use the tpm2-tss tools. > >As for tboot, I use the current sources from the development branch, > >compiled and installed. I follow the steps mostly like in this discussion : > >https://sourceforge.net/p/tboot/mailman/message/35942299/ > > Please post the exact commands you're using. >
# Done once
nv_index="0x1400001"
tpm2_takeownership -o new -e new -l new
tpm2_nvdefine -x $nv_index -a 0x40000001 -s 70 -t 0x204000A -P new
# Policy creation
lcp2_mlehash --verbose --create --alg sha256 --cmdline
"logging=serial,memory,vga extpol=sha256" /boot/tboot.gz >mle_hash
lcp2_crtpolelt --verbose --create --type mle --alg sha256 --ctrl 0x00
--minver 0 --out tbootmle.elt mle_hash
lcp2_crtpollist --verbose --create --out list_unsig.lst tbootmle.elt
# The sign command "--out" option is a bit confusing, as it expects a
policy list file here, which must be more like --in file.
# and should output the signed file as a newly created file.
lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv
privkey.pem --out list_unsig.lst
lcp2_crtpol --verbose --create --type list --pol list.pol --alg sha256
--data list.data --sign 0x8 list_unsig.lst
tpm2_nvwrite -x $nv_index -a 0x40000001 -P new list.pol
cp -f list.data /boot
grub2-mkconfig -o /boot/grub2/grub.cfg
With both policy and data supplied, the show output now looks like
this. Note that I had attempted both signed and unsigned policy
before, the tboot behaved the same (read failed)
# lcp2_crtpol --show list.pol list.data
policy file: list.pol
version: 0x300
hash_alg: sha256
policy_type: list
sinit_min_version: 0x0
data_revocation_counters: 0, 0, 0, 0, 0, 0, 0, 0,
policy_control: 0x0
max_sinit_min_ver: 0x0
max_biosac_min_ver: 0x0
lcp_hash_alg_mask: 0x8
lcp_sign_alg_mask: 0x8
aux_hash_alg_mask: 0x8
policy_hash: 56 d3 f7 95 14 3d 3b 6b 3a 63 f7 43 70 b1 f8 c5 85 6a 97 34
ad 96 b8 a1 ef b5 86 67 7a f4 ac 19
policy data file: list.data
file_signature: Intel(R) TXT LCP_POLICY_DATA
num_lists: 1
list 0:
version: 0x200
sig_alg: rsa
policy_elements_size: 0x32 (50)
policy_element[0]:
size: 0x32 (50)
type: 'mle' (16)
policy_elt_control: 0x00000000
data:
sinit_min_version: 0x0
hash_alg: sha256
num_hashes: 1
hashes[0]: f8 c0 05 ec 6c 32 53 48 54 52 47 25 3a 0d
c6 4a 03 32 3c 13
0e c1 86 ca 33 3b c1 f6 9d 48 04 b3
signature:
revocation_counter: 0x0 (0)
pubkey_size: 0x100 (256)
pubkey_value:
37 72 de dd ca 4e cd f8 65 14 ab 21 2d b1 2b 36 8f e5 4a d1
b7 e7 89 76 ab a2 75 c4 ce 32 29 f6 5e a6 47 33 02 0b 2f 73
d0 12 34 3a ff c3 7f 65 f4 16 27 c1 cb 64 9a 4d 4b d9 10 5e
18 1a 23 09 18 44 b0 08 6d 97 96 cd 41 2e 13 e9 7f 32 4a 0a
54 73 79 9a 85 d1 15 73 5f 0f 9e 97 3f 37 41 0d 1b 36 16 8c
b2 e4 e1 7c 67 c8 61 39 5b d9 5d b7 b3 f2 6b 42 3a 9b 7c 8c
52 01 57 d2 4c 6a 9d db c0 48 29 8b 5f 62 9d c5 88 4e 54 40
88 26 cc 9b 51 57 7f 7a 86 ae 3b d7 cc 1f 4f a5 b5 aa 12 70
09 d8 f0 0a 5e 35 e8 d9 5f 81 5e b2 b6 2e 90 a7 81 ca 73 81
47 67 2f ce c2 2b d1 a9 4e d6 6e 05 d9 17 41 8a 92 d6 a6 5e
99 50 82 14 92 f1 ef c6 c7 02 2f bc eb bb 3f 75 ce 5d 76 5a
09 52 c6 73 ce 98 24 48 1f f0 9b 8e aa 54 2c 96 9e 98 6d bb
ad e0 a5 ed 7e 84 12 b8 41 c8 77 3b 48 62 f1 d2
sig_block:
b2 a2 0b b8 69 9e 55 d1 b7 48 bd e0 2d 98 f9 f3 06 05 74 70
7e 29 49 de 9c 99 7c b1 64 4b 94 81 90 0e 32 5e 9c 20 13 d6
1b 7f b9 3d 55 70 39 f0 f4 5a 66 24 c4 4b f3 ed e2 7d 17 49
35 8e 93 f6 e9 09 c1 98 91 37 88 3c b8 d3 80 8c b5 ce 06 3e
4e 91 6a e0 a9 d7 fc 0e 6f 93 bc e1 2e af 68 82 9b 11 79 3d
08 f4 fe 75 ce 2c 2e 71 5d 85 d3 e7 3b d3 ca c6 20 8e 07 61
b8 53 e8 43 1a d2 e1 b7 d6 92 09 f0 27 fb 77 f7 05 60 84 5a
c9 91 a8 c1 1d 86 16 e2 b0 43 3f f5 64 2c 30 1a 91 02 03 40
73 49 b9 83 2f 22 36 b5 33 b2 3a 43 35 69 dc 08 f6 78 05 ba
c2 b2 d7 a9 56 34 7b b0 58 2c 16 9c 0d ce 3f e1 cb 21 95 6c
31 d7 71 54 fe b3 f8 5d c0 7d 50 36 7d 28 16 55 11 61 ec db
f0 d2 db 9c 77 ed f2 93 8a 58 d9 66 88 9f 62 c7 2f b3 78 10
db e0 de a9 93 54 a7 e1 48 af b5 e7 97 ed 40 b5
signature verifies
56 d3 f7 95 14 3d 3b 6b 3a 63 f7 43 70 b1 f8 c5 85 6a 97 34
ad 96 b8 a1 ef b5 86 67 7a f4 ac 19
policy data hash matches policy hash
> Are you in a UEFI environment?
No.
>
> You'll have to do something like the following:
> #echo GRUB_TBOOT_POLICY_DATA="list.data" > /etc/default/grub-tboot
>
> In order to have grub actually verify the LCP. You also need to modify your
> grub-mkconfig file for the GRUB_CMDLINE_TBOOT option to add "extpol=sha256".
> Then you have to run "grub2-mkconfig -o /boot/grub2/grub.cfg" to re-generate
> your grub.cfg file with the changes.
>
> My relevant line is the following:
> # Command line for tboot itself
> : ${GRUB_CMDLINE_TBOOT='logging=serial,memory extpol=sha256'}
>
Already have necessary grub configuration.
> The vga/video logging option didn't work for me, but is sometimes in the
> default options. The grub-mkconfig that I have will strip that option out of
> a UEFI boot if it's there.
>
> >The current lcp2_crtpol requires the signing algorithm, for which I supply
> >0x8 (RSA 2048, SHA256). I get the following for listing the created policy
> >file
> >
> ># lcp2_crtpol --show list.pol
> >policy file: list.pol
> > version: 0x300
> > hash_alg: sha256
> > policy_type: list
> > sinit_min_version: 0x0
> > data_revocation_counters: 0, 0, 0, 0, 0, 0, 0, 0,
> > policy_control: 0x0
> > max_sinit_min_ver: 0x0
> > max_biosac_min_ver: 0x0
> > lcp_hash_alg_mask: 0x8
> > lcp_sign_alg_mask: 0x8
> > aux_hash_alg_mask: 0x8
> > policy_hash: ff 0d 04 10 6d 45 3e e0 98 01 44 b3 65 f2 51 7e 1b 41 1c 50
> >2c e3 9e d9 64 c4 8b 22 ff 66 fd c0
> >
> >However, the parse of policy data file itself fails as seen below
> >
> ># lcp2_crtpol --show list.data
> >Error: invalid policy version: 0x6e49
> >
> >policy data file: list.data
> > file_signature: Intel(R) TXT LCP_POLICY_DATA
> > num_lists: 1
> > list 0:
> > version: 0x200
> > sig_alg: unknown (16)
> > policy_elements_size: 0x32 (50)
> > policy_element[0]:
> > size: 0x32 (50)
> > type: 'mle' (16)
> > policy_elt_control: 0x00000000
> > data:
> > sinit_min_version: 0x0
> > hash_alg: sha256
> > num_hashes: 1
> > hashes[0]: f8 c0 05 ec 6c 32 53 48 54 52 47 25 3a 0d c6 4a
> > 03 32 3c 13
> >0e c1 86 ca 33 3b c1 f6 9d 48 04 b3
> >I also did the signing with a 2048 bit RSA key, however the lcp2_crtpol
> >always shows an invalid policy version.
>
> I've never used the --show option, but it appears it has user-unfriendly
> output. You can pass a policy and policy data or just policy data. If you
> pass just policy data, it can't distinguish between the two and tries to
> process it as a policy first. This fails and gives your error. It then
> processes the file as policy data because processing it as a policy failed.
> So your "invalid policy version" is a red herring. Try passing your policy
> file and your data file and see what the output is.
>
> If you can post at least the data file or both data and policy files, that
> will help us troubleshoot. The main reason is the sig_alg output. The fact
> that it's unknown type isn't surprising (see below about changes needed), but
> that it's printed as decimal 16. That corresponds to TPM_ALG_NULL (0x0010).
> This makes me suspect that you followed the steps in the other thread
> exactly. That was an example of an unsigned policy. This is the reason we
> need you to post the full list of commands you're running to generate
> everything.
Yes, I had tried both signed and unsigned policies. The results were
the same. In txt-stat it complains about "read failed" and later
"write TPM error: 0x18b" and "no policy in TPM NV".
The current lcp data and policy are in attachment.
I have the full txt-stat output here : https://pastebin.com/daVzY6VF
>
> Either way I wouldn't necessarily trust the --show option since I didn't
> touch that code when I updated the lcptools-v2 code and it looks like that
> whole code flow needs updating based on the LCPv3 changes.
>
> >The txt-stat results in this :
> >
> >TBOOT: timeout values: A: 750, B: 2000, C: 75000, D: 750
> >TBOOT: SGX:verify_IA32_se_svn_status is called
> >TBOOT: SGX is not enabled, cpuid.ebx: 0x21cbfbb
> >TBOOT: reading Verified Launch Policy from TPM NV...
> >TBOOT: :70 bytes read
> >TBOOT: :reading failed
> >TBOOT: reading Launch Control Policy from TPM NV...
> >TBOOT: :70 bytes read
> >TBOOT: in unwrap_lcp_policy
> >TBOOT: v2 LCP policy data found
> >TBOOT: :reading failed
> >TBOOT: failed to read policy from TPM NV, using default
> >TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return value
> >= 0000018B
> >TBOOT: Error: write TPM error: 0x18b.
> >The ':reading failed' is coming from tboot/common/policy.c where it does a
> >verify_policy() and it fails. So the problem is indeed with the policy
> >creation. I cannot troubleshoot it further, as the verify_policy() logs
> >itself are not available from txt-stat.
> >
> >Finally, I also tried the lcp-gen2 python tool to generate the policy files.
> >However, it's a bit confusing to use, the file pickup dialogs doesn't work
> >and there is no option to specify commandline for MLE hash etc.
> >
> >Can someone please help with the topic? I'm okay to experiment if anyone has
> >patches to deal with this.
> > Some details on my TPM 2.0 is pasted here : https://pastebin.com/FEdf3ZTQ
> >
> >Regards,
> >Sant
> >
list.data
Description: Binary data
list.pol
Description: Binary data
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ tboot-devel mailing list tboot-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tboot-devel
