On Sat, Jul 21, 2018 at 6:54 PM, Sant Y <satish.va...@gmail.com> wrote:
> On Fri, Jul 20, 2018 at 6:06 PM, <travis.gilb...@dell.com> wrote:
>>
>> >From: Sant Y [mailto:satish.va...@gmail.com]
>> >Sent: Friday, July 20, 2018 05:03
>> >To: tboot-devel@lists.sourceforge.net
>> >Subject: [tboot-devel] Fwd: TXT/TPM 2.0 and tboot Launch control policy
>> >
>> >Hello tboot devs!
>> >
>> >I wish to revive this old discussion, on generating LCP for TPM2. There 
>> >were at least 2 threads I found in this list, however none of them seem to 
>> >have anything conclusive.
>> >
>> >A tboot with the default policies are working, however, for a policy with 
>> >MLE it fails.
>> >
>> >For writing to the NV index I use the tpm2-tss tools.
>> >As for tboot, I use the current sources from the development branch, 
>> >compiled and installed. I follow the steps mostly like in this discussion : 
>> >https://sourceforge.net/p/tboot/mailman/message/35942299/
>>
>> Please post the exact commands you're using.
>>
>
> # Done once
> nv_index="0x1400001"
> tpm2_takeownership -o new -e new -l new
> tpm2_nvdefine -x $nv_index -a 0x40000001 -s 70 -t 0x204000A -P new
>
> # Policy creation
> lcp2_mlehash --verbose --create --alg sha256 --cmdline
> "logging=serial,memory,vga extpol=sha256" /boot/tboot.gz >mle_hash
> lcp2_crtpolelt --verbose --create --type mle --alg sha256 --ctrl 0x00
> --minver 0 --out tbootmle.elt mle_hash
> lcp2_crtpollist --verbose --create --out list_unsig.lst tbootmle.elt
> # The sign command "--out" option is a bit confusing, as it expects a
> policy list file here, which must be more like --in file.
> # and should output the signed file as a newly created file.
> lcp2_crtpollist --sign --sigalg rsa --pub pubkey.pem --priv
> privkey.pem --out list_unsig.lst
> lcp2_crtpol --verbose --create --type list --pol list.pol --alg sha256
>  --data list.data --sign 0x8 list_unsig.lst
>
> tpm2_nvwrite -x $nv_index -a 0x40000001 -P new list.pol
> cp -f list.data /boot
> grub2-mkconfig -o /boot/grub2/grub.cfg
>
> With both policy and data supplied, the show output now looks like
> this. Note that I had attempted both signed and unsigned policy
> before, the tboot behaved the same (read failed)
> # lcp2_crtpol --show list.pol list.data
> policy file: list.pol
>      version: 0x300
>      hash_alg: sha256
>      policy_type: list
>      sinit_min_version: 0x0
>      data_revocation_counters: 0, 0, 0, 0, 0, 0, 0, 0,
>      policy_control: 0x0
>      max_sinit_min_ver: 0x0
>      max_biosac_min_ver: 0x0
>      lcp_hash_alg_mask: 0x8
>      lcp_sign_alg_mask: 0x8
>      aux_hash_alg_mask: 0x8
>      policy_hash: 56 d3 f7 95 14 3d 3b 6b 3a 63 f7 43 70 b1 f8 c5 85 6a 97 34
> ad 96 b8 a1 ef b5 86 67 7a f4 ac 19
>
> policy data file: list.data
>      file_signature: Intel(R) TXT LCP_POLICY_DATA
>      num_lists: 1
>      list 0:
>          version: 0x200
>          sig_alg: rsa
>          policy_elements_size: 0x32 (50)
>          policy_element[0]:
>              size: 0x32 (50)
>              type: 'mle' (16)
>              policy_elt_control: 0x00000000
>              data:
>                  sinit_min_version: 0x0
>                  hash_alg: sha256
>                  num_hashes: 1
>                  hashes[0]: f8 c0 05 ec 6c 32 53 48 54 52 47 25 3a 0d
> c6 4a 03 32 3c 13
> 0e c1 86 ca 33 3b c1 f6 9d 48 04 b3
>          signature:
>              revocation_counter: 0x0 (0)
>              pubkey_size: 0x100 (256)
>              pubkey_value:
>                 37 72 de dd ca 4e cd f8 65 14 ab 21 2d b1 2b 36 8f e5 4a d1
>                 b7 e7 89 76 ab a2 75 c4 ce 32 29 f6 5e a6 47 33 02 0b 2f 73
>                 d0 12 34 3a ff c3 7f 65 f4 16 27 c1 cb 64 9a 4d 4b d9 10 5e
>                 18 1a 23 09 18 44 b0 08 6d 97 96 cd 41 2e 13 e9 7f 32 4a 0a
>                 54 73 79 9a 85 d1 15 73 5f 0f 9e 97 3f 37 41 0d 1b 36 16 8c
>                 b2 e4 e1 7c 67 c8 61 39 5b d9 5d b7 b3 f2 6b 42 3a 9b 7c 8c
>                 52 01 57 d2 4c 6a 9d db c0 48 29 8b 5f 62 9d c5 88 4e 54 40
>                 88 26 cc 9b 51 57 7f 7a 86 ae 3b d7 cc 1f 4f a5 b5 aa 12 70
>                 09 d8 f0 0a 5e 35 e8 d9 5f 81 5e b2 b6 2e 90 a7 81 ca 73 81
>                 47 67 2f ce c2 2b d1 a9 4e d6 6e 05 d9 17 41 8a 92 d6 a6 5e
>                 99 50 82 14 92 f1 ef c6 c7 02 2f bc eb bb 3f 75 ce 5d 76 5a
>                 09 52 c6 73 ce 98 24 48 1f f0 9b 8e aa 54 2c 96 9e 98 6d bb
>                 ad e0 a5 ed 7e 84 12 b8 41 c8 77 3b 48 62 f1 d2
>              sig_block:
>                 b2 a2 0b b8 69 9e 55 d1 b7 48 bd e0 2d 98 f9 f3 06 05 74 70
>                 7e 29 49 de 9c 99 7c b1 64 4b 94 81 90 0e 32 5e 9c 20 13 d6
>                 1b 7f b9 3d 55 70 39 f0 f4 5a 66 24 c4 4b f3 ed e2 7d 17 49
>                 35 8e 93 f6 e9 09 c1 98 91 37 88 3c b8 d3 80 8c b5 ce 06 3e
>                 4e 91 6a e0 a9 d7 fc 0e 6f 93 bc e1 2e af 68 82 9b 11 79 3d
>                 08 f4 fe 75 ce 2c 2e 71 5d 85 d3 e7 3b d3 ca c6 20 8e 07 61
>                 b8 53 e8 43 1a d2 e1 b7 d6 92 09 f0 27 fb 77 f7 05 60 84 5a
>                 c9 91 a8 c1 1d 86 16 e2 b0 43 3f f5 64 2c 30 1a 91 02 03 40
>                 73 49 b9 83 2f 22 36 b5 33 b2 3a 43 35 69 dc 08 f6 78 05 ba
>                 c2 b2 d7 a9 56 34 7b b0 58 2c 16 9c 0d ce 3f e1 cb 21 95 6c
>                 31 d7 71 54 fe b3 f8 5d c0 7d 50 36 7d 28 16 55 11 61 ec db
>                 f0 d2 db 9c 77 ed f2 93 8a 58 d9 66 88 9f 62 c7 2f b3 78 10
>                 db e0 de a9 93 54 a7 e1 48 af b5 e7 97 ed 40 b5
>          signature verifies
> 56 d3 f7 95 14 3d 3b 6b 3a 63 f7 43 70 b1 f8 c5 85 6a 97 34
> ad 96 b8 a1 ef b5 86 67 7a f4 ac 19
>
> policy data hash matches policy hash
>
>
>> Are you in a UEFI environment?
> No.
>
>>
>> You'll have to do something like the following:
>> #echo GRUB_TBOOT_POLICY_DATA="list.data" > /etc/default/grub-tboot
>>
>> In order to have grub actually verify the LCP. You also need to modify your 
>> grub-mkconfig file for the GRUB_CMDLINE_TBOOT option to add "extpol=sha256". 
>> Then you have to run "grub2-mkconfig -o /boot/grub2/grub.cfg" to re-generate 
>> your grub.cfg file with the changes.
>>
>> My relevant line is the following:
>> # Command line for tboot itself
>> : ${GRUB_CMDLINE_TBOOT='logging=serial,memory extpol=sha256'}
>>
>
> Already have necessary grub configuration.
>
>> The vga/video logging option didn't work for me, but is sometimes in the 
>> default options. The grub-mkconfig that I have will strip that option out of 
>> a UEFI boot if it's there.
>>
>> >The current lcp2_crtpol requires the signing algorithm, for which I supply 
>> >0x8 (RSA 2048, SHA256). I get the following for listing the created policy 
>> >file
>> >
>> ># lcp2_crtpol --show list.pol
>> >policy file: list.pol
>> >     version: 0x300
>> >     hash_alg: sha256
>> >     policy_type: list
>> >     sinit_min_version: 0x0
>> >     data_revocation_counters: 0, 0, 0, 0, 0, 0, 0, 0,
>> >     policy_control: 0x0
>> >     max_sinit_min_ver: 0x0
>> >     max_biosac_min_ver: 0x0
>> >     lcp_hash_alg_mask: 0x8
>> >     lcp_sign_alg_mask: 0x8
>> >     aux_hash_alg_mask: 0x8
>> >     policy_hash: ff 0d 04 10 6d 45 3e e0 98 01 44 b3 65 f2 51 7e 1b 41 1c 
>> > 50
>> >2c e3 9e d9 64 c4 8b 22 ff 66 fd c0
>> >
>> >However, the parse of policy data file itself fails as seen below
>> >
>> ># lcp2_crtpol --show list.data
>> >Error: invalid policy version: 0x6e49
>> >
>> >policy data file: list.data
>> >     file_signature: Intel(R) TXT LCP_POLICY_DATA
>> >     num_lists: 1
>> >     list 0:
>> >         version: 0x200
>> >         sig_alg: unknown (16)
>> >         policy_elements_size: 0x32 (50)
>> >         policy_element[0]:
>> >             size: 0x32 (50)
>> >             type: 'mle' (16)
>> >             policy_elt_control: 0x00000000
>> >             data:
>> >                 sinit_min_version: 0x0
>> >                 hash_alg: sha256
>> >                 num_hashes: 1
>> >                 hashes[0]: f8 c0 05 ec 6c 32 53 48 54 52 47 25 3a 0d c6 4a 
>> > 03 32 3c 13
>> >0e c1 86 ca 33 3b c1 f6 9d 48 04 b3
>> >I also did the signing with a 2048 bit RSA key, however the lcp2_crtpol 
>> >always shows an invalid policy version.
>>
>> I've never used the --show option, but it appears it has user-unfriendly 
>> output. You can pass a policy and policy data or just policy data. If you 
>> pass just policy data, it can't distinguish between the two and tries to 
>> process it as a policy first. This fails and gives your error. It then 
>> processes the file as policy data because processing it as a policy failed. 
>> So your "invalid policy version" is a red herring. Try passing your policy 
>> file and your data file and see what the output is.
>>
>> If you can post at least the data file or both data and policy files, that 
>> will help us troubleshoot. The main reason is the sig_alg output. The fact 
>> that it's unknown type isn't surprising (see below about changes needed), 
>> but that it's printed as decimal 16. That corresponds to TPM_ALG_NULL 
>> (0x0010). This makes me suspect that you followed the steps in the other 
>> thread exactly. That was an example of an unsigned policy. This is the 
>> reason we need you to post the full list of commands you're running to 
>> generate everything.
>
> Yes, I had tried both signed and unsigned policies. The results were
> the same. In txt-stat it complains about "read failed" and later
> "write TPM error: 0x18b" and "no policy in TPM NV".
> The current lcp data and policy are in attachment.
> I have the full txt-stat output here : https://pastebin.com/daVzY6VF
>
>>
>> Either way I wouldn't necessarily trust the --show option since I didn't 
>> touch that code when I updated the lcptools-v2 code and it looks like that 
>> whole code flow needs updating based on the LCPv3 changes.
>>
>> >The txt-stat results in this :
>> >
>> >TBOOT:   timeout values: A: 750, B: 2000, C: 75000, D: 750
>> >TBOOT: SGX:verify_IA32_se_svn_status is called
>> >TBOOT: SGX is not enabled, cpuid.ebx: 0x21cbfbb
>> >TBOOT: reading Verified Launch Policy from TPM NV...
>> >TBOOT:  :70 bytes read
>> >TBOOT:  :reading failed
>> >TBOOT: reading Launch Control Policy from TPM NV...
>> >TBOOT:  :70 bytes read
>> >TBOOT: in unwrap_lcp_policy
>> >TBOOT: v2 LCP policy data found
>> >TBOOT:  :reading failed
>> >TBOOT: failed to read policy from TPM NV, using default
>> >TBOOT: TPM: write NV 01200002, offset 00000000, 00000004 bytes, return 
>> >value = 0000018B
>> >TBOOT: Error: write TPM error: 0x18b.
>> >The ':reading failed' is coming from tboot/common/policy.c where it does a 
>> >verify_policy() and it fails. So the problem is indeed with the policy 
>> >creation. I cannot troubleshoot it further, as the verify_policy() logs 
>> >itself are not available from txt-stat.
>> >
>> >Finally, I also tried the lcp-gen2 python tool to generate the policy 
>> >files. However, it's a bit confusing to use, the file pickup dialogs 
>> >doesn't work and there is no option to specify commandline for MLE hash etc.
>> >
>> >Can someone please help with the topic? I'm okay to experiment if anyone 
>> >has patches to deal with this.
>> > Some details on my TPM 2.0 is pasted here : https://pastebin.com/FEdf3ZTQ
>> >
>> >Regards,
>> >Sant
>> >

Could someone help with this? If anyone has patches, I'll be happy to
experiment with.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
tboot-devel mailing list
tboot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tboot-devel

Reply via email to