Re: [Rats] TPM background for RIV

"Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com> Wed, 26 August 2020 07:07 UTC

Return-Path: <ian.oliver@nokia-bell-labs.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7E283A0937 for <rats@ietfa.amsl.com>; Wed, 26 Aug 2020 00:07:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nokia.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lsdfW4th1HDx for <rats@ietfa.amsl.com>; Wed, 26 Aug 2020 00:07:11 -0700 (PDT)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-eopbgr80122.outbound.protection.outlook.com [40.107.8.122]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 615263A043E for <rats@ietf.org>; Wed, 26 Aug 2020 00:07:11 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UvhgG39KJDvK2GP2vwoeNeDNppI4N1qMtIrnwUPJJsiNSTOG4MUZdKtaMPxnLXS250rF/Y9i8fBXM0kw35eInIyV3Yfbd54vB5T6UTBYkseu9RrArdE69JVPmt9S3ujwFFUTDYKEgYGV7T4kjnCTwgXfNOBDSQURHtDN61Cpv8zw1wVTZkC1zX0ei4PZqOoThDmIXKpS/2vLmllMopjcGRnNHrp6O1ZzzuW0yb458GuaKn97lbT+zNaqc0Nra6PeflAlE8oDDO99PTSaY5HG2u6nb1lrIzr14szWpc6b/h0PuDD4jjJd5+POPXZrL2rWda9AyTu/ZliER+NqY5NJiw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6PcudtOO7e62ckWc6MOaMfMFR7mqyZHHsq+KhWZCVJk=; b=eKLc6mWItJJn1bGG7FbjzuGF2SlrDwlViJy8aHwTvns9wS312TWWiBRHF/VqbwD6/8W4Hg87QE6VhA7dYsFVLogMb0RDeg1yhmJiosKc/q2OAx0aXTTkUeURVd0R7Me83ElHkckv+5vCUybkZjxk8Di4R7nFFTM+qmcHvGk9ZTFZGbpn2z837+fsZgVQwAEZoA44BnXDduilnBs9ZlaD6u5Zo1fa5gqfj7hZC2MRfKtUJxiEb5ej+s3Lx2lgttLO0fwIC85IbAajwyqtfAEj3mxnvU3RGYW2eD+ny/+hmR3Q29h1QkXig1Tc7RdqdgyCDXxK4Loyp07g2VWk/fzJNw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nokia-bell-labs.com; dmarc=pass action=none header.from=nokia-bell-labs.com; dkim=pass header.d=nokia-bell-labs.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nokia.onmicrosoft.com; s=selector1-nokia-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6PcudtOO7e62ckWc6MOaMfMFR7mqyZHHsq+KhWZCVJk=; b=DEj2PyK3upz7C1CyirYbar9wYLeSeMk5YesCOBda2o5SAQLnQ7guaL7gP0JOpCJHzzJoC5B6ceWsZX7aO+Ri4v0Ynj8zgmUOEtSQ5L/ORHpAW7Nd0z4HgmZpAGTHPLjMljL9FGbe1v0qrsWOVUIrQ3kolo3Hr8QDFBozLkEXgL0=
Received: from HE1PR07MB4252.eurprd07.prod.outlook.com (2603:10a6:7:9f::21) by HE1PR0702MB3804.eurprd07.prod.outlook.com (2603:10a6:7:8e::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.10; Wed, 26 Aug 2020 07:07:08 +0000
Received: from HE1PR07MB4252.eurprd07.prod.outlook.com ([fe80::89ef:773:e796:8ddc]) by HE1PR07MB4252.eurprd07.prod.outlook.com ([fe80::89ef:773:e796:8ddc%5]) with mapi id 15.20.3326.018; Wed, 26 Aug 2020 07:07:08 +0000
From: "Oliver, Ian (Nokia - FI/Espoo)" <ian.oliver@nokia-bell-labs.com>
To: Michael Richardson <mcr@sandelman.ca>, Ira McDonald <blueroofmusic@gmail.com>, "rats@ietf.org" <rats@ietf.org>
Thread-Topic: [Rats] TPM background for RIV
Thread-Index: AQHWe0lxKX999NTcYUKITcp5giEHralJ96q0
Date: Wed, 26 Aug 2020 07:07:08 +0000
Message-ID: <HE1PR07MB425261EEB8D1CEFA8EA6C2778F540@HE1PR07MB4252.eurprd07.prod.outlook.com>
References: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com> <CAN40gSuS_5skTXE-g1UpeaqO2Ms-QXSG2Jhs7npXf8MgBV001g@mail.gmail.com>, <19865.1598394565@localhost>
In-Reply-To: <19865.1598394565@localhost>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: sandelman.ca; dkim=none (message not signed) header.d=none;sandelman.ca; dmarc=none action=none header.from=nokia-bell-labs.com;
x-originating-ip: [131.228.2.3]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 8fe541c5-6b7a-4bf5-b9f8-08d8498ea58f
x-ms-traffictypediagnostic: HE1PR0702MB3804:
x-microsoft-antispam-prvs: <HE1PR0702MB38047D5C9D91AA1621CD179F8F540@HE1PR0702MB3804.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9POGyBYqtizsNbQk8ApGpAH18QquLn6e1Lk1R4rOCfmAWiLr1K+57ZKNUR+2PCtHq+oY5X1BfAJT/wW5NDbxC6dH54WNE2pu96ZyKbdmcholDZ7i4EJh+1Z9dMUBCb0TXC2pEQ35slAjBEQA0ylaI8cen3KkyJXSVRpcL3wj9//OqMoPsKtu/1WRkwDvrXBgZlPSnbP8gEQY/QAbJFuRrAm3E4xWjhDKeDCmfR8WCVGpHZEx8fszbGwd0gDvloJigb04kWPO23VkpyM3z48QxQSPn6neWpkNv2uhsDF7UP0rt1IT9GOhGyYrEEzRqO5hgOWTbRmrWSxCRD13sgdvBAMrHAU7QJMqygNBPbALQjA2ZIoecORqobd7q2wCQyPsCmcRrpT8Tjk9at//JUufmA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4252.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(346002)(136003)(366004)(376002)(396003)(66446008)(478600001)(26005)(9686003)(8936002)(83380400001)(33656002)(55016002)(86362001)(8676002)(110136005)(7696005)(71200400001)(64756008)(6506007)(66946007)(52536014)(66476007)(166002)(66556008)(2906002)(53546011)(966005)(5660300002)(186003)(76116006)(316002)(19627405001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: fBXOz8pg1arUJi0G5SiKO8jxOivO/MpqHSAfA360liKjRcIt1w4P4fTW7jJJZjkkHI+7B1L4JN80DvBuRb+JR5CIcrYR+92aFgVhMaWoQtUq5DYSaQf0CsH/AjFWmFbZ5fGeR6UiuRzz8OKaOb6FdOjHL9rMi+36stvKv++frNGLQIz+wZqB6IBc1WkGM5QS2qRe53TLt+G+NlzA8QP1SQJaZUEzrIsirf5kGfuvg9VE7s7va82+BIrh21FuZuW6iMpsT0xSILLWY2W0YBk3NGvJtN+gxlHcmHQ922iDfwMNu4Oa7jwgo9ADDlqKxvyoW9QdRoXEKk7nL7KjF1vaqOEJX0rEMySUMMfhQzB85A02Dj8MnrmKbZscMsbhzdKfkPrimrIYQ/c/L2ktOIP6ibi/AKn+v+HjVHujaKglTZ9miFlX22Y065BlpffpfB6t7g3QXNOgMLDXXpnF0s3jTLLF3fwYQSZpV/mjAGCKO49tx+k4A0TRlO8rMy/TTahF4D8IgBW7CcdUT4xbytP22BCaa2Cqan3wm9Qj0QLEtfUiftccnW9ZsMG1K5MZ8s8exb9Lwf7QWtyKYJLXpYrgJ2FNMQfCWFZ/2FV193RnmEdKI8MHpagVwuzVapJOHgaYGJlcVtrMkhFuB+c9p2SGmw==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB425261EEB8D1CEFA8EA6C2778F540HE1PR07MB4252eurp_"
MIME-Version: 1.0
X-OriginatorOrg: nokia-bell-labs.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4252.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 8fe541c5-6b7a-4bf5-b9f8-08d8498ea58f
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Aug 2020 07:07:08.3999 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5d471751-9675-428d-917b-70f44f9630b0
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: a518qiNsn+bNsAFsYxud1k+Du0oNwpuJuHOt/7M87reMxBWZWpX52GAt1EcZCiMzeZEDc2sGG4x2gg+99VbGnD4dEN5idmIJ3zH9FB0RytI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0702MB3804
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/bC53t-e_75h3E7acnchcV3wBdkg>
Subject: Re: [Rats] TPM background for RIV
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 07:07:14 -0000

Doesn't the TPM 2 standard state PCRs 0 through to 23 with two banks being provided SHA1 and SHA256 (at particular handles 0x4......?)

It is the boot specification - at least for x86 - that states PCRs 0-7 are utilised for specific purposes, ie: CRTM, BIOS, configuration, boot loader, LCP and manufacturer defined.

At least on some of our UEFI machines I see 8, 9 and 10 being used.

11 is the default for Linux IMA and 17 and 18 for Intel DRTM measurements

There are restrictions due to locality, so at least on a PC, PCRS 16 and 23 are available to userland modification.

Ian


--

Dr. Ian Oliver

Cybersecurity Research

Distinguished Member of Technical Staff

Nokia Bell Labs

+358 50 483 6237

________________________________
From: Michael Richardson <mcr@sandelman.ca>
Sent: 26 August 2020 01:29
To: Ira McDonald <blueroofmusic@gmail.com>om>; rats@ietf.org <rats@ietf.org>
Subject: Re: [Rats] TPM background for RIV

Ira McDonald <blueroofmusic@gmail.com> wrote:
    > Small note:  Although you say each TPM has at least 16 PCRs, in fact the
    > TPM 2.0 Mobile Common Profile
    > (2015) only requires the implementation of one SHA-256 bank of 8 PCRs (a
    > SHA-1 bank is prohibited here).
    > That design choice was made to avoid the squabbles over the inconsistent
    > usage of PCR8 through PCR15
    > across various TPM 2.0 profiles.

I just want to understand.
TPM 2 mobile, only requires PCR0-7.  It doesn't forbid PCR8->15 though?
Do devices tend to implement them all?  Or?

So what do the profiles do now?

What is the impact on RIV?

--
]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        |    IoT architect   [
]     mcr@sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [