Re: [Rats] TPM background for RIV
Ira McDonald <blueroofmusic@gmail.com> Tue, 25 August 2020 21:04 UTC
Return-Path: <blueroofmusic@gmail.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8EBA3A0BE7 for <rats@ietfa.amsl.com>; Tue, 25 Aug 2020 14:04:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Level:
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id IEHjI-1gyLpO for <rats@ietfa.amsl.com>; Tue, 25 Aug 2020 14:04:26 -0700 (PDT)
Received: from mail-vs1-xe29.google.com (mail-vs1-xe29.google.com [IPv6:2607:f8b0:4864:20::e29]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EF73B3A0BE0 for <rats@ietf.org>; Tue, 25 Aug 2020 14:04:25 -0700 (PDT)
Received: by mail-vs1-xe29.google.com with SMTP id u131so137583vsu.11 for <rats@ietf.org>; Tue, 25 Aug 2020 14:04:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=zYnpvehfrc1pbFm2lZWfKRd5Or8MFVH0ei1CZfFUEzc=; b=L1OTfdjTTR52Vp8rpSjlSbX7ugbDoZZ6k46Qkz8y+jsJ1kF+6Yxi9cvBhbbftr1U+n tRVN0R3JH3nhXejKDgL4Cq/8dKevzIyMIWs17RUCO09RerysHAff0p4JFQKTFfHDzmHG IpDmfhkIY5FfM+LEGpV4Wrms/jFwGMLNFRWqL1c+Oo2kEBT3i4mQbYCgE1wnIFIRHatr z3IpJDsCdi8R3Qi3O5OOyjP9pSYLaPrkiFUm+DJ7QZr/t+fdra8/QKU4E2yQQ2cIR+G7 vIv1O5R+INqMVx3ox9kiwd4uKlkj7DRRHmeJ4hYRnFGfeg2TzUodGcdrXmngQ80l86wH GKzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=zYnpvehfrc1pbFm2lZWfKRd5Or8MFVH0ei1CZfFUEzc=; b=mvBFX3qVqU857UaU+e8ed7jNlxocp3nVf+Wy42Bfraa4ssoSGXLFRejOC+Zc/ygXUd ZMSzrxSoI7NHb+HNb5+nVVFVGEgTYP8Ced+reM0R/UjTynzqo+DUbQZJ5BiBu+HDsQa3 g59ToUhrzKrQ8eiM/SxMX8zxiDddnV+zWPZbHhr2jffnXN4kmrYg7jCJyRHOpv4Lc/yN XVH+s/0KCMQHOXWPUHRX858xmU/1v1MrnhxrgYO6xiiW2ZwTm96UwvrlYTlGFZuA0vQM Y5C2kCY9PIdVvwZ36HOputX46h25hmz6k/C/vjyb/hvi4UMGI8idlcQ3Id2zlZ1pqfp2 TGzw==
X-Gm-Message-State: AOAM531+R85Cc5q32XWSQMgdetpvYaasQdRvlyxiRyVNheNBPdtZs+nx 4IpDDC6qdiH5CHipYbfTTySlnRxwpIcyaa5iCw8=
X-Google-Smtp-Source: ABdhPJxOpYHgCW0pk1KmZ0hyDvR+ww+gvVMDFUPgbVHWRv1EWdUZdpardcJViRsw1if3N4lL0c5ee2vQNhR8RM8z584=
X-Received: by 2002:a67:ea56:: with SMTP id r22mr6941667vso.29.1598389464959; Tue, 25 Aug 2020 14:04:24 -0700 (PDT)
MIME-Version: 1.0
References: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com>
In-Reply-To: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com>
From: Ira McDonald <blueroofmusic@gmail.com>
Date: Tue, 25 Aug 2020 17:04:07 -0400
Message-ID: <CAN40gSuS_5skTXE-g1UpeaqO2Ms-QXSG2Jhs7npXf8MgBV001g@mail.gmail.com>
To: Guy Fedorkow <gfedorkow=40juniper.net@dmarc.ietf.org>, Ira McDonald <blueroofmusic@gmail.com>
Cc: "rats@ietf.org" <rats@ietf.org>, "Jessica Fitzgerald-McKay (jmfmckay@gmail.com)" <jmfmckay@gmail.com>, "Eric Voit (evoit)" <evoit@cisco.com>
Content-Type: multipart/alternative; boundary="000000000000458de505adba0c21"
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/4aot9huiJ_CI5izBy4-aCWmcONk>
Subject: Re: [Rats] TPM background for RIV
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2020 21:04:29 -0000
Hi Guy, Thanks for this excellent proposed text. Small note: Although you say each TPM has at least 16 PCRs, in fact the TPM 2.0 Mobile Common Profile (2015) only requires the implementation of one SHA-256 bank of 8 PCRs (a SHA-1 bank is prohibited here). That design choice was made to avoid the squabbles over the inconsistent usage of PCR8 through PCR15 across various TPM 2.0 profiles. Cheers, - Ira (editor of TPM 2.0 Mobile Common Profile) *Ira McDonald (Musician / Software Architect)Co-Chair - TCG Trusted Mobility Solutions WG* *Co-Chair - TCG Metadata Access Protocol SG* *Chair - Linux Foundation Open Printing WGSecretary - IEEE-ISTO Printer Working GroupCo-Chair - IEEE-ISTO PWG Internet Printing Protocol WGIETF Designated Expert - IPP & Printer MIBBlue Roof Music / High North Inchttp://sites.google.com/site/blueroofmusic <http://sites.google.com/site/blueroofmusic>http://sites.google.com/site/highnorthinc <http://sites.google.com/site/highnorthinc>mailto: blueroofmusic@gmail.com <blueroofmusic@gmail.com>(permanent) PO Box 221 Grand Marais, MI 49839 906-494-2434* On Tue, Aug 25, 2020 at 3:16 PM Guy Fedorkow <gfedorkow= 40juniper.net@dmarc.ietf.org> wrote: > A recent reviewer of the RIV document (that would be a RIViewer) pointed > out that the doc assumes that the fundamental behavior of a TPM for > attestation is already well known by the reader. Of course that may not be > the case. > > Rather than add more tutorial material to be body of the document, I’d > like to suggest adding the following subsection to the existing appendices, > with cross references in a couple places in the doc. > > Let me know if this looks like it would be helpful to new readers. > > Thanks > > /guy > > > > > > > > *Appendix > > > > **Using a TPM for Attestation > > > > The Trusted Platform Module and surrounding ecosystem provide three > interlocking capabilities to enable secure collection of evidence from a > remote device, Platform Configuration Registers (PCRs), a Quote mechanism, > and a standardized Event Log. > > > > Each TPM has at least sixteen PCRs, each one large enough to hold one > hash value (SHA-1, SHA-256, and other algorithms can be used for this > hashing depending on TPM version). PCRs can’t be accessed directly from > outside the chip, but the TPM interface provides a way to “extend” a new > security measurement hash into any PCR, a process by which the existing > value in the PCR is hashed with the new security measurement hash, and the > result placed back into the same PCR. The result is a composite > fingerprint of all the security measurements extended into each PCR since > the system was reset. > > > > Every time a PCR is extended, an entry should be added to the > corresponding Event Log. Logs contain the security measurement hash plus > informative fields offering hints as to what event it was that generated > the security measurement. The Event Log itself is protected against > accidental manipulation, but it is implicitly tamper-evident – any > verification process can read the security measurement hash from the log > events, compute the composite value and compare that to what ended up in > the PCR. If there’s a discrepancy, the logs do not provide an accurate > view of what was placed into the PCR. > > > > The TPM provides another mechanism called a Quote that can read the > current value of the PCRs and package them into a data structure signed by > an Attestation Key (which is private key that is known only to the TPM). > > > > The Verifier uses the Quote and Log together. The Quote, containing the > composite hash of the complete sequence of security measurement hashes, is > used to verify the integrity of the Event Log. Each hash in the validated > Quote can then be compared to corresponding expected values in the set of > Reference Integrity Measurements to validate overall system integrity. > > > > Information about PCRs and Quotes can be found in {{TPM1.2}} and > {{TPM2.0}}. Although there are several log formats, an example can be > found in {{XX}} > > > > Juniper Business Use Only > _______________________________________________ > RATS mailing list > RATS@ietf.org > https://www.ietf.org/mailman/listinfo/rats >
- Re: [Rats] TPM background for RIV Ira McDonald
- Re: [Rats] TPM background for RIV Ira McDonald
- Re: [Rats] TPM background for RIV Michael Richardson
- [Rats] TPM background for RIV Guy Fedorkow
- Re: [Rats] TPM background for RIV Dave Thaler
- Re: [Rats] TPM background for RIV Kathleen Moriarty
- Re: [Rats] TPM background for RIV Ira McDonald
- Re: [Rats] TPM background for RIV Michael Richardson
- Re: [Rats] TPM background for RIV Ira McDonald
- Re: [Rats] TPM background for RIV Oliver, Ian (Nokia - FI/Espoo)
- Re: [Rats] TPM background for RIV Guy Fedorkow
- Re: [Rats] TPM background for RIV Michael Richardson
- Re: [Rats] TPM background for RIV Guy Fedorkow