Re: [Rats] TPM background for RIV

Dave Thaler <dthaler@microsoft.com> Tue, 25 August 2020 20:52 UTC

Return-Path: <dthaler@microsoft.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4BD13A0BF1 for <rats@ietfa.amsl.com>; Tue, 25 Aug 2020 13:52:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.201
X-Spam-Level:
X-Spam-Status: No, score=-0.201 tagged_above=-999 required=5 tests=[DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PnI1vEIP1Hk for <rats@ietfa.amsl.com>; Tue, 25 Aug 2020 13:52:19 -0700 (PDT)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11on2130.outbound.protection.outlook.com [40.107.223.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 030533A0BAD for <rats@ietf.org>; Tue, 25 Aug 2020 13:52:19 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lh5BrZLtwbMjgXUNZyM/cbALq9xJG9mFM4sltNpWubI/NCM6IJr3cuE0vvvenahktFBJxMqXDu44Y8O9VKG8cCoLlxWclCwFUMRpoEyb4x/uEc/YTECat5aMQ1Y2WjDaG5aEQRfrM2pppkAbX2Y27pUYZq58jjvNAVOJjOeHAg7cUQH+yzXcT4u5ObS/d6t3wTXx2mh/XpdGMcC2riY4oMB02dw6hxG80UzS7E7vm9+MfSnLIDxTqMkOtCW4iEHMSED2Yga+asc5HHvKllr/R4JfVsV0jnvJdPAS0pPp8hB539GTxS5p+LvIYoNKV7QaMK0b8DUUQhfJKEfcx4cPRg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cRSluWxM0aCDRyo/8XHRtKiPMH8GJhY9yKWyzE0TQJg=; b=kPX9c5Rxp0y8ir7YpK/dtr+L0BJybZAsLtyOytBMQQI2x6bLn/1Cj7VGdf0s4q57uL/Ofr/oAoBoSpFm3bVF71fD2z2LFEbuFTDQ3deiJTO1VaS0dxEayB1XRm7sT85PrsWMdUaB2DiWOVu9aTiHUOM1wqTyOVmdXQB4fWPX4xzU/15ZYR27FJy/X8V6zaKVjOk2uSYYAz8wHDcogGZEiEKGE4F5qZfahBONFVvmT3z0Fzb9co6AdcGi7mfS/KgRSZQOKDDzlviBSQaJZpi7iee/QGwLh1HBaCVp8xhRhAk3ZcNJZ9bCToHffO3HeGRiFNib6T2Eq1go8EWK27Hlvg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=cRSluWxM0aCDRyo/8XHRtKiPMH8GJhY9yKWyzE0TQJg=; b=ACuVyWQYiwIoYF5lDpqpUujDYj+DFTZWfQF0qg2PVK2gKIvv1bTOl2IU+VYT+1S7P/MOqp+utvk4KSA60OD4B4yGF8J9iVsZXN1xlZzyqnRtqNv2XA/HlpFvktSEX8RwePi57//QZFFK4Q22Hy7dZ7PRac3HL9p5ml3H7UiTobg=
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com (2603:10b6:207:30::33) by BL0PR2101MB0931.namprd21.prod.outlook.com (2603:10b6:207:30::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3326.5; Tue, 25 Aug 2020 20:52:15 +0000
Received: from BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::38e4:fb96:4484:251c]) by BL0PR2101MB1027.namprd21.prod.outlook.com ([fe80::38e4:fb96:4484:251c%9]) with mapi id 15.20.3326.019; Tue, 25 Aug 2020 20:52:15 +0000
From: Dave Thaler <dthaler@microsoft.com>
To: Guy Fedorkow <gfedorkow=40juniper.net@dmarc.ietf.org>, "rats@ietf.org" <rats@ietf.org>
CC: "Jessica Fitzgerald-McKay (jmfmckay@gmail.com)" <jmfmckay@gmail.com>, "Eric Voit (evoit)" <evoit@cisco.com>
Thread-Topic: TPM background for RIV
Thread-Index: AdZ7FCxmPJt+FRfUTmKTg8duYuoerAADV2Fg
Date: Tue, 25 Aug 2020 20:52:15 +0000
Message-ID: <BL0PR2101MB1027C26AA6CA901A4CAE5F43A3570@BL0PR2101MB1027.namprd21.prod.outlook.com>
References: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com>
In-Reply-To: <DM6PR05MB6889971FB32A359EFFF85D21BA570@DM6PR05MB6889.namprd05.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Enabled=true; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SetDate=2020-08-25T19:16:03Z; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Method=Standard; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_Name=0633b888-ae0d-4341-a75f-06e04137d755; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_SiteId=bea78b3c-4cdb-4130-854a-1d193232e5f4; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ActionId=47b39a74-6a0b-4d3a-a050-9f0eb7851dce; MSIP_Label_0633b888-ae0d-4341-a75f-06e04137d755_ContentBits=2; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-08-25T20:52:14Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=c834a13c-8d4c-4750-9d29-267c3cb31afb; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [2601:600:9780:16f0:f414:8582:a91e:5486]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 889bfc57-7399-464a-ffa4-08d84938bfd3
x-ms-traffictypediagnostic: BL0PR2101MB0931:
x-microsoft-antispam-prvs: <BL0PR2101MB0931607A7E0BCDD25C0A38F2A3570@BL0PR2101MB0931.namprd21.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: lixTYCnbd+EN3hIaITzITHA1V4ibmzoN0Ya/Sft22uYUIv0/cnoenzFC6T0/9yVUMJH7nN3V6P5C1gFi8kD4CTxVf3LXv/pWkTDbrf8rBuwwwh4Fru8Xy5TwIREfjQTWVN1u8pBh0/biux9EziyQV9m4UDVoKAtEK+tjJ0DctHIxiNuDGtpkwSvzNEN7Z9KwLjaUkF7CaqFuvB8f51hv3nNm6s1oqFbV0XClXhZipXi1SnYIiHule5QEt9rSy+JCPBBFydNm8y2y7LGP/dlnu6kjMvXcEM1ZpIkrEW+OHFiJ+pt6KbJcIR3fp6SyKCjAXFb426jI5PTGgT6Qz/pdYA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR2101MB1027.namprd21.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39860400002)(366004)(136003)(396003)(376002)(66556008)(10290500003)(82950400001)(8936002)(6506007)(71200400001)(52536014)(5660300002)(55016002)(53546011)(9686003)(8676002)(7696005)(478600001)(54906003)(64756008)(76116006)(66946007)(186003)(66446008)(33656002)(82960400001)(316002)(66476007)(86362001)(2906002)(83380400001)(110136005)(8990500004)(4326008)(3480700007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: NFl1iJ8TDeZkkFPIO4XhMs7riiSpjPXVX1G8n0x/ki6uqZh/+yxVu6oUrz5Y9GayFr270Pr2kzDybR1b53mhBunqqNgitXcwBHawRGCz0pdDKPg3zyZkKK5GIiRhtazNPttOK/sfWq3YvpfAFmhpyNFVjnVVKnTP6DQxuBB5Zl896PyV3z0FEFBHPw/mPBkq5f/rxpUnUnnXywh270z6FtcMp3+yhoff5qt9y4WiQUHJ7FsmLZ6puNOf6esTR4QxNStaTYHtOWDIEO+QhQdj18PKqkE+o57M4g2K6YLkaBjN/KUFxMREDA74ZGMdpM8+rDyvEsSOe+GBq3urv7Jhsx1qTBAQYi+OHVU7Q2iLfb+vwKMu8sCUp7nvACCXYd0pjQa3yNJgPJrECdRUgBsBGiHJXUefKfJMwO6NRX1g1aIIgPMzR/fqKBPkNQ4KJUKp8RdzZWeCEtkcKZAxJueTOHXeOvAq9rriSyEV0ZYhWPrkJWG7G7eqyX7fzBIaJ+bluU3avYUPLAmfXrHk85la/UYUVGHZA9UxnSEZPmbe/3+CUsikGOOlgOh0i1MeT7pXkix5HwOqQ/6+Qbz6grkGL5srUoT3VOHgptGKb4KJnjiOv560V9M5Dhx/kunyP0ZToSDJ3z1nfnc+qEUKSkYA1KHF6E0jvdM6KafwnMb5Iq2NUI8HyYaiQvfb9yM3GL3hTimvbp4MjCbzCzc0R+V7/Q==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BL0PR2101MB1027C26AA6CA901A4CAE5F43A3570BL0PR2101MB1027_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR2101MB1027.namprd21.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 889bfc57-7399-464a-ffa4-08d84938bfd3
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Aug 2020 20:52:15.6824 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: LXVWEnhPo9xzZf9CIv9YoVtwTAKSXJnYe2XmbZsBqVXY8hrJ9ru7t6xUIWUl8FoT0+6qwMxwQ95cIlmVd4rgbnaa4X1zG01+3rkBNtuiERQ=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR2101MB0931
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/LQwfg2a2Y9nK2ediiwbyOp5Tp0Y>
Subject: Re: [Rats] TPM background for RIV
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 25 Aug 2020 20:52:27 -0000

That looks like a great improvement to me.

Dave

From: RATS <rats-bounces@ietf.org> On Behalf Of Guy Fedorkow
Sent: Tuesday, August 25, 2020 12:16 PM
To: rats@ietf.org
Cc: Jessica Fitzgerald-McKay (jmfmckay@gmail.com) <jmfmckay@gmail.com>om>; Eric Voit (evoit) <evoit@cisco.com>
Subject: [Rats] TPM background for RIV

A recent reviewer of the RIV document (that would be a RIViewer) pointed out that the doc assumes that the fundamental behavior of a TPM for attestation is already well known by the reader.  Of course that may not be the case.
  Rather than add more tutorial material to be body of the document, I'd like to suggest adding the following subsection to the existing appendices, with cross references in a couple places in the doc.
  Let me know if this looks like it would be helpful to new readers.
  Thanks
/guy



*Appendix

**Using a TPM for Attestation

  The Trusted Platform Module and surrounding ecosystem provide three interlocking capabilities to enable secure collection of evidence from a remote device, Platform Configuration Registers (PCRs), a Quote mechanism, and a standardized Event Log.

  Each TPM has at least sixteen PCRs, each one large enough to hold one hash value (SHA-1, SHA-256, and other algorithms can be used for this hashing depending on TPM version).  PCRs can't be accessed directly from outside the chip, but the TPM interface provides a way to "extend" a new security measurement hash into any PCR, a process by which the existing value in the PCR is hashed with the new security measurement hash, and the result placed back into the same PCR.  The result is a composite fingerprint of all the security measurements extended into each PCR since the system was reset.

  Every time a PCR is extended, an entry should be added to the corresponding Event Log.  Logs contain the security measurement hash plus informative fields offering hints as to what event it was that generated the security measurement.  The Event Log itself is protected against accidental manipulation, but it is implicitly tamper-evident - any verification process can read the security measurement hash from the log events, compute the composite value and compare that to what ended up in the PCR.   If there's a discrepancy, the logs do not provide an accurate view of what was placed into the PCR.

  The TPM provides another mechanism called a Quote that can read the current value of the PCRs and package them into a data structure signed by an Attestation Key (which is private key that is known only to the TPM).

The Verifier uses the Quote and Log together.  The Quote, containing the composite hash of the complete sequence of security measurement hashes, is used to verify the integrity of the Event Log.  Each hash in the validated Quote can then be compared to corresponding expected values in the set of Reference Integrity Measurements to validate overall system integrity.

  Information about PCRs and Quotes can be found in {{TPM1.2}} and {{TPM2.0}}.  Although there are several log formats, an example can be found in {{XX}}



Juniper Business Use Only