RE: One question about trusted key of keyring in Linux kernel.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, James, 

The PCR7 value and PCR7 policy is as below, please review, thanks. 

# tpm2_pcrlist -L sha256:7 -o pcr7_2.sha256
sha256:
  7 : 0x061AAD0705A62361AD18E58B65D3D7383F4D10F7F5A7E78924BE057AC6797408

# tpm2_createpolicy --policy-pcr --pcr-list sha256:7 --policy pcr7_bin.policy > pcr7.policy
321fbd28b60fcc23017d501b133bd5dbf2889814588e8a23510fe10105cb2cc9

# cat pcr7.policy
321fbd28b60fcc23017d501b133bd5dbf2889814588e8a23510fe10105cb2cc9

- Shirley 

-----Original Message-----
From: James Bottomley <jejb@xxxxxxxxxxxxx> 
Sent: Monday, December 2, 2019 2:18 PM
To: Zhao, Shirley <shirley.zhao@xxxxxxxxx>; Mimi Zohar <zohar@xxxxxxxxxxxxx>; Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>; Jonathan Corbet <corbet@xxxxxxx>
Cc: linux-integrity@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx; linux-doc@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; 'Mauro Carvalho Chehab' <mchehab+samsung@xxxxxxxxxx>; Zhu, Bing <bing.zhu@xxxxxxxxx>; Chen, Luhai <luhai.chen@xxxxxxxxx>
Subject: Re: One question about trusted key of keyring in Linux kernel.

On Mon, 2019-12-02 at 05:55 +0000, Zhao, Shirley wrote:
> Thanks for your feedback, James.
> 
> The policy is generated by TPM command, tpm2_createpolicy, it just use 
> the algorithm you mentioned, which is defined in TPM spec.
> I re-attach my test steps as below. 
> Please help check it, is there anything wrong, especially the format 
> of keyctl command.
> 
> Firstly, the pcr policy is generated as below: 
> $ tpm2_createpolicy --policy-pcr --pcr-list sha256:7 --policy 
> pcr7_bin.policy > pcr7.policy

I don't use the Intel TSS, so I can't help you with this command: you need to ask someone who does use it it, like Phil.

> Pcr7.policy is the ascii hex of policy:
> $ cat pcr7.policy
> 321fbd28b60fcc23017d501b133bd5dbf2889814588e8a23510fe10105cb2cc9

You haven't provided enough information.  If you tell me what the pcr7 value you tied the policy to is, I can run it through the IBM TSS policy maker and tell you if this is the correct hash.  But obviously, since it's a hash, I can't reverse it to tell you what the policy it mandates is.

James

> Then generate the trusted key and configure policydigest and get the 
> key ID:
> $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha256 
> policydigest=`cat pcr7.policy`" @u
> 874117045
> 
> Save the trusted key. 
> $ keyctl pipe 874117045 > kmk.blob
> 
> Reboot and load the key. 
> Start a auth session to generate the policy:
> $ tpm2_startauthsession -S session.ctx
> session-handle: 0x3000000
> $ tpm2_pcrlist -L sha256:7 -o pcr7.sha256 $ tpm2_policypcr -S 
> session.ctx -L sha256:7 -F pcr7.sha256 -f pcr7.policy
> policy-digest:
> 0x321FBD28B60FCC23017D501B133BD5DBF2889814588E8A23510FE10105CB2CC9
> 
> Input the policy handle to load trusted key:
> $ keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001 
> policyhandle=0x3000000" @u
> add_key: Operation not permitted
> 
> The error should be policy check failed, because I use TPM command to 
> unseal directly with error of policy check failed.
> $ tpm2_unseal -c 0x81000001 -L sha256:7 ERROR on line: "81" in file: 
> "./lib/log.h": Tss2_Sys_Unseal(0x99D) - tpm:session(1):a policy check 
> failed ERROR on line: "213" in file:
> "tools/tpm2_unseal.c": Unseal failed!
> ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run 
> tpm2_unseal
> 
> - Shirley
> 
> -----Original Message-----
> From: James Bottomley <jejb@xxxxxxxxxxxxx>
> Sent: Monday, December 2, 2019 12:17 PM
> To: Zhao, Shirley <shirley.zhao@xxxxxxxxx>; Mimi Zohar <zohar@linux.i 
> bm.com>; Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>; Jonathan 
> Corbet <corbet@xxxxxxx>
> Cc: linux-integrity@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx; linux- 
> doc@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; 'Mauro Carvalho 
> Chehab' <mchehab+samsung@xxxxxxxxxx>; Zhu, Bing <bing.zhu@xxxxxxxxx>; 
> Chen, Luhai <luhai.chen@xxxxxxxxx>
> Subject: Re: One question about trusted key of keyring in Linux 
> kernel.
> 
> On Mon, 2019-12-02 at 01:44 +0000, Zhao, Shirley wrote:
> > Hi, James,
> > 
> > The value of PCR7 is not changed. I have checked it with TPM command 
> > tpm_pcrlist.
> > 
> > So I think the problem is how to use the option policydigest and 
> > policyhandle? Is there any example?
> > Maybe the format in my command is not correct. 
> 
> OK, so previously you said that using the Intel TSS the policy also 
> failed after a reboot:
> 
> > The error should be policy check failed, because I use TPM command 
> > to unseal directly with error of policy check failed.
> > $ tpm2_unseal -c 0x81000001 -L sha256:7 ERROR on line: "81" in
> > file: 
> > "./lib/log.h": Tss2_Sys_Unseal(0x99D) - tpm:session(1):a policy 
> > check failed ERROR on line: "213" in file: "tools/tpm2_unseal.c": 
> > Unseal failed!
> > ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run 
> > tpm2_unseal
> 
> So this must mean the actual policy hash you constructed was wrong in 
> some way: it didn't correspond simply to a value of pcr7 ... well 
> assuming the -L sha256:7 means construct a policy of the sha256 value 
> of pcr7 and use it in the unseal.
> 
> I can tell you how to construct policies using TPM2 commands, but I 
> think you want to know how to do it using the Intel TSS?  In which 
> case you really need to consult the experts in that TSS, like Phil 
> Tricca.
> 
> For the plain TPM2 case, the policy looks like
> 
> TPM_CC_PolicyPCR || pcrs || pcrDigest
> 
> Where TPM_CC_PolicyPCR = 0000017f and for selecting pcr7 only.  pcrs 
> is a complicated entity: it's a counted array of pcr selections.  For 
> your policy you only need one entry, so it would be 00000001 followed 
> by a single pcrSelection entry.  pcrSelection is the hash algorithm, 
> the size of the selection bitmap (always 3 since every current TPM 
> only has
> 24 PCRs) and a bitmap selecting the PCRs in big endian format, so for
> PCR7 using sha256 (algorithm 000b), pcrSelection = 000b 03 80 00 00. 
> And then you follow this by the hash of the PCR value you're looking 
> for.  The policyhash becomes the initial policy (all zeros for the 
> start of the policy chain) hashed with this.
> 
> Regards,
> 
> James
> 





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux