Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The unsealed secret flows through the TPM interface in clear text #83

Open
jx6f opened this issue Mar 28, 2024 · 4 comments
Open

The unsealed secret flows through the TPM interface in clear text #83

jx6f opened this issue Mar 28, 2024 · 4 comments

Comments

@jx6f
Copy link

jx6f commented Mar 28, 2024

Thank you for sharing your valuable insights.

I read Protecting Secrets At Tpm Interface article and tried the demo script while capturing packets using SWTPM simulator. And then I found that unsealed secret is not encrypted.

image

I think that adding --enable-encrypt option to tpm2_sessionconfig command fixes this.

--- a/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
+++ b/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
@@ -231,7 +231,7 @@ setup_salted_param_encrypt_session_with_ek() {
     --tpmkey-context ek.ctx
     rm -f ek.ctx
 
-    tpm2_sessionconfig -Q  salted_session.ctx --enable-decrypt
+    tpm2_sessionconfig -Q  salted_session.ctx --enable-decrypt --enable-encrypt
 }
 
 #

Here is the result.

image

If this fix is suitable, I can also submit a merge request. Thanks.
@jx6f
Copy link
Author

jx6f commented Mar 28, 2024

I forgot to write. I think the following document also has a similar script and has the same issue.

TCG CPU to TPM Bus Protection Guidance for Active Attacks Version 1.0 Revision 30

@idesai
Copy link
Member

idesai commented Mar 29, 2024

Thank you for sharing your valuable insights.

I read Protecting Secrets At Tpm Interface article and tried the demo script while capturing packets using SWTPM simulator. And then I found that unsealed secret is not encrypted.

image

I think that adding --enable-encrypt option to tpm2_sessionconfig command fixes this.

--- a/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
+++ b/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
@@ -231,7 +231,7 @@ setup_salted_param_encrypt_session_with_ek() {
     --tpmkey-context ek.ctx
     rm -f ek.ctx
 
-    tpm2_sessionconfig -Q  salted_session.ctx --enable-decrypt
+    tpm2_sessionconfig -Q  salted_session.ctx --enable-decrypt --enable-encrypt
 }
 
 #

Here is the result.

image

If this fix is suitable, I can also submit a merge request. Thanks.

Sure.

@jx6f
Copy link
Author

jx6f commented Apr 3, 2024

Another problem found.

After cpu_secret_provisioning and runtime_provisioning and seal_data and TPM resets, running runtime_provisioning and unseal_data fails to unseal. This occurs both in the simulator and on the real TPM.

# unseal_data 
WARN: Reading full size of the NV index
WARNING:esys:src/tss2-esys/api/Esys_Unseal.c:295:Esys_Unseal_Finish() Received TPM Error 
ERROR:esys:src/tss2-esys/api/Esys_Unseal.c:98:Esys_Unseal() Esys Finish ErrorCode (0x0000099d) 
ERROR: Esys_Unseal(0x99D) - tpm:session(1):a policy check failed
ERROR: Unable to run tpm2_unseal
UNSEALBLOB=

This is because the NV Extended value when sealing and the NV Extended value when unsealing are different. I'm currently looking into the detailed cause. I'll let you know if I find out anything.

Thank you again for sharing your valuable insights.

@jx6f
Copy link
Author

jx6f commented Apr 3, 2024

runtime_provisioning and unseal_data after TPM reset was successful. I think it is necessary to have a separate session for parameter encryption and authentication when executing NV Extend. My guess is that otherwise the extended NV value may be encrypted.

--- a/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
+++ b/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
@@ -231,7 +231,7 @@ setup_salted_param_encrypt_session_with_ek() {
     --tpmkey-context ek.ctx
     rm -f ek.ctx
 
-    tpm2_sessionconfig -Q  salted_session.ctx --enable-decrypt
+    tpm2_sessionconfig -Q  salted_session.ctx --enable-decrypt --enable-encrypt
 }
 
 #
@@ -313,12 +313,11 @@ cpu_secret_provisioning() {
 #       TPM interface.
 #
 runtime_provisioning() {
+    setup_salted_param_encrypt_session_with_ek --hmac-session
+
     tpm2_startauthsession -Q  --session bounded_policy_session.ctx \
     --policy-session --bind-context $NVIndex --bind-auth $HOST_SECRET
 
-    tpm2_sessionconfig -Q bounded_policy_session.ctx \
-    --enable-decrypt --enable-encrypt
-
     tpm2_policycommandcode -Q --session bounded_policy_session.ctx \
     TPM2_CC_NV_Extend
 
@@ -326,10 +325,12 @@ runtime_provisioning() {
     --policy-list sha256:A.policy,B.policy,C.policy
 
     echo -n $NV_SECRET|tpm2_nvextend -Q -C $NVIndex -i- $NVIndex \
-    -P session:bounded_policy_session.ctx
+    -P session:bounded_policy_session.ctx \
+    -S salted_session.ctx
 
     tpm2_flushcontext -Q bounded_policy_session.ctx
-    rm -f bounded_policy_session.ctx
+    tpm2_flushcontext -Q salted_session.ctx
+    rm -f bounded_policy_session.ctx salted_session.ctx
 }

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jx6f @idesai