strongSwan

h1. Trusted Platform Module 2.0

{{>toc}}

h2. Connect to a TPM 2.0 device

In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu *tpm2-tss* package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest *tpm2-tools* version from https://github.com/01org/tpm2.0-tools as well.

Build and install both the *tpm2-tss* stack and the *tpm2.0-tools*, start the *tpm2-resourcemgr* as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers

 tpm2_listpcrs -g 0x0004

 Bank/Algorithm: TPM_ALG_SHA1(0x0004)

PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5

PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

A manual showing all *tpm2-tools* functions with their arguments can be found "here":https://github.com/01org/tpm2.0-tools/blob/master/manual.

h2. TPM 2.0 Algorithm IDs

h3. Hash Algorithms

|0x0004 |SHA-1     |

|0x000B |SHA-2_256 |

|0x000C |SHA-2_384 |

|0x000D |SHA-2_512 |

Currently available TPM 2.0 devices like the Infineon *Optiga SLB 9670 VQ2.0* hardware TPM or Intel's *PTT* firmware TPM support the *SHA-1* and *SHA-2_256* algorithms.

h3. Public Key Types

|0x0001 |RSA |

|0x0023 |ECC |

h3. Signature Schemes

|0x0014 |RSASSA |

|0x0016 |RSAPSS |

|0x0018 |ECDSA  |

The RSA keys have a modulus size of 2048 bits and the ECC keys are based on the 256 bit NIST curve.

h2. Derivation of a Persistent RSA Endorsement Key

The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret _Endorsement Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001

 tpm2_getpubek -H 0x81010001 -g 0x0001

The EK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

 pki --pub --keyid 81010001 --outform pem > ek_rsa_pub.pem

The fingerprint of the RSA EK public key can be displayed with the command

 pki --print --type pub --in ek_rsa_pub.pem

  pubkey:    RSA 2048 bits

  keyid:     d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58

  subjkey:   c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d

h2. Generation of a Persistent RSA Attestation Key

A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command

 tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

 pki --pub --keyid 81010002 --outform pem > ak_rsa_pub.pem

The fingerprint of the RSA AK public key can be displayed with the command

 pki --print --type pub --in ak_rsa_pub.pem

  pubkey:    RSA 2048 bits

  keyid:     71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa

  subjkey:   f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66

h2. Derivation of a Persistent ECC Endorsement Key

The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret _Endorsement Seed_ *unique* to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:

 tpm2_getpubek -H 0x81010003 -g 0x0023

The EK public key can be exported in PKCS#1 format from the TPM using the *pki* tool:

  pki --pub --keyid 81010003 > ek_ecc_pub.der

The fingerprint of the ECC EK public key can be displayed with the command

 pki --print --type pub --in ek_ecc_pub.der

  pubkey:    ECDSA 256 bits

  keyid:     7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31

  subjkey:   8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09

h2. Generation of a Persistent ECC Attestation Key

A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command

 tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004

The AK public key can be exported in PKCS#1 format from the TPM using the *pki* tool

 pki --pub --keyid 81010004 > ak_ecc_pub.der

The fingerprint of the RSA AK public key can be displayed with the command

 pki --print --type pub --in ak_ecc_pub.der

  pubkey:    ECDSA 256 bits

  keyid:     71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38

  subjkey:   c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13

h2. TPM Private Key Access via VICI Interface

Configuration of TPM private key access in *swanctl.conf*:

 secrets {

    token_ak_rsa {

       handle = 81010002

    }

    token_ak_ecc {

       handle = 81010004

    }

}