Trusted Platform Module 2.0 » History » Version 29
« Previous -
Version 29/157
(diff) -
Next » -
Current version
Andreas Steffen, 19.02.2017 10:21
Trusted Platform Module 2.0¶
- Table of contents
- Trusted Platform Module 2.0
- Connect to a TPM 2.0 device
- TPM 2.0 Algorithm IDs
- Derive a Persistent RSA Endorsement Key
- Generate a Persistent RSA Attestation Key
- Derive a Persistent ECC Endorsement Key
- Generate a Persistent ECC Attestation Key
- Generate Another ECC Attestation Key
- Remove a Persistent Key Object
- List Persistent Objects
- Access TPM Private Keys via VICI Interface
- Starting the strongSwan Daemon
Connect to a TPM 2.0 device¶
In order to connect to a TPM 2.0 hardware or firmware device, the TSS2 software stack developed by Intel is needed. Because the official Ubuntu tpm2-tss package is rather outdated (e.g. since version 0.98 the TCTI interface to the TPM 2.0 resource manager has changed several times), strongSwan is currently based on a recent version directly drawn from the TPM2-TSS git repository https://github.com/01org/TPM2.0-TSS. Avoid any TCTI interface incompatibilities by fetching the latest tpm2-tools version from https://github.com/01org/tpm2.0-tools as well.
Build and install both the tpm2-tss stack and the tpm2.0-tools, start the tpm2-resourcemgr as a service in the background and try to connect to the TPM 2.0 by listing e.g. the contents of the SHA-1 bank of PCR registers
tpm2_listpcrs -g 0x0004
Bank/Algorithm: TPM_ALG_SHA1(0x0004) PCR_00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_01: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_02: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_03: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_04: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_05: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_06: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_07: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_08: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_09: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_10: a9 45 e7 0f 42 a2 79 f0 78 ca d4 64 60 39 39 da 9d 6a d1 a5 PCR_11: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_12: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_13: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_14: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_15: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 PCR_17: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_18: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_19: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_20: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_21: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_22: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff PCR_23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
A manual showing all tpm2-tools functions with their arguments can be found here.
TPM 2.0 Algorithm IDs¶
Hash Algorithms¶
0x0004 | SHA-1 |
0x000B | SHA-2_256 |
0x000C | SHA-2_384 |
0x000D | SHA-2_512 |
Currently available TPM 2.0 devices like the Infineon Optiga SLB 9670 VQ2.0 hardware TPM or Intel's PTT firmware TPM integrated into the Management Engine starting with the 4th generation (Haswell) of the Core processor family, support the SHA-1 and SHA-2_256 algorithms.
Public Key Types¶
0x0001 | RSA |
0x0023 | ECC |
Currently RSA keys have a modulus size of 2048 bits and ECC keys are based on the 256 bit NIST curve.
Signature Schemes¶
0x0014 | RSASSA |
0x0016 | RSAPSS |
0x0018 | ECDSA |
Derive a Persistent RSA Endorsement Key¶
The following tpm2-tools command derives a 2048 bit RSA Endorsement Key (EK) in a deterministic way from the secret Endorsement Primary Seed unique to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010001
tpm2_getpubek -H 0x81010001 -g 0x0001 -f ek_rsa.pub
The EK public key stored in the ek_rsa.pub file is encoded in a TPM 2.0 proprietary format but the key can be exported from the TPM in the regular PKCS#1 format using the pki tool
pki --pub --keyid 81010001 --outform pem > ek_rsa_pub.pem
The fingerprint of the RSA EK public key can be displayed with the command
pki --print --type pub --in ek_rsa_pub.pem
pubkey: RSA 2048 bits
keyid: d1:f1:49:84:36:44:e6:8c:d2:a6:69:ee:fd:b5:7d:56:2f:39:ff:58
subjkey: c1:1b:8e:f1:c7:f8:8a:1e:9a:dd:7e:82:2f:7a:a3:f5:c0:e2:4d:7d
Generate a Persistent RSA Attestation Key¶
A 2048 bit RSA Attestation Key (AK) bound to the EK with handle 0x81010001 can be created and made persistent under the handle 0x81010002 with the following tpm2-tools command
tpm2_getpubak -E 0x81010001 -g 0x0001 -D 0x000B -s 0x0014 -k 0x81010002 -f ak_rsa2.pub -n ak_rsa2.name
The AK public key can be exported in PKCS#1 format from the TPM using the pki tool
pki --pub --keyid 81010002 --outform pem > ak_rsa_pub.pem
The fingerprint of the RSA AK public key can be displayed with the command
pki --print --type pub --in ak_rsa_pub.pem
pubkey: RSA 2048 bits
keyid: 71:21:f5:d4:7e:59:4a:88:16:ca:57:85:98:3d:36:a7:b1:d5:75:fa
subjkey: f4:9e:85:7d:de:4e:67:f5:fb:87:03:98:67:3f:20:7c:f3:3f:2b:66
Derive a Persistent ECC Endorsement Key¶
The following tpm2-tools command derives a 256 bit ECC Endorsement Key (EK) in a deterministic way from the secret Endorsement Primary Seed unique to each TPM device and makes the key persistent in the non-volatile memory of the TPM under the object handle 0x81010003:
tpm2_getpubek -H 0x81010003 -g 0x0023 -f ek_ecc.pub
The EK public key can be exported in PKCS#1 format from the TPM using the pki tool:
pki --pub --keyid 81010003 > ek_ecc_pub.der
The fingerprint of the ECC EK public key can be displayed with the command
pki --print --type pub --in ek_ecc_pub.der
pubkey: ECDSA 256 bits
keyid: 7f:39:ca:e6:83:9b:a9:06:97:40:27:6a:e1:bf:8f:f5:9f:d3:a5:31
subjkey: 8b:43:4d:5e:5e:7b:ff:c2:54:4d:ef:88:cb:0c:7c:47:75:28:4d:09
Generate a Persistent ECC Attestation Key¶
A 256 bit ECC Attestation Key (AK) bound to the EK with handle 0x81010003 can be created and made persistent under the handle 0x81010004 with the following tpm2-tools command
tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010004 -f ak_ecc4.pub -n ak_ecc4.name
The AK public key can be exported in PKCS#1 format from the TPM using the pki tool
pki --pub --keyid 81010004 > ak_ecc_pub.der
The fingerprint of the RSA AK public key can be displayed with the command
pki --print --type pub --in ak_ecc_pub.der
pubkey: ECDSA 256 bits
keyid: 71:49:7c:42:41:e7:c6:81:bc:31:73:f0:0f:7e:4a:e1:2d:53:00:38
subjkey: c7:0e:63:f8:7f:6f:f6:55:00:e5:05:7f:5a:3e:6b:6c:e7:d2:d5:13
Generate Another ECC Attestation Key¶
Multiple AK keys bound to a common EK key can be generated
tpm2_getpubak -E 0x81010003 -g 0x0023 -D 0x000B -s 0x0018 -k 0x81010005 -f ak_ecc5.pub -n ak_ecc5.name
The AK public key can be exported in PKCS#1 format from the TPM using the pki tool
pki --pub --keyid 81010005 > ak_ecc5_pub.der
The fingerprint of the second ECC AK public key can be displayed with the command
pki --print --type pub --in ak_ecc5_pub.der
pubkey: ECDSA 256 bits
keyid: c4:b4:9c:95:27:9e:ce:81:2f:98:42:c8:1b:f0:54:ff:d4:d1:24:34
subjkey: cf:44:f4:f7:9d:97:09:ad:b1:09:3a:8e:6f:23:eb:9f:2c:35:94:c9
Remove a Persistent Key Object¶
Since the non-volatile memory of the TPM is limited any persistent key object can be removed to free storage space.
The following tpm2-tools command removes the ECC AK key with persistent handle 0x81010005
tpm2_evictcontrol -A o -H 0x81010005 -S 0x81010005
List Persistent Objects¶
The following tpm2-tools command lists all persistent objects stored by the TPM in non-volatile memory
tpm2_listpersistent
6 persistent objects defined. 0. Persistent handle: 0x81000001 { Type: 0x23 Hash algorithm(nameAlg): 0xb Attributes: 0x30072 } 1. Persistent handle: 0x81000002 { Type: 0x23 Hash algorithm(nameAlg): 0xb Attributes: 0x60072 } 2. Persistent handle: 0x81010001 { Type: 0x1 Hash algorithm(nameAlg): 0xb Attributes: 0x300b2 } 3. Persistent handle: 0x81010002 { Type: 0x1 Hash algorithm(nameAlg): 0xb Attributes: 0x50072 } 4. Persistent handle: 0x81010003 { Type: 0x23 Hash algorithm(nameAlg): 0xb Attributes: 0x300b2 } 5. Persistent handle: 0x81010004 { Type: 0x23 Hash algorithm(nameAlg): 0xb Attributes: 0x50072 }
Access TPM Private Keys via VICI Interface¶
Configuration of TPM private key access as tokens in the secrets section of swanctl.conf
secrets {
token_ak_rsa {
handle = 81010002
}
token_ak_ecc {
handle = 81010004
}
}
Starting the strongSwan Daemon¶
systemctl start strongswan-swanctl
Feb 19 09:35:14 raspi5 systemd[1]: Starting strongSwan IPsec IKEv1/IKEv2 daemon using swanctl...
The RSA AK private key is attached via the TPM 2.0 resource manager
Feb 19 09:35:14 raspi5 resourcemgr[531]: Accept socket: 0xa Feb 19 09:35:14 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client Feb 19 09:35:14 raspi5 resourcemgr[531]: Accept socket: 0xb Feb 19 09:35:14 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client Feb 19 09:35:14 raspi5 charon-systemd[20831]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 via TSS2 available Feb 19 09:35:15 raspi5 charon-systemd[20831]: AIK signature algorithm is RSASSA with SHA256 hash
The ECC AK private key is attached via the TPM 2.0 resource manager
Feb 19 09:35:15 raspi5 resourcemgr[531]: Accept socket: 0x6 Feb 19 09:35:15 raspi5 resourcemgr[531]: Resource Manager Other CMD Server accepted client Feb 19 09:35:15 raspi5 resourcemgr[531]: Accept socket: 0x7 Feb 19 09:35:15 raspi5 resourcemgr[531]: Resource Manager TPM CMD Server accepted client Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 - algorithms: RSA SHA1 HMAC AES KEYEDHASH XOR SHA256 RSASSA RSAES RSAPSS OAEP ECDSA ECDH SM2 KDF1_SP800_56A KDF1_SP800_108 ECC SYMCIPHER CFB Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 - ECC curves: NIST_P256 BN_P256 Feb 19 09:35:15 raspi5 charon-systemd[20831]: TPM 2.0 via TSS2 available Feb 19 09:35:15 raspi5 charon-systemd[20831]: AIK signature algorithm is ECDSA with SHA256 hash
The swanctl command line tool loads the RSA and ECC AK certificates as well as the demoCA root certificate and connects to the RSA and ECC private keys residing in the TPM
Feb 19 09:35:15 raspi5 swanctl[20849]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_rsa_Cert.der' Feb 19 09:35:15 raspi5 swanctl[20849]: loaded certificate from '/etc/swanctl/x509/raspi5_ak_ecc_Cert.der' Feb 19 09:35:15 raspi5 swanctl[20849]: loaded certificate from '/etc/swanctl/x509ca/demoCaCert.pem' Feb 19 09:35:15 raspi5 swanctl[20849]: loaded key token_ak_rsa from token [keyid: f49e857dde4e67f5fb870398673f207cf33f2b66] Feb 19 09:35:15 raspi5 swanctl[20849]: loaded key token_ak_ecc from token [keyid: c70e63f87f6ff65500e5057f5a3e6b6ce7d2d513] Feb 19 09:35:15 raspi5 swanctl[20849]: loaded connection 'rsa' Feb 19 09:35:15 raspi5 swanctl[20849]: loaded connection 'ecc' Feb 19 09:35:15 raspi5 swanctl[20849]: successfully loaded 2 connections, 0 unloaded
Feb 19 09:35:15 raspi5 systemd[1]: Started strongSwan IPsec IKEv1/IKEv2 daemon using swanctl.