TPM2.0 practical usage

Video in TIB AV-Portal: TPM2.0 practical usage

Formal Metadata

Title
TPM2.0 practical usage
Subtitle
Using a firmware TPM 2.0 on an embedded device
Title of Series
Author
License
CC Attribution 2.0 Belgium:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal purpose as long as the work is attributed to the author in the manner specified by the author or licensor.
Identifiers
Publisher
Release Date
2018
Language
English
Production Year
2017

Content Metadata

Subject Area
Abstract
Nowadays Trusted Platform Module is present in most computers, and it ismaking its way into embedded platforms as well. In this talk I will explainhow to use the (firmware)TPM2.0 available on the Minnowboard MAX/Turbot (seealso https://fb.me/MinnowBoardMax and https://fb.me/MinnowBoardTurbot) foreveryday's encryption (https://fb.me/tpm2-openssl) Even though TPMs are cryptographic processors, it is surprisingly hard to usethem for common cryptographic operations like signatures and decryption. Moreover, as opposed to its predecessor TPM1.2, TPM2.0 gets a very littlesupport in Linux and the TGC Software Stack has no support for the most commonencoding formats (e.g. PEM and DER).
Loading...
Module (mathematics) Key (cryptography) Latin square Bit Maxima and minima Electronic signature Product (business) Sign (mathematics) Goodness of fit Facebook Minimal surface Query language Computing platform Computing platform
Intel Group action Euclidean vector INTEGRAL State of matter Function (mathematics) Electronic signature Computer Non-volatile memory Cryptography Type theory Minimal surface Different (Kate Ryan album) Semiconductor memory Encryption Extension (kinesiology) Vulnerability (computing) Physical system Data integrity Algorithm Building Software developer Data storage device Physicalism Instance (computer science) Computer Public-key cryptography Electronic signature Type theory Digital rights management Befehlsprozessor Hash function MiniDisc output Encryption Block (periodic table) Simulation Spacetime Booting Server (computing) Module (mathematics) Connectivity (graph theory) Characteristic polynomial Discrete element method Coprocessor Power (physics) Revision control Latent heat Software Computer hardware Energy level Integrated development environment Spacetime MiniDisc Booting Firmware Computing platform Condition number Mobile Web Module (mathematics) Key (cryptography) Discrete group Coprocessor Cryptography Code Elliptic curve Software Computer hardware Computing platform Formal verification Object (grammar) Window Operating system
Point (geometry) Slide rule Intel Implementation Turbo-Code Link (knot theory) Robot Multiplication sign Connectivity (graph theory) Duality (mathematics) Latent heat Different (Kate Ryan album) Computer configuration Kernel (computing) Software Computer hardware Implementation Firmware Computing platform Source code Dependent and independent variables Software developer Core dump Maxima and minima Bit Digital rights management Kernel (computing) Process (computing) Integrated development environment Software Computer hardware Mixed reality Order (biology) Simulation Physical system Operating system
Standard deviation Email Intel Presentation of a group Installation art Multiplication sign Source code File format Open set Stack (abstract data type) Electronic signature Software bug Non-volatile memory Non-volatile memory Sign (mathematics) Hash function Core dump Information security Physical system Identity management Proof theory Email Electric generator File format Moment (mathematics) Bit Maxima and minima Instance (computer science) Public-key cryptography Electronic signature Type theory Proof theory Digital rights management Message passing Process (computing) Hash function Order (biology) Data conversion Quicksort Whiteboard Row (database) Point (geometry) Implementation Open source Computer file Link (knot theory) Real number Sigma-algebra Exponentiation Augmented reality Plastikkarte Latent heat Operator (mathematics) Integer Configuration space Data structure Computing platform Software development kit Execution unit Standard deviation Distribution (mathematics) Multiplication Demon Key (cryptography) Cellular automaton Surface Exponentiation Cartesian coordinate system Uniform boundedness principle Pointer (computer programming) Moment of inertia Software Personal digital assistant Object (grammar) Communications protocol Identity management RSA (algorithm)
yeah hello so our next speaker comes from Latin it's da vida query and it will speak about CPM to an embedded let's upload him what are the lights sorry excuse me excuse me where is the light which let's yeah otherwise I don't think yeah good you thank you very much so hi everyone good evening I'm Davide I'm a production engineer at London and today I'm going to talk a little bit about TPM 2.0 and specifically a practical usage on an embedded platform by the way I have the platform with me so just to show you this it's really small and so the agenda is quite short because this is of course a lighting talk we're going to see what is a TPM this is a very high-level overview of TPMS and you know how to use the TPM on a minimal Max or turbot with a practical example so we are going to generate a signing key on the typical only TPM embedded in these platforms and sign a document and verifying it with open SSL on a different platform so what's a TPM TP M
stands for trusted platform module its specification has been written by the TCG the trusted computing group whose members are AMD here at Packard IBM Intel and Microsoft and has been standardized in an ISO document this is 2009 TPM 1.2 by the way and it presently is on most computers platform including embedded ones and by the way very recently Microsoft has mandated TPM 2.0 for Windows Mobile 10 platforms and is recommended for server platform so we are going to see these devices more and more in the future TPM is a cryptographic as a processor but it is not an accelerator this could be shocking believe it or not it's slow by design one of the reasons one of the main reason why is slow is because of import-export restrictions that are on cryptographic technology some countries have this restriction like the United States for instance so at a very high
level these are the modules that you can find in in a TPM so we have an input output module of course cryptography processing non-volatile storage or general-purpose memory basically we can create objects from two DPM like signature keys or you know for symmetric and asymmetric encryption for instance and we can make them persistent of course this is limited storage so not many kids can be can be storing it main differences so we have two versions of TPMS 1.28 2.0 are the two existing version and TPM 1.2 uses RSA as a symmetric encryption and sha-1 as the hash function so this is deprecated although the use of the sha-1 in TPM is not you know affected by the recent vulnerability they discovered and while TPM 2.0 as support for elliptic curve cryptography and shuttle but the one of the of the most interesting characteristic of TPM 2.0 is what is called algorithm agility so that means that we can add more algorithms without changing the specification and that means that maybe with a software with a firmware upgrade from the vendor you can get more algorithms on your TPM without changing the you know the platform the main usages 3 on the main usages of TP ends are summarized here so we have platform integrity so secure boot and trusted boot this answer the question answers the question is a computer platform in a trusted state interesting condition that means that we have to measure all the software run from power on to operating system up and running and basically this is done by so creating an ash for each piece of software and storing it in in TPM registers another typical usage is disk encryption is not a TPM that performs the encryption but rather it just stores the key and control the access to it and DRM is another usage there are three types of TB ins Hardware firmware and software the hardware or discreet TPM is a physical component tamper-proof and is the most secure of course of the three filmic TPM is typical on embedded platforms because it relies only on a cpu extensions mmm named trusted execution engine and the last one software tip eons are used just for development of course they're all in user space and and run and run on top of
the operating system so how can we use a
TPM 2.0 for one point to the support is pretty it's pretty good I would say but for 2.0 the software is not so you know not so mature so in order to use it on x86 platforms in Linux we have two options one is the IBM implementation the other one is the Intel implementation there are a few differences between the two the main summarized here basically the IBM implementation doesn't have the resource manager which is the component is described in the decidua specification responsible for allowing multiple process to assess the same TPM you know in time sharing in a time sharing fashion and so the TP the TSS from Intel do have a resource manager does have a resource manager and they are working also in internal resource manager aimed for the kernel 4.11 also the inter implementation is developed on github so I would say the development is more open and a bit more you know modern maybe hardware so we are talking about embedded platforms so I have here a minimum but max you so this is what what I'm going to show is actually exactly the same on min abort our bot which is a spin-off on the mineral max basically is a dual-core atom that supports that as the trusted execution environment and so we can get a few more TPM the Fillmore TPM is not there by I mean with embedded ufi firmware but you have to refresh the the femur and a destruction at the end of the slide there is a link to a post explaining how to do this is not too hard this platform cost around 150 euros of course this is just an example there are many other platforms that support this so film or
TV and in this case using TPM 2.0 regardless of the type in real world is not easy because it doesn't support the tools they are the existing tooling for x86 and Linux at least the open-source one I'm not aware of you know closed source implementation at the moment it's hard because they don't support interchange format like their or Pam and so using it with OpenSSL is it's not possible by the way but body keep the TPM software stacks provide an API they implement what is called in the specification the system API which can be used to build your own CSV process application although the specification is quite hard to digest so I'm what I'm showing here is pretty hacky but of course it there are cleaner way to do that but I mean it's not easy so in order to use the minimum Board max to do what I'm showing we need to enable the female TPM as I mentioned we need to set up a Linux distribution any recent distribution will do will do but you need at least candle 4.4 I believe kit 4.2 is works as well but anyway 4.4 is better you need to flash it onto a mattress the car-boot the board from it we did sorry and install the TPM software stack and the TPM tools from Intel there are pointers and the end of these presentation so you can find the software easily if you're lucky some distribution like open SUSE already have packages from for these two softwares you need to start the resource manager as Adam as a daemon sorry and then you're right and enjoy your go to go so Intel tools are modeled after in security Jose protocol described in the in the in the CCG specification which is you know it's focused on TPM 1.2 for 2.0 we have much more flexibility although the the existing tools won't allow you to create create the primary key for you know for assigning key as a primary key so we have to create an endorsement key and from this key we are going to create an attestation identity key that can be used for signing something if you use directly with the C API the the TPM software stack you don't need to do this of course so this command generate if it's not already stored in the non-volatile memory will generate a new key RSA key 256 bytes long and we store it in a k ├Ęk dot pub we don't need this key but as i said we need to generate another key called the session identity key from the endorsement key just created this key will be stored in in the file ai Qi dot pub but it can be used directly by open ssl because it's basically it's a dump of a c structure described in the in the in the TCG standard we need to extract the modulus from that key and this is done by skipping the first 102 bytes and then we need to create a fixed data this header is fixed of course it's their header fixed for RSA keys of course and a mid header which is just metadata describing how the exponent looks like so basically saying it's a 3x3 bytes integer and then when we have all these all these bits we can compose them into the into a public key which can be used by organize the cell in their format you can convert it in PEM format if you if you like at this point then we need to sign then we sign the document and with the exported public key we can verify it and to do that we use these two comments so as usual we hash a message and then we sign it in order to do this you can use these two comments but there is a sort of I would say bug in the Intel tooling which actually requires you to pass the message to the same comma this is not needed of course you just in that you know if in the right implementation you just need to pass the hash you can see we are using a ticket dot bean file so this is interesting for TPM 2.0 because is the way it you can upload multiple you know multiple steps operation and basically you can sign only objects that are generated inside the TPM and to prove that what you are passing to the TBM to the sign command is something that has been generated by the TPM you generate this ticket which is an H Mac containing the proof that you know that that specific TPM has generated the hash in this case and so now we have the signature which is unfortunately not in the right format so we need to extract to skip again the this header described in the TCG standard and we extract the row signature which is 256 bytes long of course it's a never say 2048 bits key that we are using and then we can on a different platform we can verify the the the signature with for instance with open SSL so of course this is as I say this hacky and but these can be used to you know to verify let's say you have a fleet of these devices you can actually identify any so every single device in your fleet with with this with this method with the TPM because you can sign something and you can let's say announced and you can authenticate your devices in this way with embedded TPM so
thanks for your time and your attention these are the links I mentioned thanks thank you if someone is a quick question if you have any question feel free to to drop me an email because we've just scratched the surface off you know this hello
Loading...
Feedback

Timings

  369 ms - page object

Version

AV-Portal 3.20.2 (36f6df173ce4850b467c9cb7af359cf1cdaed247)
hidden