-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
The unsealed secret flows through the TPM interface in clear text #83
Comments
I forgot to write. I think the following document also has a similar script and has the same issue. TCG CPU to TPM Bus Protection Guidance for Active Attacks Version 1.0 Revision 30 |
Sure. |
Another problem found. After cpu_secret_provisioning and runtime_provisioning and seal_data and TPM resets, running runtime_provisioning and unseal_data fails to unseal. This occurs both in the simulator and on the real TPM.
This is because the NV Extended value when sealing and the NV Extended value when unsealing are different. I'm currently looking into the detailed cause. I'll let you know if I find out anything. Thank you again for sharing your valuable insights. |
runtime_provisioning and unseal_data after TPM reset was successful. I think it is necessary to have a separate session for parameter encryption and authentication when executing NV Extend. My guess is that otherwise the extended NV value may be encrypted. --- a/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
+++ b/_posts/2021-02-17-Protecting-secrets-at-TPM-interface.md
@@ -231,7 +231,7 @@ setup_salted_param_encrypt_session_with_ek() {
--tpmkey-context ek.ctx
rm -f ek.ctx
- tpm2_sessionconfig -Q salted_session.ctx --enable-decrypt
+ tpm2_sessionconfig -Q salted_session.ctx --enable-decrypt --enable-encrypt
}
#
@@ -313,12 +313,11 @@ cpu_secret_provisioning() {
# TPM interface.
#
runtime_provisioning() {
+ setup_salted_param_encrypt_session_with_ek --hmac-session
+
tpm2_startauthsession -Q --session bounded_policy_session.ctx \
--policy-session --bind-context $NVIndex --bind-auth $HOST_SECRET
- tpm2_sessionconfig -Q bounded_policy_session.ctx \
- --enable-decrypt --enable-encrypt
-
tpm2_policycommandcode -Q --session bounded_policy_session.ctx \
TPM2_CC_NV_Extend
@@ -326,10 +325,12 @@ runtime_provisioning() {
--policy-list sha256:A.policy,B.policy,C.policy
echo -n $NV_SECRET|tpm2_nvextend -Q -C $NVIndex -i- $NVIndex \
- -P session:bounded_policy_session.ctx
+ -P session:bounded_policy_session.ctx \
+ -S salted_session.ctx
tpm2_flushcontext -Q bounded_policy_session.ctx
- rm -f bounded_policy_session.ctx
+ tpm2_flushcontext -Q salted_session.ctx
+ rm -f bounded_policy_session.ctx salted_session.ctx
} |
Thank you for sharing your valuable insights.
I read Protecting Secrets At Tpm Interface article and tried the demo script while capturing packets using SWTPM simulator. And then I found that unsealed secret is not encrypted.
I think that adding
--enable-encrypt
option to tpm2_sessionconfig command fixes this.Here is the result.
If this fix is suitable, I can also submit a merge request. Thanks.
The text was updated successfully, but these errors were encountered: