Skip to content

Commit

Permalink
Add support to store FDO Credentials in the TPM (#261)
Browse files Browse the repository at this point in the history 
* Add support to store device credentials and device status inside TPM NV storage

* Add support to store TPM private keys and device CSR inside TPM NV storage

* Add execution logs in clear_tpm_nv.sh

* Update TPM code as per specs

* Update device key generation according to FDO TPM spec

* Update tpm scripts

* Add DCActive flag usecase as per FDO TPM spec

* - Update DCActive value to bool
- Add TPM2_NV_WriteLock/TPM2_NV_ReadLock support
- Update readme for FDO TPM usage

* Add command to lock the Device CSR Non-Volatile (NV) index for further writes

---------

Signed-off-by: Shrikant Temburwar <shrikant.temburwar@intel.com>
  • Loading branch information
@shrikant1407
shrikant1407 authored Mar 1, 2024
1 parent e044f13 commit e32ec0d
Show file tree
Hide file tree
Showing 27 changed files with 1,986 additions and 652 deletions.
8 changes: 8 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,12 @@
*.so
*.so.*
*.a
*.blob
*.bin
*.pem
*.dat
*.ctx
*.key

# Packages #
############
Expand Down Expand Up @@ -51,6 +57,7 @@ Thumbs.db
###############
CMakeCache.txt
CMakeFiles
Makefile
CMakeScripts
cmake_install.cmake
install_manifest.txt
Expand Down Expand Up @@ -92,6 +99,7 @@ buildNumber.properties
.metadata
*.iml
*.ipr
.vscode

# Visual Studio files #
#######################
Expand Down
25 changes: 2 additions & 23 deletions app/blob.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@
#if defined(DEVICE_TPM20_ENABLED)
#include "tpm20_Utils.h"
#include "fdo_crypto.h"
#include "tpm2_nv_storage.h"
#endif

#if !defined(DEVICE_TPM20_ENABLED)
Expand All @@ -58,7 +59,6 @@ static int32_t gen_rdm_bytestream(uint8_t *random_buffer, size_t num_bytes)
}
return 0;
}
#endif

int32_t configure_normal_blob(void)
{
Expand All @@ -71,19 +71,6 @@ int32_t configure_normal_blob(void)
uint8_t *signed_normal_blob = NULL;
size_t signed_normal_blob_size = 0;
int32_t ret = -1;

#if defined(DEVICE_TPM20_ENABLED)
if (0 == is_valid_tpm_data_protection_key_present()) {
if (0 != fdo_generate_storage_hmac_key()) {
LOG(LOG_ERROR, "Failed to generate TPM data protection"
" key.\n");
goto err;
}

LOG(LOG_DEBUG,
"TPM data protection key generated successfully.\n");
}
#else
uint8_t hmac_key[PLATFORM_HMAC_KEY_DEFAULT_LEN] = {0};

size_t key_size_stored =
Expand Down Expand Up @@ -114,7 +101,6 @@ int32_t configure_normal_blob(void)
LOG(LOG_ERROR, "Failed to read plain Normal blob!\n");
goto err;
}
#endif

raw_normal_blob_size =
fdo_blob_size((char *)FDO_CRED_NORMAL, FDO_SDK_RAW_DATA);
Expand Down Expand Up @@ -158,13 +144,6 @@ int32_t configure_normal_blob(void)
"Malloc Failed for sealed Normal Blob buffer!\n");
goto err;
}
#if defined(DEVICE_TPM20_ENABLED)
if (0 != fdo_compute_storage_hmac(raw_normal_blob, raw_normal_blob_size,
signed_normal_blob,
PLATFORM_HMAC_SIZE)) {
goto err;
}
#else
#if defined(USE_MBEDTLS)
if (0 != mbedtls_md_hmac(mbedtls_md_info_from_type(MBEDTLS_MD_SHA256),
(const uint8_t *)hmac_key,
Expand All @@ -178,7 +157,6 @@ int32_t configure_normal_blob(void)
signed_normal_blob, NULL)) {
goto err;
}
#endif
#endif
// copy plain-text size
signed_normal_blob[PLATFORM_HMAC_SIZE + 3] = raw_normal_blob_size >> 0;
Expand Down Expand Up @@ -214,3 +192,4 @@ int32_t configure_normal_blob(void)
}
return ret;
}
#endif
19 changes: 12 additions & 7 deletions app/main.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,10 @@
#include "cse_utils.h"
#include "cse_tools.h"
#endif
#if defined(DEVICE_TPM20_ENABLED)
#include "tpm20_Utils.h"
#include "fdo_crypto.h"
#endif

#define STORAGE_NAMESPACE "storage"
#define OWNERSHIP_TRANSFER_FILE "data/owner_transfer"
Expand Down Expand Up @@ -218,19 +222,19 @@ static void print_device_status(void)

status = fdo_sdk_get_status();
if (status == FDO_STATE_PRE_DI) {
LOG(LOG_DEBUG, "Device is ready for DI\n");
LOG(LOG_INFO, "Device is ready for DI\n");
}
if (status == FDO_STATE_PRE_TO1) {
LOG(LOG_DEBUG, "Device is ready for Ownership transfer\n");
LOG(LOG_INFO, "Device is ready for Ownership transfer\n");
}
if (status == FDO_STATE_IDLE) {
LOG(LOG_DEBUG, "Device Ownership transfer Done\n");
LOG(LOG_INFO, "Device Ownership transfer Done\n");
}
if (status == FDO_STATE_RESALE) {
LOG(LOG_DEBUG, "Device is ready for Ownership transfer\n");
LOG(LOG_INFO, "Device is ready for Ownership transfer\n");
}
if (status == FDO_STATE_ERROR) {
LOG(LOG_DEBUG, "Error in getting device status\n");
LOG(LOG_ERROR, "Error in getting device status\n");
}
}

Expand Down Expand Up @@ -292,8 +296,9 @@ int app_main(bool is_resale)
}
#endif /* SECURE_ELEMENT */

#if !defined(DEVICE_CSE_ENABLED)
LOG(LOG_DEBUG, "CSE not enabled, Normal Blob Modules loaded!\n");
#if !defined(DEVICE_CSE_ENABLED) && !defined(DEVICE_TPM20_ENABLED)
LOG(LOG_DEBUG,
"CSE and TPM not enabled, Normal Blob Modules loaded!\n");
if (-1 == configure_normal_blob()) {
LOG(LOG_ERROR,
"Provisioning Normal blob for the 1st time failed!\n");
Expand Down
26 changes: 9 additions & 17 deletions cmake/blob_path.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ if(TARGET_OS MATCHES linux)
-DDEVICE_CSE_ENABLED
)
endif()

if (${MTLS} MATCHES true)
client_sdk_compile_definitions(
-DSSL_CERT=\"${BLOB_PATH}/data/apiUser.pem\"
Expand All @@ -35,16 +35,6 @@ if(TARGET_OS MATCHES linux)
if (${DA} MATCHES tpm)
client_sdk_compile_definitions(
-DDEVICE_TPM20_ENABLED
-DTPM_DEVICE_CSR=\"${BLOB_PATH}/data/tpm_device_csr\"
-DTPM_ECDSA_DEVICE_KEY=\"${BLOB_PATH}/data/tpm_ecdsa_priv_pub_blob.key\"
-DTPM_INPUT_DATA_TEMP_FILE=\"${BLOB_PATH}/data/tpm_input_data_temp_file\"
-DTPM_OUTPUT_DATA_TEMP_FILE=\"${BLOB_PATH}/data/tpm_output_data_temp_file\"
-DTPM_HMAC_PUB_KEY=\"${BLOB_PATH}/data/tpm_hmac_pub.key\"
-DTPM_HMAC_PRIV_KEY=\"${BLOB_PATH}/data/tpm_hmac_priv.key\"
-DTPM_HMAC_REPLACEMENT_PUB_KEY=\"${BLOB_PATH}/data/tpm_hmac_replacement_pub.key\"
-DTPM_HMAC_REPLACEMENT_PRIV_KEY=\"${BLOB_PATH}/data/tpm_hmac_replacement_priv.key\"
-DTPM_HMAC_DATA_PUB_KEY=\"${BLOB_PATH}/data/tpm_hmac_data_pub.key\"
-DTPM_HMAC_DATA_PRIV_KEY=\"${BLOB_PATH}/data/tpm_hmac_data_priv.key\"
)
endif()

Expand Down Expand Up @@ -176,9 +166,11 @@ if(TARGET_OS MATCHES linux)
# Configure if needed at a later point
# configure_file(${BLOB_PATH}/data/Normal.blob NEWLINE_STYLE DOS)

file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
file(WRITE ${BLOB_PATH}/data/Normal.blob "")
file(WRITE ${BLOB_PATH}/data/Secure.blob "")
file(WRITE ${BLOB_PATH}/data/raw.blob "")
if (NOT ${DA} MATCHES tpm)
file(WRITE ${BLOB_PATH}/data/platform_iv.bin "")
file(WRITE ${BLOB_PATH}/data/platform_hmac_key.bin "")
file(WRITE ${BLOB_PATH}/data/platform_aes_key.bin "")
file(WRITE ${BLOB_PATH}/data/Normal.blob "")
file(WRITE ${BLOB_PATH}/data/Secure.blob "")
file(WRITE ${BLOB_PATH}/data/raw.blob "")
endif()
29 changes: 29 additions & 0 deletions cmake/cli_input.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ set (RESALE true)
set (REUSE true)
set (MTLS false)
set (GET_DEV_SERIAL false)
set (LOCK_TPM true)

#for CSE
set (CSE_SHUTDOWN true)
Expand Down Expand Up @@ -883,3 +884,31 @@ endif()
set(CACHED_GET_DEV_SERIAL ${GET_DEV_SERIAL} CACHE STRING "Selected GET_DEV_SERIAL")
message("Selected GET_DEV_SERIAL ${GET_DEV_SERIAL}")
###########################################
# FOR LOCK TPM
if (${DA} MATCHES tpm)
get_property(cached_lock_tpm_value CACHE LOCK_TPM PROPERTY VALUE)

set(lock_tpm_cli_arg ${cached_lock_tpm_value})
if(lock_tpm_cli_arg STREQUAL CACHED_LOCK_TPM)
unset(lock_tpm_cli_arg)
endif()

set(lock_tpm_app_cmake_lists ${LOCK_TPM})
if(cached_lock_tpm_value STREQUAL LOCK_TPM)
unset(lock_tpm_app_cmake_lists)
endif()

if(DEFINED CACHED_LOCK_TPM)
if ((DEFINED lock_tpm_cli_arg) AND (NOT(CACHED_LOCK_TPM STREQUAL lock_tpm_cli_arg)))
message(WARNING "Need to do make pristine before cmake args can change.")
endif()
set(LOCK_TPM ${CACHED_LOCK_TPM})
elseif(DEFINED lock_tpm_cli_arg)
set(LOCK_TPM ${lock_tpm_cli_arg})
elseif(DEFINED lock_tpm_app_cmake_lists)
set(LOCK_TPM ${lock_tpm_app_cmake_lists})
endif()

set(CACHED_LOCK_TPM ${LOCK_TPM} CACHE STRING "Selected LOCK_TPM")
message("Selected LOCK_TPM ${LOCK_TPM}")
endif()
4 changes: 4 additions & 0 deletions cmake/extension.cmake
View file
Original file line number Diff line number Diff line change
Expand Up @@ -279,4 +279,8 @@ endif()
if(${GET_DEV_SERIAL} STREQUAL true)
client_sdk_compile_definitions(-DGET_DEV_SERIAL)
endif()

if(${LOCK_TPM} STREQUAL true)
client_sdk_compile_definitions(-DLOCK_TPM)
endif()
############################################################
4 changes: 0 additions & 4 deletions crypto/common/fdo_crypto_common.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,10 +114,6 @@ int32_t fdo_crypto_close(void)
ret = crypto_close();
/* CLeanup of context structs */
cleanup_ctx();
#if defined(DEVICE_TPM20_ENABLED)
/* clear the replacement hmac key objects */
fdo_tpm_clear_replacement_hmac_key();
#endif
return ret;
}

Expand Down
42 changes: 5 additions & 37 deletions crypto/common/fdo_hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@

#if defined(DEVICE_TPM20_ENABLED)
#include "tpm20_Utils.h"
#include "tpm2_nv_storage.h"
#endif

#if defined(DEVICE_CSE_ENABLED)
Expand Down Expand Up @@ -151,15 +152,14 @@ int32_t fdo_device_ov_hmac(uint8_t *OVHdr, size_t OVHdr_len, uint8_t *hmac,
if (is_replacement_hmac) {
#if defined(DEVICE_TPM20_ENABLED)
return fdo_tpm_get_hmac(OVHdr, OVHdr_len, hmac, hmac_len,
TPM_HMAC_REPLACEMENT_PUB_KEY,
TPM_HMAC_REPLACEMENT_PRIV_KEY);
TPM_HMAC_KEY_PERSISTANT_HANDLE);
#else
keyset = get_replacement_OV_key();
#endif
} else {
#if defined(DEVICE_TPM20_ENABLED)
return fdo_tpm_get_hmac(OVHdr, OVHdr_len, hmac, hmac_len,
TPM_HMAC_PUB_KEY, TPM_HMAC_PRIV_KEY);
TPM_HMAC_KEY_PERSISTANT_HANDLE);
#else
keyset = get_OV_key();
#endif
Expand Down Expand Up @@ -225,8 +225,7 @@ int32_t fdo_generate_ov_hmac_key(void)

int32_t ret = -1;
#if defined(DEVICE_TPM20_ENABLED)
if (0 !=
fdo_tpm_generate_hmac_key(TPM_HMAC_PUB_KEY, TPM_HMAC_PRIV_KEY)) {
if (0 != fdo_tpm_generate_hmac_key(TPM_HMAC_KEY_PERSISTANT_HANDLE)) {
LOG(LOG_ERROR, "Failed to generate device HMAC key"
" from TPM.\n");
return ret;
Expand Down Expand Up @@ -270,8 +269,7 @@ int32_t fdo_generate_ov_replacement_hmac_key(void)

int32_t ret = -1;
#if defined(DEVICE_TPM20_ENABLED)
if (0 != fdo_tpm_generate_hmac_key(TPM_HMAC_REPLACEMENT_PUB_KEY,
TPM_HMAC_REPLACEMENT_PRIV_KEY)) {
if (0 != fdo_tpm_generate_hmac_key(TPM_HMAC_KEY_PERSISTANT_HANDLE)) {
LOG(LOG_ERROR, "Failed to generate device replacement HMAC key"
" from TPM.\n");
return ret;
Expand Down Expand Up @@ -316,12 +314,6 @@ int32_t fdo_commit_ov_replacement_hmac_key(void)

int32_t ret = -1;
#if defined(DEVICE_TPM20_ENABLED)
if (0 != fdo_tpm_commit_replacement_hmac_key()) {
LOG(LOG_ERROR, "Failed to commit device replacement HMAC key"
" for TPM.\n");
return ret;
}

ret = 0;
#else
fdo_byte_array_t **secret = get_replacement_OV_key();
Expand Down Expand Up @@ -365,17 +357,6 @@ int32_t fdo_compute_storage_hmac(const uint8_t *data, uint32_t data_length,
goto error;
}

#if defined(DEVICE_TPM20_ENABLED)
if (0 != fdo_tpm_get_hmac(data, data_length, computed_hmac,
computed_hmac_size, TPM_HMAC_DATA_PUB_KEY,
TPM_HMAC_DATA_PRIV_KEY)) {
LOG(LOG_ERROR, "TPM HMAC Computation failed!\n");
goto error;
}

LOG(LOG_DEBUG, "TPM HMAC computed successfully!\n");

#else
uint8_t hmac_key[PLATFORM_HMAC_KEY_DEFAULT_LEN] = {0};

if (!get_platform_hmac_key(hmac_key, PLATFORM_HMAC_KEY_DEFAULT_LEN)) {
Expand Down Expand Up @@ -403,7 +384,6 @@ int32_t fdo_compute_storage_hmac(const uint8_t *data, uint32_t data_length,
#endif
return ret;
}
#endif

/**
* fdo_generate_storage_hmac_key function generates Storage HMAC key
Expand All @@ -418,18 +398,6 @@ int32_t fdo_generate_storage_hmac_key(void)

#if defined(TARGET_OS_OPTEE)
return 0;

#elif defined(DEVICE_TPM20_ENABLED)
if (0 != fdo_tpm_generate_hmac_key(TPM_HMAC_DATA_PUB_KEY,
TPM_HMAC_DATA_PRIV_KEY)) {
LOG(LOG_ERROR, "Failed to generate TPM data protection "
"key.\n");
return ret;
}

ret = 0;
LOG(LOG_DEBUG, "TPM data protection key generated successfully.\n");

#else
uint8_t hmac_key[PLATFORM_HMAC_KEY_DEFAULT_LEN] = {0};

Expand Down
Loading

0 comments on commit e32ec0d

Please sign in to comment.