GithubHelp home page GithubHelp logo

fobnail-attester's Introduction

Readme

This project is aimed to provide an Attester implementation for Attestation process which also should include local (and remote) plaform provisioning.

As for attestation itself the Fobnail/charra (https://github.com/fobnail/charra) project could be used as an example and the base of future extentions. It provides a simple (not full) interaction between Attester and Verifier over CHARRA protocol.

But local (and remote) provisioning must be performed before the attestation starts.

Running in docker

  • Get fobnail-sdk container and install run-fobnail-sdk.sh script according to the documentation in the fobnail-sdk repository.

  • Clone fobnail repository

  • Build container:

$ docker build -t fobnail/fobnail-attester .
  • Build fobnail-attester:
$ ./docker.sh build-attester
  • Build fobnail firmware application:
$ export FOBNAIL_DIR=/path/to/fobnail
$ ./docker.sh build-fobnail
  • Run both applications with TPM simulator:
$ ./docker.sh run-tmux

Install dependencies for building the project.

  • Install libcoap:
git clone --depth=1 --recursive -b 'develop' 'https://github.com/obgm/libcoap.git'
cd libcoap/
git checkout 2a329e1c763a47a910f075aad4478398aaaea400
./autogen.sh
./configure --disable-tests --disable-documentation --disable-manpages --disable-dtls --disable-shared \
               --enable-fast-install
make -j
sudo make install

Make sure that you do not have libcoap-1-0-dev installed, as the headers might conflict.

  • Install tpm2-tss package:
git clone --depth=1 -b '3.0.3' 'https://github.com/tpm2-software/tpm2-tss.git'
cd tpm2-tss
./bootstrap
./configure --enable-integration --disable-doxygen-doc
make -j
sudo make install
  • (Optional - when there is no discrete TPM) Install TPM2 Simulator:
  1. Download code from https://sourceforge.net/projects/ibmswtpm2/
  2. Unpack into any directory
cd ./src
make
./tpm_server

Or

git clone https://github.com/microsoft/ms-tpm-20-ref.git
cd ms-tpm-20-ref/TPMCmd
./bootstrap && ./configure && make
./Simulator/src/tpm2-simulator
  • (Optional - debugging and recovery from bad TPM state) Install tpm2-tools:
sudo apt install tpm2-tools

Or

git clone https://github.com/tpm2-software/tpm2-tools.git
cd tpm2-tools
./bootstrap
./configure --enable-integration --disable-doxygen-doc
make -j
sudo make install

Running the fobnail-attester

TPM2 simulator only section

TPM from simulator starts in partially initialized state and must be told to finish initialization before other commands can be used. To send Startup command use tool from tpm2-tools:

$ tpm2_startup -c

This should not be required for physical TPM because firmware should run this command during boot.

End of TPM2 simulator only section

The fobnail-attester needs to interact with TPM device. In order to connect to TPM device on system the fobnail-attester uses shared library libtss2-tcti*.so. By default if this is not additionally configured this library performs following steps:

  1. It tries to open corresponding device files "/dev/tpmrm0" or "/dev/tpm0". In this case operation requires CAP_SYS_ADMIN capability for process. In other words it must be run with superuser rights, e.g.:
$ sudo ./bin/fobnail-attester
  1. If the first step failed then the the application creates a TCP socket and connects to TPM Simulator (TPM Server). The default parameters for TCP connection are: address - localhost (127.0.0.1), destination ports are 2321 and 2322. The port number 2321 is used for receiving TPM commands and port number 2322 is used for Platform commands.

In the worst case the program returns error.

Troubleshooting

List below is not complete and gives most common, but not always proper solutions.

  • Esys Finish ErrorCode (0x00000100) - TPM_RC_INITIALIZE, returned when TPM2_Startup command was not send, see TPM2 simulator only section.

  • Esys Finish ErrorCode (0x00000902) - TPM_RC_OBJECT_MEMORY, "out of memory for object contexts". May be returned when internal TPM objects were allocated by some commands but never freed. Can be fixed by a reboot (discrete or firmware TPM), restart of TPM simulator, or by running tpm2_flushcontext -t which releases transient objects.

fobnail-attester's People

Contributors

krystian-hebel avatar arturkow2 avatar macpijan avatar 0xden avatar arturkow2000 avatar

Stargazers

A.Z. avatar Piotr Król avatar

Watchers

avatar avatar

fobnail-attester's Issues

Attestation succeeds only for the first time

Further attestation attempts fail due to libcoap caching responses - when attesting for the first time (during lifetime of fobnail-attester process) Fobnail reads RIMs (which also act as evidence), to protect against replay attacks each evidence request has nonce which is used for computing evidence signature. Due to response caching fobnail-attester responds with an old signature..
Because of that

  • if Fobnail reaches to a point where it reads RIMs then
  • further attempts of attestation will fail, fobnail-attester either has to be restarted or user has to wait a few minutes so libcoap drops old response
  • first attestation after provisioning also fails (during provisioning Fobnail reads RIMs)

With coap-client this problem looks differently - fobnail-attester still caches old responses, but to a new request with different nonce a response is generated. Over time old responses accumulate (dropped after a few minutes). It is unknown whether this may cause resource exhaustion, there may be some internal mechanism to prevent that.

We also use nonces for metadata, however metadata is not affected due to its small size (libcoap doesn't cache small responses).

Don't block TPM

Attester application requires access to TPM. In the current version it opens it once and keeps it open until the application is closed. As a consequence, no other application can access TPM while Attester is running. To fix this, Attester would have to open the connection at the beginning of every operation and close it after its done.

This also requires more thorough checking for errors, since other applications may leave TPM in unexpected state.

SystemD service bind to network interface

Currently, fobnail-attester.service is started by udev rule that matches with Fobnail VID/PID. The main problem with this approach is that the service is started before network interface is configured and fobnail-attester may randomly fail to initialize itself.
I have tried using

After=sys-subsystem-net-devices-fobnail.device
BindsTo=sys-subsystem-net-devices-fobnail.device

but it still doesn't work properly and service is started when the interface is created, instead of when it becomes active.

Attester loops with "Failed to verify EK certificate: no issuer certificate found'

I'm trying to follow instructions from blog post, after running ./docker.sh run-tmux I'm getting from client:

 INFO  fobnail::client        > Received EK certificate
 INFO  fobnail::client        > X.509 version 3
 WARN  fobnail::certmgr::x509 > Unknown OID 2.5.4.3
 INFO  fobnail::client        > Issuer: C = PL, ST = State, O = Fobnail
 WARN  fobnail::certmgr::x509 > Unknown OID 2.5.4.3
 INFO  fobnail::client        > Subject: C = PL, ST = State, O = Fobnail
 INFO  fobnail::client        > Key: RSA2048
 WARN  fobnail::certmgr::x509 > Unknown OID 2.5.4.3
 ERROR fobnail::client        > Failed to verify EK certificate: no issuer certificate found

And from attester:

ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpmrm0: No such file or directory
WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7f2ac3bf9520 failed with a000a
WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-device
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-device.c:440:Tss2_Tcti_Device_Init() Failed to open specified TCTI device file /dev/tpm0: No such file or directory
WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7f2ac3bf9520 failed with a000a
WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-device
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-device.so.0
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:223:tcti_control_command() Control command failed with error: 0
ERROR:tcti:src/tss2-tcti/tcti-swtpm.c:331:tcti_swtpm_set_locality() Failed to set locality: 0xa000a
WARNING:tcti:src/tss2-tcti/tcti-swtpm.c:600:Tss2_Tcti_Swtpm_Init() Could not set locality via control channel: 0xa000a
WARNING:tcti:src/tss2-tcti/tctildr.c:79:tcti_from_init() TCTI init for function 0x7f2ac3bf98d0 failed with a000a
WARNING:tcti:src/tss2-tcti/tctildr.c:109:tcti_from_info() Could not initialize TCTI named: tcti-swtpm
ERROR:tcti:src/tss2-tcti/tctildr-dl.c:154:tcti_from_file() Could not initialize TCTI file: libtss2-tcti-swtpm.so.0
AIK not found, generating one now. This may take a while...
Creating CoAP server endpoint using UDP.
Registering CoAP resources.
Entering main loop.
Received message: attest
Received message: ek
Received message: attest
Received message: attest
Received message: attest
Received message: attest

This seem to be infinite loop.

Command line switch to enable provisioning only when asked

Attester application plays the role of both the Attester, as well as Reference Value Provider. The latter is normally used only by administrator. Having it enabled during attestation may result in accidental provisioning of platform on a Fobnail Token that hadn't yet been used to provision a platform. Since attestation is done immediately after that for testing, it would report success in a way that may be hard to distinguish from normal attestation. Thus, provisioning should be enabled only on explicit command from the administrator.

Another option is to split current code into two separate applications, but a lot of code would be duplicated. This may also impact measurements, if Reference Value Provider and Attestation application is measured to one of quoted PCRs.

Add option to use offline EK certificate chain

During platform provisioning, platform hands on EK certificate chain to the Fobnail Token. It is obtained from URLs saved in each consecutive certificate in Authority Information Access extension. Attester application is able to download those automatically, but this requires Internet connection.

For some use cases, this may be unacceptable and there should be an option to pass certificate chain from the file instead.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.