Desktop version

Home arrow Computer Science arrow A Practical Guide to TPM 2.0

NV Indexes

The TPM requires the use of nonvolatile memory for two general classes of data:

• Data structures defined by the TPM architecture.

• Unstructured data defined by a user or a platform-specific specification

One use of TPM nonvolatile memory is for architecturally defined data, or fields defined in the TPM library specification. This includes hierarchy authorization values, seeds and proofs, and private data that the TPM won't reveal outside its secure boundary. It also includes counters, a clock, and more: nonvolatile data that the caller can read.

Nonvolatile memory can also hold structured data made persistent, such as a key.

This section describes a second use of NV memory: unstructured platform or userdefined space. This is sometimes called a user-defined index, because the user assigns an index (a handle) to each area and accesses data using the index value.

TPM 1.2 includes user-defined indexes that can hold unstructured data. The user defines the size and attributes of the index. The user can write data without any

restriction on the data value. The TPM provides authorization, controlling access to the index via a shared secret keyed-hash message authentication code (HMAC) key, Platform Configuration Register (PCR) values, locality, and physical presence, and provides various read and write locks.

TPM 2.0 expands the 1.2 features in several ways:

• An index can have the state “uninitialized, not yet written.” Reads will fail until the index is first written. Further, the index can't be used in a policy. A party relying on a value can be assured that a party with write authority initialized the index and that the data doesn't simply have a default or uninitialized value.

• As with any other protected entity, TPM 2.0 indexes may have either an authorization value or a policy.

• Another entity's policy can include an NV index value. The policy specifies an operation to be performed on all or part of the index value: a comparison to policy data. The operations include equal, not equal, signed, and unsigned comparisons, and a check for bits set or clear.

Another new NV index feature is the data type. It augments the 1.2 unstructured data type (now called ordinary) with three others, giving four NV index types:

• Ordinary

• Counter

• Bit field

• Extend

NV Ordinary Index

An ordinary index is like a TPM 1.2 index. It holds unstructured data of arbitrary length. In contrast with counter, bit-field, and extend indexes, there is no restriction on the type of data that can be written.

a platform contains a 20-byte secret that must be available early in a boot cycle. It stores the secret in an NV index. the index attribute TPMA_NV_PPREAD specifies that reads require platform authorization. the platform software, running early in the boot cycle, knows this authorization and so can read the secret. It's trusted not to reveal the secret once it completes its task. Because other software later in the boot cycle or beyond doesn't know the platform authorization, it can't read the secret.

the tpM commands are as follows:

• TPM2_NV_DefineSpace: Create an ordinary index,

size = 20 bytes, with platform authorization to read and write

• TPM2_NV_Read: Uses platform authorization

a platform OeM creates a certificate stating that an endorsement key is fixed to the platform and that the platform was manufactured with certain security guarantees. the OeM stores the certificate in NV during manufacturing. read access is unrestricted. Write access is restricted by policy to the OeM and is used to update the certificate.

the tpM commands are as follows:

• TPM2_NV_DefineSpace: Create an ordinary index, size of certificate, platform authorization to write, read with authorization value, and a null (zero-length) password

• TPM2_NV_Write: run with platform authorization

• TPM2_NV_Read: run with a null password

a user creates a set of keys with an identical policy, authorizing use if a password in the NV authorization field is known. the user permits access to all keys by supplying the correct secret value. the user writes one NV location to change the common password for all keys.

the tpM commands are as follows:

1. TPM2_NV_DefineSpace: ordinary index, size = 0 bytes (the NV data is not used in this use case), common password, policy password to change authorization.

2. Create a common policy: TPM2_PolicySecret with the name of the NV index.

3. TPM2_Create: Creates multiple keys with the common policy. userWithAuth is clear so that a policy is mandatory.

4. TPM2_NV_ChangeAuth: Changes the password for all keys in one operation, using the current password.

the It administrator places the hash of a public key in NVraM, which is locked so the user can't write to it. It's used to verify a public key, which is used in turn to verify that signatures are from It. Or it's the hash of the root public key of the certificate chain.

the tpM commands are as follows:

1. It creates the signing key and digests the public key.

2. Create a read policy: TPM2_PolicyCommandCode with the command TPM2_NV_Read. this policy allows anyone to read the index essentially without authorization.

3. TPM2_NV_DefineSpace ordinary index, size = digest size, It administrator password, password to write, policy to read with the above read policy.

4. TPM2_NV_Write with the It admin password, storing the public key digest.

and here's how to verify a signature:

1. TPM2_NV_Read read the public key digest.

2. Validate the public key against the digest.

3. Validate the signature against the public key.

In the Linux Integrity Measurement architecture (IMa) extended Verification Module (eVM), store an hMaC key that is released to the kernel early in the boot and then used by the kernel to verify the extended attributes of files to see that they have been approved for loading or use by the kernel.

the tpM commands are as follows:

• TPM2_NV_DefineSpace ordinary index, size = hMaC key size, It administrator password, password to write, policy to read with the above (anyone can read) read policy

• TPM2_NV_Write: With the It admin password, stores the hMaC key

• TPM2_NV_Read: reads the hMaC key

< Prev   CONTENTS   Next >

Related topics