Ismaël FEZZAZ
2015-09-21 10:38:10 UTC
Hi,
I am working on an arm embeded system with an i2c wired tpm chip:
Linux v2r1 3.14.36ltsi-yocto-standard #12 Tue Sep 15 11:57:15 CEST
2015 armv7l GNU/Linux
TPM 1.2 Version Info:
Chip Version: 1.2.66.4
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: ATML
TPM Version: 01010000
Manufacturer Info: 41544d4c
I am using u-boot as bootloader (without the tpm support activated) and current
kernel doesn't support IMA.
I wan't to seal data according to specific pcr value using the
tpm_sealdata tool.
However I don't understand how my pcrs are filled. After booting my
pcrs look like:
PCR-00: 1A 4C 62 11 32 C5 CC FA 94 9D 12 54 F6 9D 78 F2 E5 96 EF 5E
PCR-01: 64 2D F9 0B 17 52 C9 63 F9 8F D7 90 6D D7 50 9B 98 6F 5C 54
PCR-02: 06 E3 6B 6C 7E 2B AD 83 40 78 D1 85 4D ED A6 F8 91 DD A5 14
PCR-03: 73 C8 27 2D 15 C1 B6 3D EB C8 A1 56 E5 02 95 0E 83 E4 FD 35
PCR-04: 01 C2 11 F7 7B A9 A7 A9 11 0D 91 02 3D 61 B3 5A F2 09 3E 92
PCR-05: 85 9A F8 A4 A2 88 50 C9 01 52 50 21 52 19 6D DC 2E BE EF 92
PCR-06: C8 6D 16 2F A7 EB 2F 9E C6 3A C0 0C 29 1C 48 06 47 09 6C AD
PCR-07: 0E E3 6A 5A AD 64 17 97 58 65 94 E6 17 FC 34 95 44 93 D7 A5
PCR-08: 5A D3 04 56 C4 30 A4 E7 AC 31 10 6B 6D 76 72 56 FB D7 09 83
PCR-09: AD B6 40 37 99 8E 77 57 55 2A 49 8C 66 DB 82 8F D5 34 9F 55
PCR-10: B8 CB 44 B7 CC 69 F7 98 8C 59 37 19 6B 33 66 92 77 DA 9F 34
PCR-11: 3A AE 62 F9 2B 06 6D E4 BC 93 8F 5D 23 4A 16 19 4A 7A F3 F8
PCR-12: 50 C9 03 C7 7F 10 EB 9E AB C4 4B F1 88 F8 E5 01 9F 83 2B E3
PCR-13: 8F C7 CE D0 3E C2 F7 F2 C9 20 58 C6 4D EE 95 3E 83 B1 B2 66
PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I made a small program to extend pcrs' values: http://pastebin.com/5M7XXQYj
I found that if a extend a pcr it's value is reseted after reboot.
However when if I change multiple pcrs, only the last 2 pcrs that were extened
are reseted after reboot.
You can see this here: http://pastebin.com/k9pmxg0W
For each try, the extended pcrs are indicated and followed by tree arrays which
are respectively pcrs values before extend, after extend and after reboot.
Since I don't have a bios neither than IMA enabled in kernel or TPM support
in u-boot, when does pcrs are extended at boot, by what and using wich
measurement ?
What can explain the reset behaviour detailed above ?
Thanks for any help or reading you can point me to.
--
Eliams
------------------------------------------------------------------------------
I am working on an arm embeded system with an i2c wired tpm chip:
Linux v2r1 3.14.36ltsi-yocto-standard #12 Tue Sep 15 11:57:15 CEST
2015 armv7l GNU/Linux
TPM 1.2 Version Info:
Chip Version: 1.2.66.4
Spec Level: 2
Errata Revision: 3
TPM Vendor ID: ATML
TPM Version: 01010000
Manufacturer Info: 41544d4c
I am using u-boot as bootloader (without the tpm support activated) and current
kernel doesn't support IMA.
I wan't to seal data according to specific pcr value using the
tpm_sealdata tool.
However I don't understand how my pcrs are filled. After booting my
pcrs look like:
PCR-00: 1A 4C 62 11 32 C5 CC FA 94 9D 12 54 F6 9D 78 F2 E5 96 EF 5E
PCR-01: 64 2D F9 0B 17 52 C9 63 F9 8F D7 90 6D D7 50 9B 98 6F 5C 54
PCR-02: 06 E3 6B 6C 7E 2B AD 83 40 78 D1 85 4D ED A6 F8 91 DD A5 14
PCR-03: 73 C8 27 2D 15 C1 B6 3D EB C8 A1 56 E5 02 95 0E 83 E4 FD 35
PCR-04: 01 C2 11 F7 7B A9 A7 A9 11 0D 91 02 3D 61 B3 5A F2 09 3E 92
PCR-05: 85 9A F8 A4 A2 88 50 C9 01 52 50 21 52 19 6D DC 2E BE EF 92
PCR-06: C8 6D 16 2F A7 EB 2F 9E C6 3A C0 0C 29 1C 48 06 47 09 6C AD
PCR-07: 0E E3 6A 5A AD 64 17 97 58 65 94 E6 17 FC 34 95 44 93 D7 A5
PCR-08: 5A D3 04 56 C4 30 A4 E7 AC 31 10 6B 6D 76 72 56 FB D7 09 83
PCR-09: AD B6 40 37 99 8E 77 57 55 2A 49 8C 66 DB 82 8F D5 34 9F 55
PCR-10: B8 CB 44 B7 CC 69 F7 98 8C 59 37 19 6B 33 66 92 77 DA 9F 34
PCR-11: 3A AE 62 F9 2B 06 6D E4 BC 93 8F 5D 23 4A 16 19 4A 7A F3 F8
PCR-12: 50 C9 03 C7 7F 10 EB 9E AB C4 4B F1 88 F8 E5 01 9F 83 2B E3
PCR-13: 8F C7 CE D0 3E C2 F7 F2 C9 20 58 C6 4D EE 95 3E 83 B1 B2 66
PCR-14: 98 BB 81 70 A6 F3 7B 3A 4B 79 45 C0 15 2F DC EE 5F A1 1F 3B
PCR-15: 06 86 9D E0 B9 0E 0E D6 12 37 5C 9C 68 74 67 D2 7E 47 7B D4
PCR-16: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-17: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-18: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-19: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-21: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
PCR-22: FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF FF
PCR-23: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
I made a small program to extend pcrs' values: http://pastebin.com/5M7XXQYj
I found that if a extend a pcr it's value is reseted after reboot.
However when if I change multiple pcrs, only the last 2 pcrs that were extened
are reseted after reboot.
You can see this here: http://pastebin.com/k9pmxg0W
For each try, the extended pcrs are indicated and followed by tree arrays which
are respectively pcrs values before extend, after extend and after reboot.
Since I don't have a bios neither than IMA enabled in kernel or TPM support
in u-boot, when does pcrs are extended at boot, by what and using wich
measurement ?
What can explain the reset behaviour detailed above ?
Thanks for any help or reading you can point me to.
--
Eliams
------------------------------------------------------------------------------