JustKernel

Security Through vTPM

What is TPM:
A Trusted Platform Module (TPM) is a microchip that is connected to the motherboard of a computer. The intent of a TPM is to create and store cryptographic keys, like RSA keys. One of the main function of the TPM is to measure the components loaded before the operating system, such as BIOS, kernel, boot loader etc. and to report the result to the user when the operating system is loaded.
In this page I plan evaluate if there already exists any suitable TPM emulators in order not to ‘reinvent the wheel’. If no suitable emulator existed then a basic TPM emulator may have to be implemented to some extent. The main focus
here would then be the development of a TPM emulator. However, if an already existing TPM emulator were to be used, the main focus would be to develop the structure of a TPM learning environment.

Open source options available for implementation of vTPM:

vTPM is the emulation of hardware TPM. Currently there are two available implementation of vTPM.
1) “TPM Emulator” (referred in this report as the ETH TPM Emulator): https://lists.nongnu.org/archive/html/qemu-devel/2015-04/msg01792.html
2) “Software TPM“ by IBM (referred in this report as the IBM software TPM): http://ibmswtpm.sourceforge.net/#SoftwareTPM
The first emulator was created by Mario Strasser at the Department of Computer Science, Swiss Federal Institute of Technology Zurich (ETH). This emulator had been released as an open source solution under the license GNU GPL (General Public License). This emulator was fairly well documented and it seemed to have been popular among users interested in a software TPM solution as it was linked to from the TCG website [38].
The second emulator was created by IBM and is targeted toward application development, education, and virtualization. This emulator is provided “as is” with an open source code.
ETH TPM Emulator

This emulator provides full support for TPM 1.2 and is portable due to its open source implementation. This solution actually also contains the MTM – Mobile Trusted Module for use in embedded devices. The compiled ETH TPM Emulator application runs a daemon in user space that is called tpmd. In order to directly communicate from an application to the ETH TPM Emulator daemon one needs to load the kernel module tpmd_dev into the Linux kernel.

General consensus is to use qemu based emulation approach.

Software TPM by IBM :

The IBM software TPM is targeted toward application development, education, and virtualization.
The IBM software TPM contains three folders: libtpm, tpm, and tpm_proxy. The folder tpm contains the TPM emulator, the libtpm contains the TPM commands and tpm_proxy contains proxies which can be used to connect a TCP/IP
based TPM interface to a hardware TPM device driver. This will not be needed in this project.
The IBM software TPM package contains four modules for use with TPM development and testing as displayed in the IBM software TPM architecture figure 4.3. These modules are [3]:
Software TPM : Current to TPM 1.2 revision 116 with updates to 117
libtpm : libtpm supports the Utilities. It compiles to a shared object or DLL. It provides a low-level API to TPM command ordinals.
Utilities : Utilities is a number of command line programs. Each typically maps directly to TPM command ordinals, but some support authorization session setup or context saving.
TPM Proxy: The TPM Proxy acts on one side as a TCP/IP socket server and on the other side as an interface to the TPM device driver. It passes commands from the socket to the device driver and passes responses from the device driver to the socket.
The IBM software TPM uses TCP/IP sockets as a communication interface. In practice this would mean that this emulator was ready to establish a connection between two systems, one running the actual emulator and the other running the communicating application

Conclusion:
Internally the TPM can be borken up into two parts. The upper part is the memory mapped IO (MMIO) interface. For the TPM 1.2 the Trusted Computing Group (TCG) has defined a standard interface called TPM Interface Standard (TIS) whose registers are in the 0x FED4 0000 – 0xFED4 4FFF address range. The specs for this interface can be found here.
http://www.trustedcomputinggroup.org/files/resource_files/87BCE22B-1D09-3519-ADEBA772FBF02CBD/TCG_PCClientTPMSpecification_1-20_1-00_FINAL.pdf
The lower part of the device would then be the core TPM that processes the TPM commands (aka ‘ordinals’). More than 100 different commands have been defined for this device. Specs for the ordinals can be found here:
http://www.trustedcomputinggroup.org/files/resource_files/646B5D4D-1D09-3519-AD21C36DEA87B4B8/tpmwg-mainrev62_Part3_Commands.pdf
The TIS interface collects the request messages and sends the completed requests to the TPM, the TPM then processes the command and sends the result message to the TIS which then may raise an interrupt to notify the driver to pick up the response.
IBM implementation of software TPM (vTPM) is more apt for our purpose as its architecture is more suited for virtualization environment. It provides the following features:
Emulation layer to imlement MMIO interface and cover TPM TIS specification.
swTPM that implements the functionality of the TPM like cryptography etc and implement 1.2 API.
The SWTPM package also provides several tools for using the CUSE TPM, creating certificates for a TPM, and simulating the manufacturing of a TPM by creating a TPM’s EK and platform certificates etc
CUSE interface for creation multiple instances of vTPM.
Required add-ons like libTPM that implement the low level interfaces.
No requirement for additional device driver.
Implementation details can be found here:
https://github.com/stefanberger/swtpm
https://github.com/stefanberger/qemu-tpm

Low Level interfaces:
CUSE TPM or swTPM provide TPM emulators with different frontend interfaces (TCP/IP socket interface or Linux CUSE interface).
QEMU emulator talks to the CUSE TPM using much of the functionality of the passthrough driver. for eg. the TPM commands and responses are sent to the CUSE TPM using read and write interface.
libtpm is the repository that implements the low level TPM APIs.
CUSE TPM passes the API calls to the libtpm.
CUSE TPM currently implements 15 different IOCTLs for controlling certain life cycle aspects of the emulated TPM.
CUSE TPM uses FUSE to create user space character device . /dev/vtpm.
CUSE TPM uses FUSE libraries for interfacing between kernel and user mode modules..

Patch Integration and compilation for implementation of software TPM.
QEMU-emulator : https://github.com/stefanberger/qemu-tpm based on QEMU 2.4 , master branch . tpm-2 preview branch for TPM 2.0 implementation.
Patches to support CUSE interface: https://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg00252.html
https://lists.gnu.org/archive/html/qemu-devel/2013-11/msg00674.html

libTPM: low level API calls to TPM .
https://github.com/stefanberger/libtpmshttps://lists.gnu.org/archive/html/qemu-devel/2011-02/msg03007.html