From mboxrd@z Thu Jan  1 00:00:00 1970
From: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Subject: Re: vTPM Deep Quote validation
Date: Mon, 09 Mar 2015 10:40:13 -0400
Message-ID: <54FDB0CD.1080905@tycho.nsa.gov>
References: <CAAULxKLYQptBVMt6=NTZtqV8EHtq833VQKEeatDa2T7kpR=nRg@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; Format="flowed"
Content-Transfer-Encoding: 7bit
Return-path: <xen-devel-bounces@lists.xen.org>
In-Reply-To: <CAAULxKLYQptBVMt6=NTZtqV8EHtq833VQKEeatDa2T7kpR=nRg@mail.gmail.com>
List-Unsubscribe: <http://lists.xen.org/cgi-bin/mailman/options/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xen.org>
List-Help: <mailto:xen-devel-request@lists.xen.org?subject=help>
List-Subscribe: <http://lists.xen.org/cgi-bin/mailman/listinfo/xen-devel>,
	<mailto:xen-devel-request@lists.xen.org?subject=subscribe>
Sender: xen-devel-bounces@lists.xen.org
Errors-To: xen-devel-bounces@lists.xen.org
To: Emil Condrea <emilcondrea@gmail.com>, "xen-devel@lists.xen.org" <xen-devel@lists.xen.org>
List-Id: xen-devel@lists.xenproject.org

On 03/08/2015 07:41 AM, Emil Condrea wrote:
> I am trying to validate a Deep Quote request made by domU but I feel that
> something is missing. Right now when a domU requests TPM_ORD_DeepQuote:
> 1. vTPM:
> - unpacks the params: nonce, vTPM PCR selection and physical PCR selection
> - packs PCR_INFO_SHORT structure into buf that contains the selected vTPM
> PCRs
> - computes nonce as a SHA1 of: dquot_hdr, nonce, and previous packed buf
> - packs: nonce, physical PCR selection
> - receives physical pcr data and signature from manager and returns them to
> DomU
> 2. vTPM Manager
> - unpacks the params: nonce, PCR selection
> - execute TPM_Quote with: externalData = nonce
> - returns pcr data and signature to vTPM
>
> If domU user wants to validate the signature it has to do the exact process
> that the vtpm and manager did  but the virtual PCR values are not included
> in response, just physical ones.

The virtual machine can use TPM_PCRRead to get the value of the vTPM PCRs.
This is the same method that is used by the TPM_Quote2 command.

> We can include the vTPM PCRS in response or the manager must perform
> TPM_Quote using the nonce received from domU in order to be able to have a
> successful validation on the client side.

If you want a quote without any vTPM PCRs, you can specify an empty PCR mask
to get something fairly close to this behavior - the nonce will be combined
with an empty deep quote structure instead of passed directly.

> What do you think? Is there something that I am missing ?

It is useful to be able to ask for the current value of both physical and
virtual PCRs in a single atomic operation.  Including the value of all PCRs
in the response could make the reply packet too large (which is part of the
reason why TPM_Quote2 removed them).

-- 
Daniel De Graaf
National Security Agency