mirror of
https://github.com/nsacyber/HIRS.git
synced 2024-12-24 07:06:46 +00:00
[#105] Updated tpm_version to get data from TPM hardware.
The TPM 2 Provisioner gets packaged with an application called tpm_version, which reported hard-coded values for the TPM manufacturer and version. Now it collects those things from the TPM and reports them.
This commit is contained in:
parent
00099ebfc5
commit
74ab4d46b1
@ -5,7 +5,7 @@ MAINTAINER apl.dev3@jhuapl.edu
|
||||
# Install packages for building HIRS
|
||||
RUN yum -y update && yum clean all
|
||||
RUN yum groupinstall -y "Development Tools"
|
||||
RUN yum install -y wget java-1.8.0-openjdk-devel protobuf-compiler rpm-build cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel trousers-devel libcurl-devel
|
||||
RUN yum install -y wget java-1.8.0-openjdk-devel protobuf-compiler rpm-build cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel libcurl-devel
|
||||
|
||||
# Install EPEL
|
||||
WORKDIR /tmp
|
||||
|
@ -4,7 +4,7 @@ MAINTAINER apl.dev3@jhuapl.edu
|
||||
|
||||
# Install packages for building HIRS
|
||||
RUN yum -y update && yum clean all
|
||||
RUN yum install -y java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel trousers-devel libcurl-devel
|
||||
RUN yum install -y java-1.8.0-openjdk-devel protobuf-compiler rpm-build epel-release cmake make git gcc-c++ doxygen graphviz python libssh2-devel openssl protobuf-devel tpm2-tss-devel tpm2-abrmd-devel trousers-devel libcurl-devel
|
||||
RUN yum install -y cppcheck log4cplus-devel re2-devel
|
||||
|
||||
# Set Environment Variables
|
||||
|
@ -4,7 +4,12 @@ MAINTAINER apl.dev3@jhuapl.edu
|
||||
|
||||
# Install packages for building HIRS
|
||||
RUN apt-get update -y && apt-get upgrade -y && apt-get clean -y
|
||||
RUN apt-get -y install openjdk-8-jdk protobuf-compiler build-essential devscripts lintian debhelper cmake make git g++ doxygen graphviz cppcheck liblog4cplus-dev libssl-dev libprotobuf-dev libre2-dev libsapi-dev trousers libtspi-dev libcurl4-openssl-dev
|
||||
RUN apt-get -y install autoconf autoconf-archive automake libtool pkg-config m4 openjdk-8-jdk protobuf-compiler build-essential devscripts lintian debhelper cmake make git g++ doxygen graphviz cppcheck liblog4cplus-dev libssl-dev libprotobuf-dev libre2-dev libsapi-dev trousers libtspi-dev libcurl4-openssl-dev
|
||||
|
||||
# Install Newer TPM2-TSS & TPM2-Abrmd from Source for Building HIRS_ProvisionerTPM2
|
||||
RUN apt-get -y install wget libdbus-1-dev libglib2.0-dev
|
||||
RUN mkdir tpm2tss && cd tpm2tss && wget https://github.com/tpm2-software/tpm2-tss/releases/download/1.3.0/tpm2-tss-1.3.0.tar.gz && tar -xzf tpm2-tss-1.3.0.tar.gz && cd tpm2-tss-1.3.0 && ./configure && make && make install && cd ../ && cd ../
|
||||
RUN mkdir tpm2abrmd && cd tpm2abrmd && wget https://github.com/tpm2-software/tpm2-abrmd/releases/download/1.3.1/tpm2-abrmd-1.3.1.tar.gz && tar -xzf tpm2-abrmd-1.3.1.tar.gz && cd tpm2-abrmd-1.3.1 && ./configure && make && make install && cd ../ && cd ../
|
||||
|
||||
# Set Environment Variables
|
||||
ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64
|
||||
|
@ -93,7 +93,9 @@ list(APPEND REQUIRED_LIBS ${RE_LIB})
|
||||
find_library(TPM2_SAPI_LIB NAMES sapi tss2)
|
||||
find_library(TPM2_TCTI_DEVICE_LIB NAMES tcti-device tss2)
|
||||
find_library(TPM2_TCTI_SOCKET_LIB NAMES tcti-socket tss2)
|
||||
set(TPM2_TSS_LIBRARIES ${TPM2_SAPI_LIB} ${TPM2_TCTI_DEVICE_LIB} ${TPM2_TCTI_SOCKET_LIB})
|
||||
find_library(TPM2_TCTI_TABRMD_LIB NAMES tcti-tabrmd tss2)
|
||||
set(TPM2_TSS_LIBRARIES ${TPM2_SAPI_LIB} ${TPM2_TCTI_DEVICE_LIB}
|
||||
${TPM2_TCTI_SOCKET_LIB} ${TPM2_TCTI_TABRMD_LIB})
|
||||
list(APPEND REQUIRED_LIBS ${TPM2_TSS_LIBRARIES})
|
||||
|
||||
# Set variable to determine TSS SAPI import
|
||||
@ -145,6 +147,7 @@ add_executable(${PROJECT_NAME} src/TPM2_Provisioner.cpp ${PROJECT_CONFIG_FILES})
|
||||
|
||||
# In TPM 2.0 land, there is currently not a way to fetch the TPM version info
|
||||
add_executable(tpm_version src/tpm_version.cpp)
|
||||
target_link_libraries(tpm_version ${TPM2_SAPI_LIB} ${TPM2_TCTI_TABRMD_LIB})
|
||||
|
||||
# Link necessary libraries
|
||||
target_link_libraries(${PROJECT_NAME} TPM2_PROVISIONER_LIBRARY)
|
||||
|
@ -7,20 +7,21 @@ Please look up their respective names in the CentOS repositories.
|
||||
|
||||
If no available repository for the development environment contains the dependencies at an acceptable version level, it is expected that the packages be retrieved and built from their respective source repositories.
|
||||
|
||||
| Dependency | Version used | Minimum required | Repository | Project repository |
|
||||
| ----------------- | ------------ | ------------------ | --------------------- | -------------------------------------- |
|
||||
| cppcheck | 1.80 | 1.72 | CentOS 7 epel-release | http://cppcheck.sourceforge.net/ |
|
||||
| doxygen | 1.8.13 | 1.8.0 (estimated) | CentOS 7 base | https://github.com/doxygen/doxygen |
|
||||
| graphviz | 2.30.1 | 2.28.0 (estimated) | CentOS 7 base | https://gitlab.com/graphviz/graphviz |
|
||||
| gcc-c++ | 4.8.5 | 4.8.5 | CentOS 7 base | https://gcc.gnu.org/ |
|
||||
| libcurl-devel | 7.29.0 | 7.0.0 (estimated) | CentOS 7 base | https://github.com/curl/curl |
|
||||
| libssh2-devel | 1.4.3 | 1.4.3 (estimated) | CentOS 7 base | https://github.com/libssh2/libssh2 |
|
||||
| log4cplus-devel | 1.1.3 | 1.1.2 | CentOS 7 epel-release | https://github.com/log4cplus/log4cplus |
|
||||
| openssl-devel | 1.0.2k | 1.0.2g (estimated) | CentOS 7 base | https://github.com/openssl/openssl |
|
||||
| protobuf-compiler | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
|
||||
| protobuf-devel | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
|
||||
| re2-devel | 20160401 | 20160201 | CentOS 7 epel-release | https://github.com/google/re2 |
|
||||
| tpm2-tss-devel | 1.2.0 | 1.0.0 | CentOS 7 base | https://github.com/intel/tpm2-tss |
|
||||
| cmake | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
|
||||
| cpack | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
|
||||
| git | 1.8.3.1 | 1.6.0 (estimated) | CentOS 7 base | https://github.com/git/git |
|
||||
| Dependency | Version used | Minimum required | Repository | Project repository |
|
||||
| ----------------- | ------------ | ------------------ | --------------------- | -------------------------------------- |
|
||||
| cppcheck | 1.80 | 1.72 | CentOS 7 epel-release | http://cppcheck.sourceforge.net/ |
|
||||
| doxygen | 1.8.13 | 1.8.0 (estimated) | CentOS 7 base | https://github.com/doxygen/doxygen |
|
||||
| graphviz | 2.30.1 | 2.28.0 (estimated) | CentOS 7 base | https://gitlab.com/graphviz/graphviz |
|
||||
| gcc-c++ | 4.8.5 | 4.8.5 | CentOS 7 base | https://gcc.gnu.org/ |
|
||||
| libcurl-devel | 7.29.0 | 7.0.0 (estimated) | CentOS 7 base | https://github.com/curl/curl |
|
||||
| libssh2-devel | 1.4.3 | 1.4.3 (estimated) | CentOS 7 base | https://github.com/libssh2/libssh2 |
|
||||
| log4cplus-devel | 1.1.3 | 1.1.2 | CentOS 7 epel-release | https://github.com/log4cplus/log4cplus |
|
||||
| openssl-devel | 1.0.2k | 1.0.2g (estimated) | CentOS 7 base | https://github.com/openssl/openssl |
|
||||
| protobuf-compiler | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
|
||||
| protobuf-devel | 2.5.0 | 2.4.1 (estimated) | CentOS 7 base | https://github.com/google/protobuf |
|
||||
| re2-devel | 20160401 | 20160201 | CentOS 7 epel-release | https://github.com/google/re2 |
|
||||
| tpm2-tss-devel | 1.2.0 | 1.0.0 | CentOS 7 base | https://github.com/intel/tpm2-tss |
|
||||
| tpm2-abrmd-devel | 1.1.0 | 1.1.0 | CentOS 7 base | https://github.com/tpm2-software/tpm2-abrmd |
|
||||
| cmake | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
|
||||
| cpack | 2.8.12.2 | 2.6.0 (estimated) | CentOS 7 base | https://cmake.org/ |
|
||||
| git | 1.8.3.1 | 1.6.0 (estimated) | CentOS 7 base | https://github.com/git/git |
|
||||
|
@ -7,17 +7,19 @@ Please look up their respective names in the appropriate repositories.
|
||||
|
||||
If no available repository for the development environment contains the dependencies at an acceptable version level, it is expected that the packages be retrieved and built from their respective source repositories.
|
||||
|
||||
| Dependency | Version used | Minimum required | Repository | Project repository |
|
||||
| -------------------- | ------------ | ------------------ | --------------------- | -------------------------------------- |
|
||||
| cppcheck | 1.82 | 1.72 | Ubuntu 18.04 base | http://cppcheck.sourceforge.net/ |
|
||||
| doxygen | 1.8.13 | 1.8.0 (estimated) | Ubuntu 18.04 base | https://github.com/doxygen/doxygen |
|
||||
| graphviz | 2.40.1 | 2.28.0 (estimated) | Ubuntu 18.04 base | https://gitlab.com/graphviz/graphviz |
|
||||
| libcurl4-openssl-dev | 7.47.0 | 7.0.0 (estimated) | Ubuntu 18.04 base | https://github.com/curl/curl |
|
||||
| liblog4cplus-dev | 1.1.2 | 1.1.2 | Ubuntu 18.04 base | https://github.com/log4cplus/log4cplus |
|
||||
| libssl-dev | 1.1.0g | 1.0.2g (estimated) | Ubuntu 18.04 base | https://github.com/openssl/openssl |
|
||||
| protobuf-compiler | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
|
||||
| libprotobuf-dev | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
|
||||
| libre2-dev | 20180201 | 20160201 | Ubuntu 18.04 base | https://github.com/google/re2 |
|
||||
| libsapi-dev | 1.0.0 | 1.0.0 | Ubuntu 18.04 base | https://github.com/intel/tpm2-tss |
|
||||
| cmake | 3.10.2 | 2.6.0 (estimated) | Ubuntu 18.04 base | https://cmake.org/ |
|
||||
| git | 2.17.1 | 1.6.0 (estimated) | Ubuntu 18.04 base | https://github.com/git/git |
|
||||
| Dependency | Version used | Minimum required | Repository | Project repository |
|
||||
| -------------------- | ------------ | ------------------ | --------------------- | --------------------------------------------- |
|
||||
| cppcheck | 1.82 | 1.72 | Ubuntu 18.04 base | http://cppcheck.sourceforge.net/ |
|
||||
| doxygen | 1.8.13 | 1.8.0 (estimated) | Ubuntu 18.04 base | https://github.com/doxygen/doxygen |
|
||||
| graphviz | 2.40.1 | 2.28.0 (estimated) | Ubuntu 18.04 base | https://gitlab.com/graphviz/graphviz |
|
||||
| libcurl4-openssl-dev | 7.47.0 | 7.0.0 (estimated) | Ubuntu 18.04 base | https://github.com/curl/curl |
|
||||
| liblog4cplus-dev | 1.1.2 | 1.1.2 | Ubuntu 18.04 base | https://github.com/log4cplus/log4cplus |
|
||||
| libssl-dev | 1.1.0g | 1.0.2g (estimated) | Ubuntu 18.04 base | https://github.com/openssl/openssl |
|
||||
| protobuf-compiler | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
|
||||
| libprotobuf-dev | 3.0.0 | 2.4.1 (estimated) | Ubuntu 18.04 base | https://github.com/google/protobuf |
|
||||
| libre2-dev | 20180201 | 20160201 | Ubuntu 18.04 base | https://github.com/google/re2 |
|
||||
| libsapi-dev | 1.0.0 | 1.0.0 | Ubuntu 18.04 base | https://github.com/intel/tpm2-tss |
|
||||
| tpm2-tss | 1.3.0 | 1.3.0 | Source Code | https://github.com/tpm2-software/tpm2-tss |
|
||||
| tpm2-abrmd | 1.3.1 | 1.3.1 | Source Code | https://github.com/tpm2-software/tpm2-abrmd |
|
||||
| cmake | 3.10.2 | 2.6.0 (estimated) | Ubuntu 18.04 base | https://cmake.org/ |
|
||||
| git | 2.17.1 | 1.6.0 (estimated) | Ubuntu 18.04 base | https://github.com/git/git |
|
||||
|
@ -1,11 +1,188 @@
|
||||
#include <sapi/tpm20.h>
|
||||
#include <tcti/tcti-tabrmd.h>
|
||||
|
||||
#include <algorithm>
|
||||
#include <cstring>
|
||||
#include <iostream>
|
||||
#include <memory>
|
||||
#include <string>
|
||||
|
||||
using std::cout;
|
||||
using std::endl;
|
||||
using std::shared_ptr;
|
||||
using std::string;
|
||||
|
||||
int main(void) {
|
||||
cout << "Chip Version: 2.0.0.0" << endl;
|
||||
cout << "TPM Vendor ID: UNKN" << endl;
|
||||
return 0;
|
||||
/**
|
||||
* SapiContext is a class to encapsulate the TSS2_SYS_CONTEXT and its
|
||||
* creation.
|
||||
*/
|
||||
class SapiContext {
|
||||
/**
|
||||
* The TCTI Context.
|
||||
*/
|
||||
TSS2_TCTI_CONTEXT *tctiContext = nullptr;
|
||||
|
||||
/**
|
||||
* The SAPI Context.
|
||||
*/
|
||||
TSS2_SYS_CONTEXT *sapiContext = nullptr;
|
||||
|
||||
/**
|
||||
* Private Constructor
|
||||
*
|
||||
* The constructor is private because the goal of the class is to manage
|
||||
* the memory of the TSS2_TCTI_CONTEXT and TSS2_SYS_CONTEXT that are
|
||||
* allocated, which are forced to be done through the static create()
|
||||
* function. Since create() returns a shared_ptr<SapiContext>, there is no
|
||||
* way to leak memory by forgetting to free anything created by this class.
|
||||
* @param tcti_ctx the TCTI Context needed for creating the SAPI Context
|
||||
* @param sapi_ctx the SAPI Context needed to interact with the TSS
|
||||
*/
|
||||
SapiContext(TSS2_TCTI_CONTEXT* tcti_ctx, TSS2_SYS_CONTEXT* sapi_ctx)
|
||||
: tctiContext(tcti_ctx), sapiContext(sapi_ctx) {}
|
||||
|
||||
public:
|
||||
/**
|
||||
* Destructor.
|
||||
*/
|
||||
~SapiContext() {free(sapiContext); free(tctiContext);}
|
||||
|
||||
/**
|
||||
* Factory function for creating SapiContext objects and guaranteeing
|
||||
* that their memory will be freed by placing them into shared_ptr objects.
|
||||
*
|
||||
* @return a shared_ptr to a new SapiContext object
|
||||
*/
|
||||
static shared_ptr<SapiContext> create() {
|
||||
size_t size;
|
||||
TSS2_RC rc = tss2_tcti_tabrmd_init(nullptr, &size);
|
||||
if (rc != TSS2_RC_SUCCESS) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
TSS2_TCTI_CONTEXT *tContext
|
||||
= reinterpret_cast<TSS2_TCTI_CONTEXT*>(calloc(1, size));
|
||||
if (tContext == nullptr) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
rc = tss2_tcti_tabrmd_init(tContext, &size);
|
||||
if (rc != TSS2_RC_SUCCESS) {
|
||||
free(tContext);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
size = Tss2_Sys_GetContextSize(0);
|
||||
TSS2_SYS_CONTEXT *sContext
|
||||
= reinterpret_cast<TSS2_SYS_CONTEXT*>(calloc(1, size));
|
||||
if (sContext == nullptr) {
|
||||
free(tContext);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
TSS2_ABI_VERSION abi_version = {
|
||||
.tssCreator = TSSWG_INTEROP,
|
||||
.tssFamily = TSS_SAPI_FIRST_FAMILY,
|
||||
.tssLevel = TSS_SAPI_FIRST_LEVEL,
|
||||
.tssVersion = TSS_SAPI_FIRST_VERSION,
|
||||
};
|
||||
|
||||
rc = Tss2_Sys_Initialize(sContext, size, tContext, &abi_version);
|
||||
if (rc != TSS2_RC_SUCCESS) {
|
||||
free(sContext);
|
||||
free(tContext);
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
// To make sure the memory is not leaked, store the SapiContext in a
|
||||
// shared_ptr to make sure the destructor gets called and no copies
|
||||
// are made.
|
||||
return shared_ptr<SapiContext>(
|
||||
new SapiContext(tContext, sContext));
|
||||
}
|
||||
|
||||
TSS2_SYS_CONTEXT * getPointer() {return sapiContext;}
|
||||
};
|
||||
|
||||
/**
|
||||
* Returns the 4-byte string represented by the bytes of value.
|
||||
*
|
||||
* Assumes the bytes of value are reversed.
|
||||
* @param value the 4 bytes to be reversed and placed in the returned string
|
||||
* @return the string represented by value
|
||||
*/
|
||||
string reversedStringValue(UINT32 value) {
|
||||
string stringValue(sizeof value, 0);
|
||||
std::memcpy(&stringValue[0], &value, stringValue.size()); // copy bytes in
|
||||
std::reverse(stringValue.begin(), stringValue.end()); // reverse the bytes
|
||||
return stringValue;
|
||||
}
|
||||
|
||||
/**
|
||||
* The tpm_version application prints two lines to the terminal:
|
||||
* 1.) The TPM Chip Version, and
|
||||
* 2.) The TPM Manufacturer (4 character abbreviation)
|
||||
*
|
||||
* @return 0 if successful; 1 if not
|
||||
*/
|
||||
int main(void) {
|
||||
TPMS_CAPABILITY_DATA capability_data;
|
||||
TPMI_YES_NO more_data;
|
||||
shared_ptr<SapiContext> sapiContext = SapiContext::create();
|
||||
TSS2_RC rc;
|
||||
do {
|
||||
// The return code will be 4 bytes. The most significant byte
|
||||
// tells what software layer is reposible for a non-successful
|
||||
// attempt at executing the call. The other bytes provide the error
|
||||
// type. If we get a retry warning, we don't care which layer is
|
||||
// responsible, so we mask the lower 3 bytes and compare it to
|
||||
// TSS2_RC_RETRY to see if we need to try again.
|
||||
rc = Tss2_Sys_GetCapability(sapiContext->getPointer(), nullptr,
|
||||
TPM_CAP_TPM_PROPERTIES,
|
||||
PT_FIXED,
|
||||
MAX_TPM_PROPERTIES,
|
||||
&more_data,
|
||||
&capability_data,
|
||||
nullptr);
|
||||
} while ((rc & 0xfff) == TPM_RC_RETRY);
|
||||
|
||||
// There is nothing we can do if an error occurred. The HIRS Client will
|
||||
// know how to respond if this happens. No need to log anything.
|
||||
if (rc != TSS2_RC_SUCCESS) {
|
||||
return 1;
|
||||
}
|
||||
|
||||
// We only need to collect the following data from the TPM.
|
||||
string manufacturer;
|
||||
string majorVersion;
|
||||
float minorVersion;
|
||||
|
||||
for (size_t i = 0; i < capability_data.data.tpmProperties.count; ++i) {
|
||||
TPMS_TAGGED_PROPERTY & p
|
||||
= capability_data.data.tpmProperties.tpmProperty[i];
|
||||
TPM_PT property = p.property;
|
||||
|
||||
// All data is in the form of a UINT32, even if it represents a string.
|
||||
// For strings, the bytes are in the wrong endianness and are not
|
||||
// null-terminated.
|
||||
UINT32 value = p.value;
|
||||
|
||||
switch (property) {
|
||||
case TPM_PT_FAMILY_INDICATOR:
|
||||
majorVersion = reversedStringValue(value);
|
||||
break;
|
||||
case TPM_PT_REVISION:
|
||||
// The minor version has two decimal places, but since it is
|
||||
// stored as an integer, it is stored as 100 times its value.
|
||||
minorVersion = value / 100.0f;
|
||||
break;
|
||||
case TPM_PT_MANUFACTURER:
|
||||
manufacturer = reversedStringValue(value);
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
cout << "Chip Version: " << majorVersion << "." << minorVersion << endl;
|
||||
cout << "TPM Vendor ID: " << manufacturer << endl;
|
||||
return 0;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user