Consider a nonce in NVRAM when computing the EK Template (Fixes #236). (#238)

PiperOrigin-RevId: 394112776 Co-authored-by: Tom D'Netto <jsonp@google.com>
2025-01-31 07:55:22 +00:00 · 2021-08-31 17:45:37 -07:00 · 2021-08-31 17:45:37 -07:00 · 5410759ddc
commit 5410759ddc
parent cc52e2d143
3 changed files with 34 additions and 6 deletions
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@ Talks on this project:

 ## Status

-Go-Attestation is under active development and **is not** ready for production use. Expect
+Go-Attestation is under active development. Expect
 API changes at any time.

 Please note that this is not an official Google product.
--- a/attest/tpm.go
+++ b/attest/tpm.go
@ -37,7 +37,8 @@ const (
 	tpmPtFwVersion1   = 0x00000100 + 11 // PT_FIXED + offset of 11

 	// Defined in "Registry of reserved TPM 2.0 handles and localities".
-	nvramCertIndex = 0x1c00002
+	nvramCertIndex    = 0x1c00002
+	nvramEkNonceIndex = 0x1c00003

 	// Defined in "Registry of reserved TPM 2.0 handles and localities", and checked on a glinux machine.
 	commonSrkEquivalentHandle = 0x81000001
--- a/attest/wrapped_tpm20.go
+++ b/attest/wrapped_tpm20.go
@ -31,8 +31,26 @@ import (

 // wrappedTPM20 interfaces with a TPM 2.0 command channel.
 type wrappedTPM20 struct {
-	interf TPMInterface
-	rwc    CommandChannelTPM20
+	interf        TPMInterface
+	rwc           CommandChannelTPM20
+	tpmEkTemplate *tpm2.Public
+}
+
+func (t *wrappedTPM20) ekTemplate() (tpm2.Public, error) {
+	if t.tpmEkTemplate != nil {
+		return *t.tpmEkTemplate, nil
+	}
+
+	nonce, err := tpm2.NVReadEx(t.rwc, nvramEkNonceIndex, tpm2.HandleOwner, "", 0)
+	if err != nil {
+		t.tpmEkTemplate = &defaultEKTemplate // No nonce, use the default template
+	} else {
+		template := defaultEKTemplate
+		copy(template.RSAParameters.ModulusRaw, nonce)
+		t.tpmEkTemplate = &template
+	}
+
+	return *t.tpmEkTemplate, nil
 }

 func (*wrappedTPM20) isTPMBase() {}
@ -79,7 +97,11 @@ func (t *wrappedTPM20) getPrimaryKeyHandle(pHnd tpmutil.Handle) (tpmutil.Handle,
 	case commonSrkEquivalentHandle:
 		keyHnd, _, err = tpm2.CreatePrimary(t.rwc, tpm2.HandleOwner, tpm2.PCRSelection{}, "", "", defaultSRKTemplate)
 	case commonEkEquivalentHandle:
-		keyHnd, _, err = tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", defaultEKTemplate)
+		var tmpl tpm2.Public
+		if tmpl, err = t.ekTemplate(); err != nil {
+			return 0, false, fmt.Errorf("ek template: %v", err)
+		}
+		keyHnd, _, err = tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", tmpl)
 	}
 	if err != nil {
 		return 0, false, fmt.Errorf("CreatePrimary failed: %v", err)
@ -102,7 +124,12 @@ func (t *wrappedTPM20) eks() ([]EK, error) {
 	}

 	// Attempt to create an EK.
-	ekHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", defaultEKTemplate)
+	tmpl, err := t.ekTemplate()
+	if err != nil {
+		return nil, fmt.Errorf("ek template: %v", err)
+	}
+
+	ekHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", tmpl)
 	if err != nil {
 		return nil, fmt.Errorf("EK CreatePrimary failed: %v", err)
 	}