Consider a nonce in NVRAM when computing the EK Template (Fixes #236). (#238)

PiperOrigin-RevId: 394112776

Co-authored-by: Tom D'Netto <jsonp@google.com>

README.md

@@ -15,7 +15,7 @@ Talks on this project:
 
 ## Status
 
-Go-Attestation is under active development and **is not** ready for production use. Expect
+Go-Attestation is under active development. Expect
 API changes at any time.
 
 Please note that this is not an official Google product.

attest/tpm.go

@@ -37,7 +37,8 @@ const (
 	tpmPtFwVersion1   = 0x00000100 + 11 // PT_FIXED + offset of 11
 
 	// Defined in "Registry of reserved TPM 2.0 handles and localities".
-	nvramCertIndex = 0x1c00002
+	nvramCertIndex    = 0x1c00002
+	nvramEkNonceIndex = 0x1c00003
 
 	// Defined in "Registry of reserved TPM 2.0 handles and localities", and checked on a glinux machine.
 	commonSrkEquivalentHandle = 0x81000001

attest/wrapped_tpm20.go

@@ -31,8 +31,26 @@ import (
 
 // wrappedTPM20 interfaces with a TPM 2.0 command channel.
 type wrappedTPM20 struct {
-	interf TPMInterface
+	interf        TPMInterface
-	rwc    CommandChannelTPM20
+	rwc           CommandChannelTPM20
+	tpmEkTemplate *tpm2.Public
+}
+
+func (t *wrappedTPM20) ekTemplate() (tpm2.Public, error) {
+	if t.tpmEkTemplate != nil {
+		return *t.tpmEkTemplate, nil
+	}
+
+	nonce, err := tpm2.NVReadEx(t.rwc, nvramEkNonceIndex, tpm2.HandleOwner, "", 0)
+	if err != nil {
+		t.tpmEkTemplate = &defaultEKTemplate // No nonce, use the default template
+	} else {
+		template := defaultEKTemplate
+		copy(template.RSAParameters.ModulusRaw, nonce)
+		t.tpmEkTemplate = &template
+	}
+
+	return *t.tpmEkTemplate, nil
 }
 
 func (*wrappedTPM20) isTPMBase() {}
@@ -79,7 +97,11 @@ func (t *wrappedTPM20) getPrimaryKeyHandle(pHnd tpmutil.Handle) (tpmutil.Handle,
 	case commonSrkEquivalentHandle:
 		keyHnd, _, err = tpm2.CreatePrimary(t.rwc, tpm2.HandleOwner, tpm2.PCRSelection{}, "", "", defaultSRKTemplate)
 	case commonEkEquivalentHandle:
-		keyHnd, _, err = tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", defaultEKTemplate)
+		var tmpl tpm2.Public
+		if tmpl, err = t.ekTemplate(); err != nil {
+			return 0, false, fmt.Errorf("ek template: %v", err)
+		}
+		keyHnd, _, err = tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", tmpl)
 	}
 	if err != nil {
 		return 0, false, fmt.Errorf("CreatePrimary failed: %v", err)
@@ -102,7 +124,12 @@ func (t *wrappedTPM20) eks() ([]EK, error) {
 	}
 
 	// Attempt to create an EK.
-	ekHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", defaultEKTemplate)
+	tmpl, err := t.ekTemplate()
+	if err != nil {
+		return nil, fmt.Errorf("ek template: %v", err)
+	}
+
+	ekHnd, _, err := tpm2.CreatePrimary(t.rwc, tpm2.HandleEndorsement, tpm2.PCRSelection{}, "", "", tmpl)
 	if err != nil {
 		return nil, fmt.Errorf("EK CreatePrimary failed: %v", err)
 	}