mirror of
https://github.com/google/go-attestation.git
synced 2025-01-12 23:59:44 +00:00
95 lines
3.6 KiB
Markdown
95 lines
3.6 KiB
Markdown
# Credential Activation
|
|
|
|
Credential activation remotely proves a specific attestation key resides on
|
|
the same TPM as a specific endorsement key. Because the endorsement key is the
|
|
cryptographic identifier for a TPM (and by extension, the device), credential
|
|
activation enables a remote system to establish trust in a new key, which can
|
|
then be used to encrypt or attest on behalf of the device.
|
|
|
|
Credential Activation is a poorly documented TPM concept. This document
|
|
aims to explain how it works and what it is used for, without assuming any
|
|
knowledge of the TCG specifications.
|
|
|
|
## Overview
|
|
|
|
Abstractly: credential activation allows a remote party to verify one key is
|
|
on the same TPM as another key, and that the key has a specific set of
|
|
properties.
|
|
|
|
The description in the first paragraph describes the activation of an
|
|
attestation key with the endorsement key. While this is the most common use
|
|
of credential activation, any two asymmetric key-pairs in the TPM can be
|
|
used.
|
|
|
|
### How it works
|
|
|
|
The credential activation procedure involves the remote end generating a
|
|
specially-crafted, encrypted challenge for the TPM to process. The server
|
|
generates this challenge based on knowledge of two TPM keys (specifically,
|
|
their public keys and key properties), and the secret data it wishes to
|
|
encrypt.
|
|
|
|
This challenge can be decrypted by the TPM using the `ActivateCredential`
|
|
command. Through this command, the user presents to the TPM:
|
|
|
|
* The encrypted challenge generated by the server
|
|
* A handle to the 1st key
|
|
* A handle to the 2nd key
|
|
|
|
If the keys and their properties are present on the TPM, and match exactly
|
|
the keys the server used to generate the challenge, the TPM will decrypt
|
|
the secret contained within, and return it as the response to the command.
|
|
|
|
## Why use credential activation?
|
|
|
|
**TL;DR: Credential activation lets you trust a new key.**
|
|
|
|
While devices are typically identified by the endorsement key burned into
|
|
their TPM, key usage restrictions set on most endorsement keys mean they
|
|
typically cannot be used for signing or attestation. As such a different
|
|
key is needed.
|
|
|
|
After the new key is generated on the TPM, the credential activation
|
|
procedure allows you to prove that:
|
|
|
|
* The new key has acceptable properties (ie: A key intended for attestation
|
|
can only be used in attestation commands, and the key material cannot be
|
|
exported).
|
|
* The new key is present & on the same TPM as an endorsement key.
|
|
|
|
Once credential activation completes successfully, the remote end can be
|
|
sure of the properties of the key & which device it was generated for, and
|
|
start trusting the use of the new key on behalf of the device.
|
|
|
|
## Detailed process
|
|
|
|
### Glossary
|
|
|
|
**Activation key** - The first public key. Credential activation verifies that
|
|
this key is resident on the TPM, *and it has a specific set of properties.*
|
|
|
|
**Anchor key** - The second public key. Credential activation verifies this
|
|
key is resident on the same TPM as the activation key.
|
|
|
|
### Sequence of operations
|
|
|
|
![sequence diagram](credential_activation.png)
|
|
|
|
1. The Client device informs the server of the public keys of both the anchor
|
|
and activation key, as well as communicating the key properties of the
|
|
activation key.
|
|
|
|
2. The server computes the activation challenge, as described below. This
|
|
challenge is sent back to the client.
|
|
|
|
3. The Client invokes the `ActivateCredential` command, providing the encrypted
|
|
challenge from the server, and handles to the two keys.
|
|
|
|
4. If the keys handles presented have public keys / properties matching those
|
|
the server used when computing the challenge, the TPM will be able to
|
|
decrypt and return the secret.
|
|
|
|
## Appendix: Generating the credential activation challenge
|
|
|
|
TODO
|