dasharo-security/tpm-support.robot: Refactor TPM version and support … #507
Conversation
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
83272db to
e8086e0
Compare
|
It is not entirely redundant. See: #495 (comment) The test to verify TPM version in firmware should check if it is TPM 1.2 or 2.0 |
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
8534884 to
12b0d62
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
98700f0 to
5b01d14
Compare
|
This branch was rebased onto this #487 |
dasharo-security/tpm-support.robot
Outdated
| @@ -34,8 +34,8 @@ TPM001.001 TPM Support (firmware) | |||
| Login To Linux | |||
| Switch To Root User | |||
| Get Cbmem From Cloud | |||
| ${out}= Execute Command In Terminal cbmem -L | |||
| Should Contain ${out} TPM2 log | |||
| ${out}= Execute Command In Terminal cbmem -1 | grep -E 'TPM2 detected| TCPA log' | |||
There was a problem hiding this comment.
Previously it was cbmem -L not cbmem -1. Not sure if this will work as intended. because the first checks for some output in EDK2, and second is probably checking the event log created by coreboot? Anyway, such inconsistent checks are not something that we would like to have.
There was a problem hiding this comment.
Also there is a space before TCPA log which may affect the grep
There was a problem hiding this comment.
I have experienced segfault with cbmem -L on TPM 1.2 platforms.
Here's an ending of cbmem -L log:
TCPA log entry 16:
PCR: 2127990177
Event type: Unknown (0xc8a02c0e >= 19)
Digest: 4b204bba40ce87b9d818753c5f8d08181f480e6f
Event data:
7022cce803e7262d8852d03c0d0d21d80b28bd303b8b3a1b8649db978858e3f26abdbe9fba5cfa70667c936c2c2531cc0322876c26a5348c0102ee5592b96e822c054cdfc3fcc62078545d9c827d7ef9e58a8864e8014bc7ff15fa1351ba979a11[...]
The log actually continues as 300kB+ dump of random numbers, which ends at some point with a segfault.
Here's a little info that dmesg gives:
[ 1499.410096] cbmem[5238]: segfault at 7b35459d2000 ip 0000603bad38cdeb sp 00007fff858301f0 error 4 in cbmem[603bad38b000+4000] likely on CPU 2 (core 2, socket 0)
[ 1499.410111] Code: 3d f6 ff ff 48 8d 0d 14 58 00 00 ba ab 05 00 00 48 8d 35 e7 22 00 00 48 8d 3d 8d 24 00 00 e8 dc e5 ff ff 31 c9 31 c0 41 89 ce <0f> b6 54 05 00 4c 89 ee bf 01 00 00 00 31 c0 e8 a1 e6 ff ff 41 8d
cbmem -1 works no problem on both 1.2 and 2.0 platforms.
Within cbmem -1 logs, I have found a point which could be checked against for these TPM support cases:
For TPM 1.2 (coreboot TPM 1.2 measurements)
[DEBUG] TPM: Digest of `CBFS: fallback/payload` to PCR 2 measured
[DEBUG] Checking segment from ROM address 0xffc608ac
[DEBUG] Checking segment from ROM address 0xffc608c8
[DEBUG] Loading segment from ROM address 0xffc608ac
[DEBUG] code (compression=1)
[DEBUG] New segment dstaddr 0x00800000 memsize 0xe00000 srcaddr 0xffc608e4 filesize 0x151bb6
[DEBUG] Loading Segment: addr: 0x00800000 memsz: 0x0000000000e00000 filesz: 0x0000000000151bb6
[DEBUG] using LZMA
[DEBUG] Loading segment from ROM address 0xffc608c8
[DEBUG] Entry Point 0x00800850
[DEBUG] BS: BS_PAYLOAD_LOAD run times (exec / console): 1312 / 83 ms
[INFO ] coreboot TPM 1.2 measurements:
[INFO ] PCR-2 cf11730b6290e3ad42e0753f436edfe1612ec0fc SHA1 [FMAP: FMAP]
[INFO ] PCR-2 801df4236e0c7bdd1f980c4b45c7c19cc18282d8 SHA1 [CBFS: bootblock]
[INFO ] PCR-2 c1922cd3de966dc40257073496ae306ee0ffa1f6 SHA1 [CBFS: cmos.default]
[INFO ] PCR-2 9baee5f388d903d5b72e20697209cfa67a724e44 SHA1 [CBFS: fallback/romstage]
[INFO ] PCR-2 fd2b3cf1bd64b3928ffc916d7799c76e5fa96de0 SHA1 [CBFS: cmos_layout.bin]
[INFO ] PCR-2 9cc3514487871b14663e7ba29efc6fec5fed7c76 SHA1 [CBFS: sch5545_ecfw.bin]
[INFO ] PCR-2 48d7b91079795aae8b7082b76c10e3ca03520bad SHA1 [CBFS: fallback/postcar]
[INFO ] PCR-2 8efffbbf487c06d4328ce4fbba2314554f2a2925 SHA1 [CBFS: cpu_microcode_blob.bin]
[INFO ] PCR-2 ea3f3ba2449d59b7cf13ee645d640ba6a018acad SHA1 [CBFS: vbt.bin]
[INFO ] PCR-2 931a1ae3cd1cb7c815b2ebfd57bb6508e15d5edf SHA1 [CBFS: txt_bios_acm.bin]
[INFO ] PCR-2 b6e1865a9e3127b0ea67bdff6dbf33dd0235314b SHA1 [CBFS: txt_sinit_acm.bin]
[INFO ] PCR-2 931a1ae3cd1cb7c815b2ebfd57bb6508e15d5edf SHA1 [CBFS: txt_bios_acm.bin]
[INFO ] PCR-2 d599814817d3b807dfb4abc462b4606fac62b4c9 SHA1 [CBFS: fallback/dsdt.aml]
[INFO ] PCR-2 fd2b3cf1bd64b3928ffc916d7799c76e5fa96de0 SHA1 [CBFS: cmos_layout.bin]
[INFO ] PCR-2 d765e221f11f8c0233e5807ce37ae83fe6705346 SHA1 [CBFS: fallback/payload]
[DEBUG] BS: BS_PAYLOAD_BOOT entry times (exec / console): 0 / 128 ms
[DEBUG] ICH-NM10-PCH: watchdog disabled
[DEBUG] Jumping to boot code at 0x00800850(0x7fb48000)
and for TPM 2.0
[DEBUG] using LZMA
[SPEW ] [ 0x00800000, 01600000, 0x01600000) <- ff86c590
[DEBUG] Loading segment from ROM address 0xff86c574
[DEBUG] Entry Point 0x00800860
[SPEW ] Loaded segments
[DEBUG] BS: BS_PAYLOAD_LOAD run times (exec / console): 380 / 0 ms
[INFO ] coreboot skipped calling FSP notify phase: 00000040.
[INFO ] coreboot skipped calling FSP notify phase: 000000f0.
[INFO ] coreboot TCPA measurements:
[INFO ] PCR-2 1be8f33e0df7790491fa72960da3ed0ebbe73362c2803cf014169837e3fe097e SHA256 [FMAP: FMAP]
[INFO ] PCR-2 51cf039e2ca217e8718625815929e3d053287160a08d8f3ef380631a356546cf SHA256 [CBFS: bootblock]
[INFO ] PCR-2 32a677bcb45f59b452250d2692ba0fd5623fae9d49899868f3260b2e27bcbb0a SHA256 [CBFS: fallback/romstage]
[INFO ] PCR-2 5e8e90f12f4804625a0937d91fbe65210fdb60a0989e318cf91288a4b2bc1086 SHA256 [CBFS: fspm.bin]
[INFO ] PCR-2 9cc5f1dadf78d07a3879a756b9d4a8f3f0e7b269bc6b8a12ad4da329c1e79c4d SHA256 [CBFS: fallback/postcar]
[INFO ] PCR-2 a3f0752ce30dbadd95e5c16e85f29a339c049bea506db905ae1a086b94b68895 SHA256 [CBFS: fallback/ramstage]
[INFO ] PCR-2 90fe3367f6d5b14a7e4362a9bda859f302946db9dacbb02e240195969caecb1f SHA256 [CBFS: cpu_microcode_blob.bin]
[INFO ] PCR-2 5bf36bb2f18b2623c16dd48977e761d185d4bfe34aa87e636250990982ee1233 SHA256 [CBFS: fsps.bin]
[INFO ] PCR-2 59e0fad23a73f0c5765206f3be5521825ff26850587c18268b7617ff4078f515 SHA256 [CBFS: vbt.bin]
[INFO ] PCR-2 f034cbb27726e2f59a75115a822b1ec989548811361280ad0c3a064ebd30fea4 SHA256 [CBFS: fallback/dsdt.aml]
[INFO ] PCR-2 97650b169e466d377f62d6f6ca7b6ffd6a881b46645b6e7a2ff65ef890a746e5 SHA256 [CBFS: fallback/payload]
[DEBUG] Finalizing chipset.
[DEBUG] apm_control: Finalizing SMM.
Do these coreboot TPM/TCPA measurement lines make sense as targets for grep?
There was a problem hiding this comment.
I have experienced segfault with cbmem -L on TPM 1.2 platforms.
Looks like a bug in cbmem or coreboot
There was a problem hiding this comment.
Do these coreboot TPM/TCPA measurement lines make sense as targets for grep?
Relying on either coreboot TPM 1.2 measurements or coreboot TCPA measurements is not the right choice.
First, it is merely a print which may say anything, but it doesn't say which format is used or what TPM is really used. It just says what it tried to extend the PCRs with some values.
Secondly TCPA measurements and TPM1.2 measurements is equivalent per TPM specification.
If anything one could use the other prints to check for TPM version:
- UEFI Payload prints
TpmVersion: 0x2orTcg2ConfigPeimEntryPoint: TPM2 detectedwhen a TPM2.0 is connected. - coreboot prints
Found TPM SLB9670 TT 2.0 by Infineonon laptops. But on any other platform it may be different depending on the TPM chip used. So it is not a generic method of detecting TPM version. - When using UEFI Payload, one may enter setup then enter Device Manager and then check which TP msetup is present:
- for TPM 2.0 it will be
TCG2 Configuration - for TPM 1.2 it will be
TCG Configuration
There was a problem hiding this comment.
Changed the detection to use Device Manager to look for menu entries.
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
5b01d14 to
31bc60d
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
4 times, most recently
from
8bab4c2 to
a5c2700
Compare
|
Updated and rebased as per suggestions. Also, when testing this solution, I found an issue with OptiPlex platform Dasharo/dasharo-issues#1091 |
I gave you 3 options and it looks like you chose maybe the worst one. Of course this is not a good tradeoff from laptops perspective. But, was this test even being run on laptops if it only supports SSH tests over OS? Looks like option 1 is the best, but again it would be limited to UEFI payload only. Option 2 is the best since it uses coreboot log alone to determine the TPM chip. Based on the TPM chip we may derive what TPM version it is. But this requires the most work. |
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
0e885b2 to
39fc118
Compare
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
2 times, most recently
from
40a9e27 to
4550b3a
Compare
|
Made a change to use TPM chip as a base for validation. I also kept old log based detection, as a fallback mechanism in case chip detection fails (it happens on Optiplex due to log truncation). Should there be a warning that this mechanism was used? At the moment it only logs to console. Some TPM variables for various platforms are not set, but I tested it on few laptops and it seems to work correctly. |
|
Overall seems good, managed to get it to pass on OptiPlex with SeaBIOS (minus the network-related fails, which are a separate issue) |
dasharo-security/tpm-support.robot
Outdated
| @@ -101,7 +103,7 @@ TPM003.001 Check TPM Physical Presence Interface (firmware) | |||
| ... Interface is supported by the firmware. | |||
There was a problem hiding this comment.
a/a, not a firmware check it seems
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
4550b3a to
62ff978
Compare
|
Rebased and tested on Protectli vp3230 |
There was a problem hiding this comment.
The tests will stop working on laptops right? AS per #507 (comment)
Would be best to check cbmem log for a particular TPM model printed by coreboot (not edk2)
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
62ff978 to
936e39a
Compare
…tests This commit introduces two new variables, EXPECTED_TPM_CHIP and EXPECTED_TPM_VERSION. Additionally, refactor few keywords and tests within tpm-support.robot Signed-off-by: Sebastian Czapla <[email protected]>
SebastianCzapla
force-pushed
the
tpm_version_support_refactor
branch
from
936e39a to
765f7ba
Compare
…tests
Currently, TPM Support and TPM Version test are split into different tests groups. Merging of version and support checks into one allows us to skip few extra reboot cycles during testing. Additionally, it provides opportunity to add coverage for TPM 1.2