-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Output raw command parameters for policy commands #3441
Comments
Actually, the Policies would only require the hash of the command parameters. |
I think i'd need the raw (unhashed parameters (the actual cpBuffer) atleast for the Policy part from that link above "This is a binary string representing a fully marshalled, TPM ordered, command body for the TPM policy command. Therefore to send the command, the implementation simply marshals the command code and appends this octet string as the body" for example if i encoded the pcr parameter into the PEM file like so:
i can regenerate the pcr policy directly and use that in an actual command // TPM2BDigest struct section 10.4.2 https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-2-Structures-01.38.pdf
// size UINT16
// buffer[size]{:sizeof(TPMU_HA)} BYTE
// get the length of the digest, first 2bytes is length of buffer
commandParameter := "0020e2f61c3f71d1defd3fa999dfa36953755c690689799962b48bebd836974e8cf900000001000b03000080"
l := binary.BigEndian.Uint16(commandParameter[:2])
dgst := commandParameter[:l+2]
d, err := tpm2.Unmarshal[tpm2.TPM2BDigest](dgst)
t, err := tpm2.Unmarshal[tpm2.TPMLPCRSelection](commandParameter[l+2:])
_, err = tpm2.PolicyPCR{
PolicySession: sess2.Handle(),
PcrDigest: *d,
Pcrs: *t,
}.Execute(rwr) so the bit i'm looking for is someway to get |
oh, right, it is the hash that i'm after. however, eg, i'd run
where |
I don't understand the usecase for this. |
the basic usecase is i needed to command parameters so that i can regenerate the policy at a later time. I can give an example in go...the following creates the PCRPolicy command bytes for pcr=23 and the pcr sequence shown here sel := tpm2.TPMLPCRSelection{
PCRSelections: []tpm2.TPMSPCRSelection{
{
Hash: tpm2.TPMAlgSHA256,
PCRSelect: tpm2.PCClientCompatible.PCRs(pcr),
},
},
}
expectedDigest, err := getExpectedPCRDigest(rwr, sel, tpm2.TPMAlgSHA256)
// now marshal each part and then concat them; thats the actual raw command thats run
// 23.7 TPM2_PolicyPCR https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-3-Commands-01.38.pdf
pcrSelectionSegment := tpm2.Marshal(sel)
pcrDigestSegment := tpm2.Marshal(tpm2.TPM2BDigest{
Buffer: expectedDigest,
})
commandParameter := append(pcrDigestSegment, pcrSelectionSegment...)
log.Printf("commandParameter %s", hex.EncodeToString(commandParameter)) the command parameter amounts to which is the bit i'm after with tpm2tools i don't use that value directly immediately but use that bytes to regenerate the policy itself later on somewhere else like this So, the usecase i'm creating a key and policy but having a way to keep the policy command saved somewhere so i can apply that to fulfil the policy and use the key later on |
Is there anyway to output the raw/wire parameters for policy commands? (before any parameter encryption)
I'm trying to generate the policy command code described in https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#section-4.1.2.
Basically the raw command parameters for a given policy. In the command sequence below, i'm setting a pcr and auth policy for an object but what i'd like to see is the raw command parameter for any one of those policy definitions
the PCR policy command set i'm after in the case above would be like this as derived from the tcp dump and from golang here
The text was updated successfully, but these errors were encountered: