Trusted Execution Technology and TBoot Implementation - White Paper

ManualsBrandsHP ManualsTabletHP EliteBook 2740p Tablet PC (ENERGY STAR)

2009-2010 p/w Mobile Platforms (Montevina/Calpella)

Table of Contents:

Introduction .................................................................................................................................... 1

System Requirements .................................................................................................................. 2

BIOS TXT Settings ............................................................................................................................ 2

Fedora Installation .......................................................................................................................... 2

XEN 3.4.0 Installation ..................................................................................................................... 3

TBOOT Installation .......................................................................................................................... 4

TPM TOOLS 1.3.4 Installation .......................................................................................................... 5

LCP: Define Platform Owner Policy ................................................................................................... 5

Appendix A .................................................................................................................................... 7

For more information .................................................................................................................... 20

Introduction

HP has implemented the Trusted eXecution Technology (TXT), part of Intel‟s Safer Computing Initiative,

on certain models of 2009-2010 commercial notebooks. The purpose of this document is to provide a

step by step guideline to setup a TXT enabled environment.

The document will cover the following areas:

 BIOS settings related to TXT,

 Intel‟s Trusted Execution Technology,

 Trusted Boot and

 Launch Control Policies

Trusted eXecution Technology (http://www.intel.com/technology/security/), a hardware-based

mechanism that helps to protect against software-based attacks and protects the confidentiality and

integrity of data stored or created on the client PC by means of measured launch and protected

execution. In other words, TXT provides only the launch-time protection, i.e. ensure that the code we

load, is really what we intended to load - secure and not compromised by any virus attacks.

(http://download.intel.com/technology/security/downloads/315168.pdf).

The technology mainly depends on set of hardware extensions to Intel processors and chipsets that

boost the platform with security capabilities. Trusted Platform Module is another important hardware

component. The TPM module is used to store and compare hash values (of launched environment),

which provides much greater security than storing them in software or on the hard disk

Trusted boot (Tboot), an open source, pre- kernel/VMM module that uses Intel(R) Trusted Execution

Technology (Intel(R) TXT) to perform a measured and verified launch of an OS kernel/VMM

(http://sourceforge.net/projects/tboot, http://www.bughost.org/repos.hg/tboot.hg).

Summary of content (20 pages)

PAGE 1
2009-2010 p/w Mobile Platforms (Montevina/Calpella) Table of Contents: Introduction .................................................................................................................................... 1 System Requirements .................................................................................................................. 2 BIOS TXT Settings ............................................................................................................................
PAGE 2
Launch Control Policy (LCP) is a verification mechanism used to verify the Intel TXT „verified launch‟ processes. Based on the criteria/choice defined in the Platform Default (PD) policy set by the Platform Supplier (PS) or the Platform Owner (PO) policy set by the owner, the LCP determines whether the current platform configuration or environment meets the requirements and can be launched. System Requirements  Trusted Platform Module (TPM 1.
PAGE 3
7. At the next screen, select the time zone and after that choose a password of your choice (the default username is „root‟). 8. Install All Software packages, 1) office and productivity, 2) Software development, 3) Web Server. Don‟t install „Additional Fedora Software‟. Press 9. After installation is complete the system will ask for a reboot for the changes to take effect. 10.
PAGE 4
17. tar -xzvf xen-3.4.3.tar.gz 18. cd xen-3.4.3 19. make install-xen 20. make install-tools 21. edit the menu file (/boot/grub/menu.lst) and add the following grub entry: title Fedora Xen 3.4.3 (2.6.18.8-xen) root (hd0,0) kernel /xen-3.4.3.gz iommu=required module /vmlinuz-2.6.18.8-xen ro root=LABEL=/ rhgb module /initrd-2.6.18.8-xen.img 22. Make sure to check the root location and „root=LABEL=/‟ match with the first grub entry and points to the root partition. 23. Reboot the system.
PAGE 5
kernel /tboot.gz logging=serial,vga,memory module /xen-3.4.3.gz iommu=required module /vmlinuz-2.6.18.8-xen ro root=LABEL=/ rhgb module /initrd-2.6.18.8-xen.img module /sinit.bin 19. Make sure to check the root location and „root=LABEL=/‟ match with the first grub entry and points to the root partition. 20. Reboot the system. Enable TPM, VTD and TXT in the BIOS if not already done. 21. The next time you boot into the system, you can select the option at the boot menu to boot into „Fedora Tboot (2.6.18.
PAGE 6
For 2010 Calpella Platforms only: tpmnv_defindex -i owner -s 0x36 -p (creates owner index) 8. tpmnv_defindex -i 0x20000001 -s 512 -pv 0x02 -p (creates index 0x20000001 for verified launch policies. This index is hardcoded in tboot source code, so you can‟t use any other index to write the verified launch policies.
PAGE 7
Appendix A Sample Tboot serial output captured on 2010 Calpella platform(The actual output may vary depending on the system configuration): Intel(r) TXT Configuration Registers: STS: 0x000188c1 senter_done: TRUE sexit_done: FALSE mem_unlock: FALSE mem_config_lock: TRUE private_open: TRUE mem_config_ok: TRUE ESTS: 0x00 txt_reset: FALSE txt_wake_error: FALSE E2STS: 0x0000000000000006 slp_entry_error: FALSE secrets: TRUE block_mem: TRUE reset: FALSE ERRORCODE: 0x00000000 DIDVID: 0x0000000fa0008086 vendor_id: 0
PAGE 8
TBOOT: unavailable TBOOT: ********************************************* TBOOT: command line: logging=serial,vga,memory TBOOT: TPM is ready TBOOT: TPM nv_locked: TRUE TBOOT: read verified launch policy (512 bytes) from TPM NV TBOOT: policy: TBOOT: version: 2 TBOOT: policy_type: TB_POLTYPE_CONT_NON_FATAL TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 3 TBOOT: policy entry[0]: TBOOT: mod_num: 0 TBOOT: pcr: 18 TBOOT: hash_type: TB_HTYPE_IMAGE
PAGE 9
TBOOT: CPU is VMX-capable TBOOT: SMX is enabled TBOOT: TXT chipset and all needed capabilities present TBOOT: bios_data (@77720008, 2c): TBOOT: version: 3 TBOOT: bios_sinit_size: 0x0 (0) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 4 TBOOT: flags: 0x00000000 TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002 TBOOT: Error: write TPM error: 0x2.
PAGE 10
TBOOT: entry point: 0x00000008:00006427 TBOOT: scratch_size: 0x8f (143) TBOOT: info_table: TBOOT: uuid: {0x7fc03aaa, 0x46a7, 0x18db, 0xac2e, {0x69, 0x8f, 0x8d, 0x41, 0x7f, 0x5a}} TBOOT: ACM_UUID_V3 TBOOT: chipset_acm_type: 0x1 (SINIT) TBOOT: version: 3 TBOOT: length: 0x28 (40) TBOOT: chipset_id_list: 0x4e8 TBOOT: os_sinit_data_ver: 0x5 TBOOT: min_mle_hdr_ver: 0x00020000 TBOOT: capabilities: 0x0000000e TBOOT: rlp_wake_getsec: 0 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOO
PAGE 11
TBOOT: capabilities: 0x00000007 TBOOT: rlp_wake_getsec: 1 TBOOT: rlp_wake_monitor: 1 TBOOT: ecx_pgtbl: 1 TBOOT: MLE start=803000, end=823000, size=20000 TBOOT: ptab_size=3000, ptab_base=00800000 TBOOT: bios_data (@77720008, 2c): TBOOT: version: 3 TBOOT: bios_sinit_size: 0x0 (0) TBOOT: lcp_pd_base: 0x0 TBOOT: lcp_pd_size: 0x0 (0) TBOOT: num_logical_procs: 4 TBOOT: flags: 0x00000000 TBOOT: min_lo_ram: 0x0, max_lo_ram: 0x77400000 TBOOT: min_hi_ram: 0x0, max_hi_ram: 0x0 TBOOT: LCP module fou
PAGE 12
TBOOT: hash_alg: TB_HALG_SHA1 TBOOT: policy_control: 00000001 (EXTEND_PCR17) TBOOT: num_entries: 3 TBOOT: policy entry[0]: TBOOT: mod_num: 0 TBOOT: pcr: 18 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: 75 e6 10 32 35 f4 72 3d 93 ff ed fd 3b df b6 6c 02 e2 3c 12 TBOOT: policy entry[1]: TBOOT: mod_num: 1 TBOOT: pcr: 19 TBOOT: hash_type: TB_HTYPE_IMAGE TBOOT: num_hashes: 1 TBOOT: hashes[0]: 90 c6 1f 2d 92 89 a9 ad 57 cc 36 57 79 c8 74 fb ba a1 d0 ae TBOOT
PAGE 13
TBOOT: num_logical_procs: 4 TBOOT: flags: 0x00000000 TBOOT: TPM: write nv 20000002, offset 00000000, 00000004 bytes, return = 00000002 TBOOT: Error: write TPM error: 0x2.
PAGE 14
TBOOT: lcp_policy_hash: 08 b3 27 51 a4 52 21 c5 db 45 15 a9 ae 2e ff f9 f8 df e5 8f TBOOT: lcp_policy_control: 0x00000000 TBOOT: rlp_wakeup_addr: 0x77701d10 TBOOT: num_mdrs: 7 TBOOT: mdrs_off: 0x98 TBOOT: num_vtd_dmars: 184 TBOOT: vtd_dmars_off: 0x140 TBOOT: sinit_mdrs: TBOOT: 0000000000000000 - 00000000000a0000 (GOOD) TBOOT: 0000000000100000 - 0000000000f00000 (GOOD) TBOOT: 0000000001000000 - 0000000077700000 (GOOD) TBOOT: 0000000000000000 - 0000000000000000 (GOOD) TBOOT: 000000000
PAGE 15
TBOOT: verifying ILP is opt-out or has the same MSEG header with TXT.MSEG.BASE opt-out TBOOT: : succeeded. TBOOT: enabling SMIs on BSP TBOOT: mle_join.entry_point = 8031f0 TBOOT: mle_join.seg_sel = 8 TBOOT: mle_join.gdt_base = 804000 TBOOT: mle_join.gdt_limit = 3f TBOOT: joining RLPs to MLE with MONITOR wakeup TBOOT: rlp_wakeup_addr = 0x77701d10 TBOOT: cpu 4 waking up from TXT sleep TBOOT: waiting for all APs (3) to enter wait-for-sipi...
PAGE 16
TBOOT: entry[1] sig = HPET @ 0x773fb000 TBOOT: entry[2] sig = APIC @ 0x773fa000 TBOOT: entry[3] sig = MCFG @ 0x773f9000 TBOOT: entry[4] sig = TCPA @ 0x773f7000 TBOOT: entry[5] sig = SSDT @ 0x773d4000 TBOOT: entry[6] sig = SSDT @ 0x773d3000 TBOOT: entry[7] sig = SLIC @ 0x773d2000 TBOOT: entry[8] sig = DMAR @ 0x773d1000 TBOOT: DMAR table @ 0x773d1000 saved.
PAGE 17
(range from 0000000001154000 to 00000000018ebe00 is in E820_RAM) TBOOT: : succeeded. TBOOT: verifying module 3 of mbi (18ec000 - 18f45bf) in e820 table (range from 00000000018ec000 to 00000000018f45c0 is in E820_RAM) TBOOT: : succeeded. TBOOT: verifying module 4 of mbi (18f5000 - 18f504f) in e820 table (range from 00000000018f5000 to 00000000018f5050 is in E820_RAM) TBOOT: : succeeded.
PAGE 18
TBOOT: 0000000077700000 - 0000000077720000 (2) TBOOT: 0000000077720000 - 0000000077800000 (2) TBOOT: 0000000077800000 - 0000000078000000 (2) TBOOT: 00000000e0000000 - 00000000f0000000 (2) TBOOT: 00000000fec00000 - 00000000fec01000 (2) TBOOT: 00000000fed10000 - 00000000fed14000 (2) TBOOT: 00000000fed19000 - 00000000fed1a000 (2) TBOOT: 00000000fed1b000 - 00000000fed1c000 (2) TBOOT: 00000000fed1c000 - 00000000fed20000 (2) TBOOT: 00000000fed20000 - 00000000fed30000 (2) TBOOT: 00000000fee000
PAGE 19
TBOOT: PCR 18: 75 e6 10 32 35 f4 72 3d 93 ff ed fd 3b df b6 6c 02 e2 3c 12 TBOOT: PCR 18: 75 e6 10 32 35 f4 72 3d 93 ff ed fd 3b df b6 6c 02 e2 3c 12 TBOOT: PCR 19: 90 c6 1f 2d 92 89 a9 ad 57 cc 36 57 79 c8 74 fb ba a1 d0 ae TBOOT: PCR 19: 80 14 c6 56 fb 3d 33 ed 97 bd 08 d2 8f 35 f5 54 21 6c d4 3c TBOOT: PCRs before extending: TBOOT: PCR 17: f9 e2 11 49 6c 35 61 5e b8 e1 a9 1a e0 ed 4a 62 42 e2 ec 5e TBOOT: PCR 18: e8 4f 85 88 fc d6 9c eb ca 81 ad db 0d 2c 78 b0 7e a3 ab 20 TBOOT: PCRs after extend
PAGE 20
For more information HP Technology Center http://www.hp.com/go/techcenter Intel‟s Trusted eXecution Technology Home Page http://www.intel.com/technology/security/ Trusted Boot Home Page http://sourceforge.net/projects/tboot Trusted Boot Source http://www.bughost.org/repos.hg/tboot.hg/ © 2009 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.