microsoft / msrsec Goto Github PK

Security and Privacy Research at Microsoft

License: MIT License

C 94.56% Makefile 5.44%

msrsec's Introduction

Microsoft Research Security TAs

Trusted firmware for 32-bit and 64-bit ARM SoC's

This repository contains OP-TEE Trusted Applications (TAs) which implement a firmware Trusted Platform Module (TPM), and a UEFI authenticated variable store. These are provided as starting points for development of fTPM and AuthVars implementations.

Crypto Options

Each TA can link against either OpenSSL or WolfSSL crypto libraries.

Stand Alone OpenSSL

OpenSSL is provided as the default crypto option. OpenSSL's libcrypto.a is compiled and statically linked with each TA. Work was required to stub out many standard library functions which the OP-TEE environment does not provide. See the SASSL README.md for details.

WolfSSL

Please be aware of licensing considerations when using WolfSSL. To enable WolfSSL set the CFG_AUTHVARS_USE_WOLF=y and CFG_FTPM_USE_WOLF=y flags when building the TAs.

Building

Extra Installation Steps

The secure firmware utilizes the OP-TEE implementation of the Global Platform specifications. The OP-TEE project is not duplicated in this repository but is obtained directly from the public release (however some features of the fTPM will only work with the Microsoft fork of OP-TEE).

OP-TEE builds natively on Linux, however the following installation steps allow OP-TEE to be built under Windows using the Windows Subsystem for Linux (WSL). Only the optee_os repository is relevant for building the trusted firmware - the optee_client & optee_linuxdriver repositories are integration components for Linux and can serve as a reference for the Windows equivalent components. Note that optee_linuxdriver is GPL.

OP-TEE generates a build environment for trusted applications which is based on Make (See TA_DEV_KIT_DIR in the build directions). This build environment places several constraints on how the code is organized, which are explained in the relevant makefiles, and in the external library README.md. See the optee_os documentation for details about how OP-TEE build works.

1. Enable Windows Subsystem for Linux if needed

See instructions here.

The build has also been validated on Ubuntu 16.04.

2. Launch Bash

Search for "bash" in the start menu, OR press Windows key + 'R', then type bash.
Update if needed.

In WSL:

sudo apt-get update

3. Install the ARM tool chain

Install the ARM toolchain to a directory of your choice.

cd ~
wget https://releases.linaro.org/components/toolchain/binaries/6.4-2017.11/arm-linux-gnueabihf/gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf.tar.xz
tar xf gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf.tar.xz
rm gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf.tar.xz

4. Clone the OP-TEE source code

If you do not already have a version of the OP-TEE OS repo cloned on your machine you may run:

cd ~
git clone https://github.com/ms-iot/optee_os.git

Additional information on the Microsoft IoT fork of OP-TEE OS can be found here.

5. Build OP-TEE OS for the target platform

CROSS_COMPILE should point to the ARM toolchain installed in step 3.

cd ~/optee_os
CROSS_COMPILE=~/gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf- make PLATFORM=imx-mx6qhmbedge CFG_TEE_CORE_LOG_LEVEL=4 CFG_REE_FS=n CFG_RPMB_FS=y CFG_RPMB_TESTKEY=y CFG_RPMB_WRITE_KEY=y -j20

6. Clone the MSRSec source code

cd ~
git clone https://github.com/Microsoft/MSRSec.git

7. (Optional) Initialize the git submodules

The build system will determine which submodules are required at build time, but you can manually download them now. This will download the MSR TPM reference implementation, OpenSSL, and WolfSSL.

cd ~/MSRSec
git submodule update --init

Building the TAs

TA_CROSS_COMPILE should point to the ARM toolchain installed in step 3.

TA_DEV_KIT_DIR should point to the directory the optee_os TA devkit was compiled to in step 5.

-j increases the parallelism of the build process.

cd ~/MSRSec/TAs/optee_ta
TA_CPU=cortex-a9 TA_CROSS_COMPILE=~/gcc-linaro-6.4.1-2017.11-x86_64_arm-linux-gnueabihf/bin/arm-linux-gnueabihf- TA_DEV_KIT_DIR=~/optee_os/out/arm-plat-imx/export-ta_arm32 CFG_TEE_TA_LOG_LEVEL=2 make -j20

Debugging options you may want to add:

CFG_TEE_TA_LOG_LEVEL=3 1 is fatal errors only, other values increase debug tracing output.

CFG_TA_DEBUG=y Turns on debug output from the TAs, and enables extra correctness checks in the fTPM TA.

Contributing

This project welcomes contributions and suggestions. Most contributions require you to agree to a Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us the rights to use your contribution. For details, visit https://cla.microsoft.com.

When you submit a pull request, a CLA-bot will automatically determine whether you need to provide a CLA and decorate the PR appropriately (e.g., label, comment). Simply follow the instructions provided by the bot. You will only need to do this once across all repos using our CLA.

This project has adopted the Microsoft Open Source Code of Conduct. For more information see the Code of Conduct FAQ or contact [email protected] with any additional questions or comments.

msrsec's People

Contributors

Stargazers

Watchers

msrsec's Issues

Driver not loaded (qemu)

Hey all!

I'm building fTPM with OP-TEE on Qemu. Following the instructions, I got to build the solution but the driver didn't load. I got the following on my Normal World shell:

Starting tee-supplicant: OK
Starting network: OK
Starting network (udhcpc): OK
Starting tpm2-abrmd: device driver not loaded, skipping.

What am I missing?
also, how can I interect with the TA? how can i invoke it from normal world or how can I access it?

p.s: I see no evidence of the TA being loaded in the secure world.

Thanks in advance!

This repo is missing important files

There are important files that Microsoft projects should all have that are not present in this repository. A pull request has been opened to add the missing file(s). When the pr is merged this issue will be closed automatically.

Microsoft teams can learn more about this effort and share feedback within the open source guidance available internally.

Merge this pull request

size of response buffer not updated when executing commands

Hi everybody,

Thank you for the wonderful job done in this repo, it is being very helpful for the project of my master thesis. Using your TA I've been having two doubts at the moment:

I'm writing a Linux client (as i didn't find one available) in order to allow the ftpm running in OPTEE to communicate with TSS. I noticed that when submitting a regular TPM command, in fTPM_Submit_Command the size attribute of the response buffer (params[1].memref.size) is not updated with the value of respLen, contrarily to what is done for PPI commands (line 386 of ftpm.c). Is there a specific reason for this behavior?
Also, I can't seem to find an implemented way to invoke platform signals through the OPTEE interface. Should I add entries in TA_InvokeCommandEntryPoint to handle them, like it has been done for regular commands and physical presence, or there is already a way to do so?

Thanks in advance.

Unable to use fTPM

I am using a TI AM64xx board to enable fTPM. I did the below to see if would work:

Fetch the OpteeOS source code following TI instructions for the board and build it
Use the devkit from the above step to build fTPM trusted application following instructions here
Copy the resulting TA to /lib/optee_armtz folder of my boards file system.
Recompile board kernel to enable tpm_ftpm_tee module. Optee and TPM were enabled by default.

From the documentation, I should see a /dev/tpm interface visible so that I can communicate with the fTPM. But I do not see anything of this sort. I also see no messages (sane or error) telling me if the fTPM TA got loaded properly.

It would be really helpful to know if there any step I am missing? I am attaching the boot log with debug messages from Optee enabled, as well as some additional kernel logs around the optee kernel driver
sk_log_modifiedKernel_rebuilt_optee.txt

Thanks and Regards

fTPM TA crashes during Linux powerdown/reboot

I've found that the fTPM TA crashes consistently during Linux powerdown/reboot. The issue seems to be that the Linux TPM driver issues TPM2_Shutdown to attached TPMs during powerdown. The fTPM's implementation of TPM2_Shutdown makes some writes to storage, which fail because tee-supplicant is already stopped as a result of the powerdown.

         Stopping TEE Supplicant...
...
[  OK  ] Stopped TEE Supplicant.
...
[  OK  ] Finished System Reboot.
[  OK  ] Reached target System Reboot.
D/TA:  fTPM_Submit_Command:270 fTPM submit command
D/TA:  _plat__MarkDirtyBlocks:532 Marking blocks 1 to 2 dirty
D/TA:  _plat__MarkDirtyBlocks:532 Marking blocks 1 to 2 dirty
D/TA:  _plat__MarkDirtyBlocks:532 Marking blocks 1 to 2 dirty
D/TA:  _plat__MarkDirtyBlocks:532 Marking blocks 0 to 1 dirty
D/TA:  _plat__NvWriteBack:271 Start writeback.
D/TA:  _plat__NvWriteBack:290 Writing block at 0x4007c228 back
E/TC:? 0 
E/TC:? 0 TA panicked with code 0xffff000c
E/LD:  Status of TA bc50d971-d4c9-42c4-82cb-343fb7f37896
E/LD:   arch: aarch64
E/LD:  region  0: va 0x40004000 pa 0xa6200000 size 0x002000 flags rw-s (ldelf)
E/LD:  region  1: va 0x40006000 pa 0xa6202000 size 0x008000 flags r-xs (ldelf)
E/LD:  region  2: va 0x4000e000 pa 0xa620a000 size 0x001000 flags rw-s (ldelf)
E/LD:  region  3: va 0x4000f000 pa 0xa620b000 size 0x004000 flags rw-s (ldelf)
E/LD:  region  4: va 0x40013000 pa 0xa620f000 size 0x001000 flags r--s
E/LD:  region  5: va 0x40015000 pa 0xa7c00000 size 0x003000 flags rw-- (param)
E/LD:  region  6: va 0x40024000 pa 0x00001000 size 0x055000 flags r-xs [0]
E/LD:  region  7: va 0x40079000 pa 0x00056000 size 0x024000 flags rw-s [0]
E/LD:  region  8: va 0x4009d000 pa 0xa6289000 size 0x011000 flags rw-s (stack)
E/LD:   [0] bc50d971-d4c9-42c4-82cb-343fb7f37896 @ 0x40024000
E/LD:  Call stack:
E/LD:   0x40056400
E/LD:   0x4002505c
E/LD:   0x40025a08
E/LD:   0x4004b9c4
E/LD:   0x40047614
E/LD:   0x40024438
E/LD:   0x4005aac8
E/LD:   0x40052b98
D/TC:? 0 user_ta_enter:176 tee_user_ta_enter: TA panicked with code 0xffff000c
D/TC:? 0 destroy_ta_ctx_from_session:324 Remove references to context (0xa60d0ae8)
D/TC:? 0 destroy_context:308 Destroy TA ctx (0xa60d0ad0)
[  108.320534] tpm tpm0: ftpm_tee_tpm_op_send: SUBMIT_COMMAND invoke error: 0xffff3024
[  108.328217] tpm tpm0: tpm_try_transmit: send(): error -53212
[  108.353635] reboot: Restarting system

I was able to work around this with the following systemd unit that unloads the fTPM Linux driver before tee-supplicant is stopped:

[Unit]
Description=OP-TEE fTPM
After=tee-supplicant.service

[Service]
Type=oneshot
RemainAfterExit=true
ExecStop=sh -c "echo -n 'optee-ta-bc50d971-d4c9-42c4-82cb-343fb7f37896' > /sys/bus/tee/drivers/optee-ftpm/unbind"

[Install]
WantedBy=multi-user.target

But as far as I can tell, this is a bug. Does anyone have any thoughts on where this should be fixed? Or is my systemd unit likely the best solution here to get the appropriate order of operations?

Fallthorugh definition within OP-TEE 3.11-rc1 breaks fTPM compilation

OP-TEE introduced a #define fallthrough which is included in OP-TEE 3.11.0-rc1.
However this clashes with WolfSSL, leading to a compilation error:

| /home/phoenix/build/YOCTO.BSP-Pengutronix-Labgrid/build/tmp/work/cortexa7hf-neon-oe-linux-gnueabi/ms-ftpm-ref/1.0+gitAUTOINC+81abeb9fa9-r0/recipe-sysroot/usr/include/optee/export-user_ta/include/compiler.h:257:21: error: expected ')' before '__attribute__'
|   257 | #define fallthrough __attribute__((__fallthrough__))
|       |                     ^~~~~~~~~~~~~
| ./lib/wolf/wolf_symlink/wolfssl/wolfcrypt/types.h:184:50: note: in expansion of macro 'fallthrough'
|   184 |             #define FALL_THROUGH __attribute__ ((fallthrough));
|       |                                                  ^~~~~~~~~~~
| lib/wolf/wolf_symlink/wolfcrypt/src/asn.c:5062:9: note: in expansion of macro 'FALL_THROUGH'
|  5062 |         FALL_THROUGH;
|       |         ^~~~~~~~~~~~
| In file included from ./lib/wolf/wolf_symlink/wolfssl/wolfcrypt/asn.h:26,
|                  from lib/wolf/wolf_symlink/wolfcrypt/src/asn.c:53:
| ./lib/wolf/wolf_symlink/wolfssl/wolfcrypt/types.h:184:62: error: expected identifier or '(' before ')' token
|   184 |             #define FALL_THROUGH __attribute__ ((fallthrough));
|       |                                                              ^
| lib/wolf/wolf_symlink/wolfcrypt/src/asn.c:5062:9: note: in expansion of macro 'FALL_THROUGH'
|  5062 |         FALL_THROUGH;
|       |         ^~~~~~~~~~~~
| make[1]: *** [/home/phoenix/build/YOCTO.BSP-Pengutronix-Labgrid/build/tmp/work/cortexa7hf-neon-oe-linux-gnueabi/ms-ftpm-ref/1.0+gitAUTOINC+81abeb9fa9-r0/recipe-sysroot/usr/include/optee/export-user_ta/mk/compile.mk:159: ../out/AuthVars/./lib/wolf/wolf_symlink/wolfcrypt/src/asn.o] Error 1
| make[1]: Leaving directory '/home/phoenix/build/YOCTO.BSP-Pengutronix-Labgrid/build/tmp/work/cortexa7hf-neon-oe-linux-gnueabi/ms-ftpm-ref/1.0+gitAUTOINC+81abeb9fa9-r0/git/TAs/optee_ta/AuthVars'
| make: *** [Makefile:9: authvars] Error 2
| WARNING: exit code 1 from a shell command.

Relevant PR in OP-TEE can be found here: OP-TEE/optee_os#4125

Status of this repo

Are there plans for this repo to revive it after upstream dropping its OP-TEE bits completely (microsoft/ms-tpm-20-ref#97)?

MSRec not building because of warning in openssl

MSRSec has a link to openssl@3d753b0cefaa7e3d4b5d12d7805b20fabff1f385 (on the branch OpenSSL_1_1_1-stable) but this version of openssl doesn't build correctly with the compiler I'm using (arm-gnu-toolchain-11.3.rel1). The compilation stops because of this warning:

aarch64-none-linux-gnu-gcc -I/home/rpbeds/myagent/_work/1/s/MSRSec/external/ossl/include -fno-builtin -ffreestanding -nostdinc -mstrict-align -fshort-wchar -DOPENSSL_IMPLEMENTS_strncasecmp -DOPENSSL_NO_SOCK -DNO_SYSLOG -DOPENSSL_NO_DEPRECATED -DOPENSSL_NO_DGRAM -DOPENSSL_NO_UI_CONSOLE -DOPENSSL_NO_SOCK -DOPENSSL_NO_HW -DOPENSSL_NO_STDIO -DNO_CHMOD -DOPENSSL_NO_POSIX_IO -DRAND_DRBG_GET_RANDOM_NONCE -fPIC -fPIE -Os -Werror    -I. -Icrypto/include -Iinclude -Icrypto/ec/curve448/arch_32 -Icrypto/ec/curve448  -Wall -O3 --static -g -Os -DOPENSSL_USE_NODELETE -DOPENSSLDIR="\"/opt/openssl\"" -DENGINESDIR="\"/opt/openssl/lib/engines-1.1\"" -DNDEBUG -DOPENSSL_API_COMPAT=0x10100000L  -MMD -MF crypto/ec/curve448/f_generic.d.tmp -MT crypto/ec/curve448/f_generic.o -c -o crypto/ec/curve448/f_generic.o crypto/ec/curve448/f_generic.c
crypto/ec/curve448/f_generic.c:21:27: error: argument 1 of type 'uint8_t[56]' {aka 'unsigned char[56]'} with mismatched bound [-Werror=array-parameter=]
   21 | void gf_serialize(uint8_t serial[SER_BYTES], const gf x, int with_hibit)
      |                   ~~~~~~~~^~~~~~~~~~~~~~~~~
In file included from crypto/ec/curve448/f_generic.c:12:
crypto/ec/curve448/field.h:65:28: note: previously declared as 'uint8_t *' {aka 'unsigned char *'}
   65 | void gf_serialize(uint8_t *serial, const gf x, int with_highbit);
      |                   ~~~~~~~~~^~~~~~
cc1: all warnings being treated as errors
make[3]: *** [Makefile:2731: crypto/ec/curve448/f_generic.o] Error 1

This warning has been corrected in more recent versions of OpenSSL, including branch 1_1_1. (For example, the version https://github.com/openssl/openssl/releases/tag/OpenSSL_1_1_1v doesn't have this warning anymore)

Can you correct the link to openssl in MSRSec source code?

Thanks,
Stephane