1 / 24

Software TPM in a Virtual Machine

Software TPM in a Virtual Machine. Jordan Jump. Go to next slide to begin the presentation …. Original Proposal. Demonstrate a software-only TPM within a virtual machine Generally equivalent to real TPM, except doesn’t contain correct certificate to link to CA.

claudia
Download Presentation

Software TPM in a Virtual Machine

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Software TPMin aVirtual Machine Jordan Jump Go to next slide to begin the presentation … Cpre681 - Semester Project - Jordan Jump

  2. Original Proposal • Demonstrate a software-only TPM within a virtual machine • Generally equivalent to real TPM, except doesn’t contain correct certificate to link to CA. • Guest OS within VM doesn’t know not HW (excepting the certificate) Cpre681 - Semester Project - Jordan Jump

  3. Physical PC Diagram • TPM typically located on Low Pin Count (LPC) bus • Shares bus with other low rate peripherals Cpre681 - Semester Project - Jordan Jump

  4. Accessing a Physical TPM v1.1 • x86 has two address spaces • Typical memory addressing • I/O addressing • I/O addresses accessed via OUT and IN instructions • Used to access LPC bus • Commonly used addresses, but NOT standardized (the set 0x4E, 0x4F, 0x400, 0x401 is common) Cpre681 - Semester Project - Jordan Jump

  5. Accessing a Physical TPM v1.2 • TCG PC Client Specific TPM Interface Specification (TIS) • Defines and mandates a Memory Mapped (MMIO) interface • Physical addresses 0xFED40000 – 0xFED44FFF • One device driver to rule them all • The reason why … Cpre681 - Semester Project - Jordan Jump

  6. Windows TPM Architecture • Windows TPM architecture only supports 1.2 TPMs • Windows Vista and Windows 7 device drivers builtin • Sure would be nice to use that… Cpre681 - Semester Project - Jordan Jump

  7. Software TPM • TPM Emulator by Mario Strasser • Open source • De facto standard for projects using SW TPMs • Implements 100% TPM commands • Accessible via TDDL • Runs as daemon (no device driver necessary) Cpre681 - Semester Project - Jordan Jump

  8. The Goal • Figure out how to link the TPM Emulator with unmodified Windows 7 running in a VM Cpre681 - Semester Project - Jordan Jump

  9. Virtual Machine Survey Xen KVM QEMU VMWare VirtualBox MS Virtual PC … and many more What sets them apart?? Cpre681 - Semester Project - Jordan Jump

  10. Virtual Machine Survey • … Not much • VMWare and VirtualPC not Open Source, so not viable option • Xen, KVM, QEMU, VirtualBox all support Windows (some require VT-x) • In fact, all borrow from QEMU’s device emulation. • QEMU itself is slow because it doesn’t paravirtualize • side project to accelerate QEMU abandoned because VirtualBox does it better. • Chose VirtualBox • Rather arbitrary choice; Xen might have been OK • Xen and KVM were first and foremost for paravirtualization Cpre681 - Semester Project - Jordan Jump

  11. VirtualBox • Developed by Innotek, purchased by Sun, purchased by Oracle • Provides Open Source Edition (OSE) • No USB support • No builtin remote desktop server • … otherwise the same Cpre681 - Semester Project - Jordan Jump

  12. VirtualBox • Complicated • Virtualizes using dynamic recompiler (from QEMU). • Also disassembles and patches guest code so it doesn’t have to redo recompilation • Why do I care? Cpre681 - Semester Project - Jordan Jump

  13. TPM to VM Interface • Dynamic recompiler enables the green box • Guest VM writes or reads to TPM memory mapped address • Recompiler replaces write/read with hook to my code • My code processes the write/read and, if a read, provides a value back • Missing piece was to emulate the TPM MMIO interface to act as gatekeeper between Windows VM and Software TPM Cpre681 - Semester Project - Jordan Jump

  14. TPM MMIO Interface • TIS provides implementation details • Localities allow multiple accessors • Only 1 can access at a time • Locality 4 highest priority; cannot be accessed by software • Locality 0/Legacy for SRTM • Windows (BitLocker) only uses Locality 0 • Inputs/Outputs read 1 byte at a time Cpre681 - Semester Project - Jordan Jump

  15. Implementing in VirtualBox • Struggled a lot! • Few code comments • Almost no documentation (some short, high-level docs that aren’t useful) • Learned by reverse-engineering other drivers and ‘search in files’ • (seems simple now) Cpre681 - Semester Project - Jordan Jump

  16. Implementing in VirtualBox • On startup, register memory address range with VirtualBox and provide callbacks • Memory Write/Read by VM triggers write/read callback • My code handles TIS protocol items such as locking, signaling, buffering, etc. • Once a full command has been received, my code calls SW TPM via host TDDL and retrieves result • My code handles TIS protocol to send back response Cpre681 - Semester Project - Jordan Jump

  17. Other implementation details • Windows won’t read at memory address unless registered in ACPI • Entered ACPI source language (ASL) listed in TCG PC Client Specific Implementation Specification For Conventional BIOS Device (TPM) { Name (_HID, EISAID(“PNP0C31”)) Name (_CRS, ResourceTemplate() { Memory32Fixed (ReadWrite, 0xFED40000, 0x5000,) }) } Cpre681 - Semester Project - Jordan Jump

  18. ImplementationScreenshots Cpre681 - Semester Project - Jordan Jump

  19. Cpre681 - Semester Project - Jordan Jump

  20. Opening tpm panel in Windows 7 Cpre681 - Semester Project - Jordan Jump

  21. Cpre681 - Semester Project - Jordan Jump

  22. No SRTM Cpre681 - Semester Project - Jordan Jump

  23. Future Work • Modify VirtualBox BIOS to support SRT • Support hashing function for locality 4 • Multiple SW TPM instances for multiple VMs • Start/Stop SW TPM instance when starting/stopping VM • More robust misbehavior checking • Modify SW TPM to allow locality to be specified via TDDL Cpre681 - Semester Project - Jordan Jump

  24. Thanks! jmjumps@iastate.edu “I like prerecorded presentations because I can delete out most of my ‘uhs’ and ‘uhms’” “I dislike them because I can’t gauge or engage the class” Cpre681 - Semester Project - Jordan Jump

More Related