Re: [tpm2] tpm2_quote and "safe"

Re: [tpm2] tpm2_quote and "safe"

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 1371 bytes --]

I don’t see that safe value coming out of quote. The only reference I can find is in the spec is in regards to clock.

Can you be more specific?


From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Ian Oliver
Sent: Tuesday, March 13, 2018 6:11 AM
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2_quote and "safe"

Hi,
other than various clock errors what causes the safe flag to be set to 1 as written into the output of tpm2_quote ?
We're seeing some odd behaviour from some machines where safe is always set to 1 (Lenovo laptop) and on other servers occasionally safe is set to 1 and then returning to 0 on subsequent quotes.
For example, we might take a number of quotes over time, eg: 5 minutes apart. One of those quotes will have safe set to 1, the others are all 0.  During this time the machine will *not* have experienced a reboot/reset nor - as far as we can tell - any form of powersave or shutdown. We've also noticed that safe gets set to 1 only on some quotes, eg: when quoting sha256:16,17,18 for the DRTM measurements.

The machines are all Xeon-E5 based servers, TPM2.0,  tpm2_tools 1.3-rc2 installed, Ubuntu 17.04 with 4.13 kernel
Any information appreciated here,
thanks
Ian

--
Dr. Ian Oliver
===============================
Privacy Engineering:  via Amazon<http://www.amazon.co.uk/dp/1497569710>
Twitter: @i_j_oliver

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5663 bytes --]

Re: [tpm2] tpm2_quote and "safe"

[Ian Oliver]

[-- Attachment #1: Type: text/plain, Size: 4250 bytes --]

Nothing seen with the TPM simulator- that works correctly (according to TCG
spec).

Lenovo X1 laptops seem to report "1" as the value of safe all the time. The
Xeon based server which varies its value of safe seems to be "randomish".

We're talking with the BIOS manfacturer at the moment too, but it seems
they consider TPM to be "esoteric" at best.

I'll let you know if we find out anything more, but mainly this was to
check with you all just in case you've seen this, to be sure there's
nothing strange in the tpm2 tool stack and also whether anyone had any
ideas why at all.

t.

Ian

On 15 March 2018 at 23:18, Roberts, William C <william.c.roberts(a)intel.com>
wrote:

> Ian,
>
> I wish I could help you more, but this sounds like an issue with the TPM.
> It might be something in the spec I am not aware of. Is this reproducible
> across different manufacturers of tpms? What about using the ibm tpm
> simulator?
>
> Bill
>
> From: Ian Oliver [mailto:ian.justin.oliver(a)gmail.com]
> Sent: Thursday, March 15, 2018 1:27 PM
> To: Roberts, William C <william.c.roberts(a)intel.com>
> Cc: tpm2(a)lists.01.org
> Subject: Re: [tpm2] tpm2_quote and "safe"
>
> Thanks William,
> We can only find a reference to the clock too which is what has us a
> little confused.
> Basically we can takes quotes, within that structure is the
> TPMS_CLOCK_INFO struct which contains field safe: TPMI_YES_NO .  We can
> take a series of quotes, say, a few minutes apart and see that particular
> value change to 1 and then back to 0.
> The TPM is not being shutdown during this time, ie: the whole machine is
> powered on and running normally and thus no reason to suspect that the
> clock is in some inconsistent state as according to the spec.
> Is it possible that the TPM is being powered off by the CPU in some power
> saving mode and therefore causing the current clock value not to be saved
> and reread correctly when the TPM is restarted?  We've a script that parses
> the quote and maps this the JSON - we've checked that and it is functioning
> fine (across half a dozen machines and literally 1000s of quotes now), the
> quote value obtained from the TPM isn't being changed in anyway (we check
> the signature against the AK), therefore our hunch is that something very
> low down in the system is causing this.
> I can send details of the machines and processors off-list if you want.
>
> t.
> Ian
>
> On 15 March 2018 at 19:57, Roberts, William C <william.c.roberts(a)intel.com>
> wrote:
> I don’t see that safe value coming out of quote. The only reference I can
> find is in the spec is in regards to clock.
>
> Can you be more specific?
>
>
> From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Ian Oliver
> Sent: Tuesday, March 13, 2018 6:11 AM
> To: tpm2(a)lists.01.org
> Subject: [tpm2] tpm2_quote and "safe"
>
> Hi,
> other than various clock errors what causes the safe flag to be set to 1
> as written into the output of tpm2_quote ?
> We're seeing some odd behaviour from some machines where safe is always
> set to 1 (Lenovo laptop) and on other servers occasionally safe is set to 1
> and then returning to 0 on subsequent quotes.
> For example, we might take a number of quotes over time, eg: 5 minutes
> apart. One of those quotes will have safe set to 1, the others are all 0.
> During this time the machine will *not* have experienced a reboot/reset nor
> - as far as we can tell - any form of powersave or shutdown. We've also
> noticed that safe gets set to 1 only on some quotes, eg: when quoting
> sha256:16,17,18 for the DRTM measurements.
>
> The machines are all Xeon-E5 based servers, TPM2.0,  tpm2_tools 1.3-rc2
> installed, Ubuntu 17.04 with 4.13 kernel
> Any information appreciated here,
> thanks
> Ian
>
>
> --
> Dr. Ian Oliver
> ===============================
> Privacy Engineering:  via Amazon
> Twitter: @i_j_oliver
>
>
>
> --
> Dr. Ian Oliver
> ===============================
> Privacy Engineering:  via Amazon
> Twitter: @i_j_oliver
>



-- 
*Dr. Ian Oliver*
===============================
Privacy Engineering:  via Amazon <http://www.amazon.co.uk/dp/1497569710>
*Twitter: @i_j_oliver*

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 5522 bytes --]

Re: [tpm2] tpm2_quote and "safe"

[Roberts, William C]

[-- Attachment #1: Type: text/plain, Size: 3233 bytes --]

Ian,

I wish I could help you more, but this sounds like an issue with the TPM. It might be something in the spec I am not aware of. Is this reproducible across different manufacturers of tpms? What about using the ibm tpm simulator?

Bill

From: Ian Oliver [mailto:ian.justin.oliver(a)gmail.com] 
Sent: Thursday, March 15, 2018 1:27 PM
To: Roberts, William C <william.c.roberts(a)intel.com>
Cc: tpm2(a)lists.01.org
Subject: Re: [tpm2] tpm2_quote and "safe"

Thanks William,
We can only find a reference to the clock too which is what has us a little confused.
Basically we can takes quotes, within that structure is the TPMS_CLOCK_INFO struct which contains field safe: TPMI_YES_NO .  We can take a series of quotes, say, a few minutes apart and see that particular value change to 1 and then back to 0.
The TPM is not being shutdown during this time, ie: the whole machine is powered on and running normally and thus no reason to suspect that the clock is in some inconsistent state as according to the spec.  
Is it possible that the TPM is being powered off by the CPU in some power saving mode and therefore causing the current clock value not to be saved and reread correctly when the TPM is restarted?  We've a script that parses the quote and maps this the JSON - we've checked that and it is functioning fine (across half a dozen machines and literally 1000s of quotes now), the quote value obtained from the TPM isn't being changed in anyway (we check the signature against the AK), therefore our hunch is that something very low down in the system is causing this.
I can send details of the machines and processors off-list if you want.

t.
Ian

On 15 March 2018 at 19:57, Roberts, William C <william.c.roberts(a)intel.com> wrote:
I don’t see that safe value coming out of quote. The only reference I can find is in the spec is in regards to clock.
 
Can you be more specific?
 
 
From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Ian Oliver
Sent: Tuesday, March 13, 2018 6:11 AM
To: tpm2(a)lists.01.org
Subject: [tpm2] tpm2_quote and "safe"
 
Hi,
other than various clock errors what causes the safe flag to be set to 1 as written into the output of tpm2_quote ?
We're seeing some odd behaviour from some machines where safe is always set to 1 (Lenovo laptop) and on other servers occasionally safe is set to 1 and then returning to 0 on subsequent quotes.
For example, we might take a number of quotes over time, eg: 5 minutes apart. One of those quotes will have safe set to 1, the others are all 0.  During this time the machine will *not* have experienced a reboot/reset nor - as far as we can tell - any form of powersave or shutdown. We've also noticed that safe gets set to 1 only on some quotes, eg: when quoting sha256:16,17,18 for the DRTM measurements.
 
The machines are all Xeon-E5 based servers, TPM2.0,  tpm2_tools 1.3-rc2 installed, Ubuntu 17.04 with 4.13 kernel
Any information appreciated here,
thanks
Ian


-- 
Dr. Ian Oliver
===============================
Privacy Engineering:  via Amazon
Twitter: @i_j_oliver



-- 
Dr. Ian Oliver
===============================
Privacy Engineering:  via Amazon
Twitter: @i_j_oliver

Re: [tpm2] tpm2_quote and "safe"

[Ian Oliver]

[-- Attachment #1: Type: text/plain, Size: 2997 bytes --]

Thanks William,

We can only find a reference to the clock too which is what has us a little
confused.

Basically we can takes quotes, within that structure is the TPMS_CLOCK_INFO
struct which contains field safe: TPMI_YES_NO .  We can take a series of
quotes, say, a few minutes apart and see that particular value change to 1
and then back to 0.

The TPM is not being shutdown during this time, ie: the whole machine is
powered on and running normally and thus no reason to suspect that the
clock is in some inconsistent state as according to the spec.

Is it possible that the TPM is being powered off by the CPU in some power
saving mode and therefore causing the current clock value not to be saved
and reread correctly when the TPM is restarted?  We've a script that parses
the quote and maps this the JSON - we've checked that and it is functioning
fine (across half a dozen machines and literally 1000s of quotes now), the
quote value obtained from the TPM isn't being changed in anyway (we check
the signature against the AK), therefore our hunch is that something very
low down in the system is causing this.

I can send details of the machines and processors off-list if you want.

t.

Ian

On 15 March 2018 at 19:57, Roberts, William C <william.c.roberts(a)intel.com>
wrote:

> I don’t see that safe value coming out of quote. The only reference I can
> find is in the spec is in regards to clock.
>
>
>
> Can you be more specific?
>
>
>
>
>
> *From:* tpm2 [mailto:tpm2-bounces(a)lists.01.org] *On Behalf Of *Ian Oliver
> *Sent:* Tuesday, March 13, 2018 6:11 AM
> *To:* tpm2(a)lists.01.org
> *Subject:* [tpm2] tpm2_quote and "safe"
>
>
>
> Hi,
>
> other than various clock errors what causes the safe flag to be set to 1
> as written into the output of tpm2_quote ?
>
> We're seeing some odd behaviour from some machines where safe is always
> set to 1 (Lenovo laptop) and on other servers occasionally safe is set to 1
> and then returning to 0 on subsequent quotes.
>
> For example, we might take a number of quotes over time, eg: 5 minutes
> apart. One of those quotes will have safe set to 1, the others are all 0.
> During this time the machine will *not* have experienced a reboot/reset nor
> - as far as we can tell - any form of powersave or shutdown. We've also
> noticed that safe gets set to 1 only on some quotes, eg: when quoting
> sha256:16,17,18 for the DRTM measurements.
>
>
>
> The machines are all Xeon-E5 based servers, TPM2.0,  tpm2_tools 1.3-rc2
> installed, Ubuntu 17.04 with 4.13 kernel
>
> Any information appreciated here,
>
> thanks
>
> Ian
>
>
> --
>
> *Dr. Ian Oliver*
> ===============================
>
> Privacy Engineering:  via Amazon <http://www.amazon.co.uk/dp/1497569710>
> * Twitter: @i_j_oliver*
>



-- 
*Dr. Ian Oliver*
===============================
Privacy Engineering:  via Amazon <http://www.amazon.co.uk/dp/1497569710>
*Twitter: @i_j_oliver*

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 6653 bytes --]

[tpm2] tpm2_quote and "safe"

[Ian Oliver]

[-- Attachment #1: Type: text/plain, Size: 1065 bytes --]

Hi,

other than various clock errors what causes the safe flag to be set to 1 as
written into the output of tpm2_quote ?

We're seeing some odd behaviour from some machines where safe is always set
to 1 (Lenovo laptop) and on other servers occasionally safe is set to 1 and
then returning to 0 on subsequent quotes.

For example, we might take a number of quotes over time, eg: 5 minutes
apart. One of those quotes will have safe set to 1, the others are all 0.
During this time the machine will *not* have experienced a reboot/reset nor
- as far as we can tell - any form of powersave or shutdown. We've also
noticed that safe gets set to 1 only on some quotes, eg: when quoting
sha256:16,17,18 for the DRTM measurements.

The machines are all Xeon-E5 based servers, TPM2.0,  tpm2_tools 1.3-rc2
installed, Ubuntu 17.04 with 4.13 kernel

Any information appreciated here,

thanks

Ian

-- 
*Dr. Ian Oliver*
===============================
Privacy Engineering:  via Amazon <http://www.amazon.co.uk/dp/1497569710>
*Twitter: @i_j_oliver*

[-- Attachment #2: attachment.html --]
[-- Type: text/html, Size: 1766 bytes --]