Skip to content

Try to load AK from disk instead of always creating a new one #293

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
lkatalin merged 1 commit into from
Jan 7, 2022
Merged

Try to load AK from disk instead of always creating a new one #293

lkatalin merged 1 commit into from
Jan 7, 2022

Conversation

@THS-on
Copy link
Member

@THS-on THS-on commented Dec 30, 2021

This PR is build on top of #292 because the new algorithms module is used.

The agent now creates a persistent file called tpmdata.json where it stores the context of the AK and the currently used algorithms. On startup the agent tries to load that file and to load the AK context. If that fails the agent just generates a new AK.
This has the major advantage that the agent can be restarted without causing always and attestation failure.

We probably also could do that with the EK, but I do not see much value in doing that.

Related #235

@THS-on THS-on force-pushed the persistent-ak branch 2 times, most recently from 767a5bc to e23f26a Compare January 3, 2022 15:30
@THS-on THS-on marked this pull request as ready for review January 3, 2022 16:42
@THS-on
try to load AK from disk instead of always creating a new one
64dc77b 
Signed-off-by: Thore Sommer <mail@thson.de>
@lkatalin
Copy link
Contributor

lkatalin commented Jan 7, 2022

@THS-on I'll have to give this one a bit of a closer look as I'm less familiar with this functionality. Is there a corresponding PR on the Python side for reference? My understanding from #235 was that this was a to-do in both Rust and Python, but I'm not sure.

@THS-on
Copy link
Member Author

THS-on commented Jan 7, 2022

Is there a corresponding PR on the Python side for reference?

No because the Python agent already handles the EK and AK quite different compared to the rust agent. I think it does not make sense to rework the TPM handling in the Python agent unless strictly necessary.

This is mostly a convince feature that the agent can reuse the AK between starts.

@lkatalin
Copy link
Contributor

lkatalin commented Jan 7, 2022

Is there a corresponding PR on the Python side for reference?

No because the Python agent already handles the EK and AK quite different compared to the rust agent. I think it does not make sense to rework the TPM handling in the Python agent unless strictly necessary.

This is mostly a convince feature that the agent can reuse the AK between starts.

Okay. I think it LGTM but it could help to have a bit more high-level context, just for posterity, about why this is a safe change. Is it related to this enhancement?

@THS-on
Copy link
Member Author

THS-on commented Jan 7, 2022
edited
Loading

This is a safe change because we don't have any lifetime guarantees on our AK, we just care about the attributes make it secure for signing quotes. An attacker could already implement this to reuse AKs.
The TPM store operation encrypts the private data with a (symmetric?) key before dumping it to disk, so that only the TPM can actually do something useful with that data. The load operation then decrypts the private data again inside the TPM.

Reboot detection should be implemented using the clock data in the quote and not by changing the AK every time.

Is it related to this enhancement?

Yes it seems it is related to this enhancement.

In the future this will allow agents to register only with an AK (that is for example verified by another third party to be trusted) and don't have to do make/activate credential every time during registration.

@lkatalin
Copy link
Contributor

lkatalin commented Jan 7, 2022

Thanks @THS-on , that's good information to have. Especially that the data is encrypted.

lkatalin
lkatalin approved these changes Jan 7, 2022
View reviewed changes
Copy link
Contributor

@lkatalin lkatalin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This LGTM

@lkatalin lkatalin merged commit 68b17db into keylime:master Jan 7, 2022
@THS-on THS-on mentioned this pull request Jan 28, 2022
Merged
@lkatalin lkatalin mentioned this pull request Jun 9, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lkatalin lkatalin lkatalin approved these changes

@ueno ueno Awaiting requested review from ueno

@puiterwijk puiterwijk Awaiting requested review from puiterwijk

@ashcrow ashcrow Awaiting requested review from ashcrow

Assignees

@ashcrow ashcrow

@ueno ueno

@puiterwijk puiterwijk

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@THS-on @lkatalin @ashcrow @ueno @puiterwijk