direct-io.hg

changeset 8454:19f1f4fa7745

Virtual TPM persistent states contain VTPM secrets, which are encrypted
using symmetric keys and stored on disk along with those symmetric keys.
The attached patch uses the TPM to encrypt the symmetric keys and other
global secrets before saving them to disk.

Signed-off-by: Vinnie Scarlata <vincent.r.scarlata@intel.com>
author kaf24@firebug.cl.cam.ac.uk
date Fri Dec 30 11:31:12 2005 +0100 (2005-12-30)
parents 65430a8f80d7
children 4299f983e8fe
files tools/vtpm_manager/README tools/vtpm_manager/Rules.mk tools/vtpm_manager/manager/securestorage.c tools/vtpm_manager/manager/vtpm_manager.c tools/vtpm_manager/manager/vtpmpriv.h tools/vtpm_manager/manager/vtsp.c tools/vtpm_manager/manager/vtsp.h
line diff
     1.1 --- a/tools/vtpm_manager/README	Thu Dec 29 18:39:50 2005 +0100
     1.2 +++ b/tools/vtpm_manager/README	Fri Dec 30 11:31:12 2005 +0100
     1.3 @@ -53,11 +53,6 @@ DUMMY_BACKEND                -> vtpm_man
     1.4  
     1.5  MANUAL_DM_LAUNCH             -> Must manually launch & kill VTPMs
     1.6  
     1.7 -WELL_KNOWN_SRK_AUTH          -> Rather than randomly generating the password for the SRK,
     1.8 -                                use a well known value. This is necessary for sharing use
     1.9 -                                of the SRK across applications. Such as VTPM and Dom0
    1.10 -                                measurement software.
    1.11 -
    1.12  WELL_KNOWN_OWNER_AUTH        -> Rather than randomly generating the password for the owner,
    1.13                                  use a well known value. This is useful for debugging and for
    1.14                                  poor bios which do not support clearing TPM if OwnerAuth is
     2.1 --- a/tools/vtpm_manager/Rules.mk	Thu Dec 29 18:39:50 2005 +0100
     2.2 +++ b/tools/vtpm_manager/Rules.mk	Fri Dec 30 11:31:12 2005 +0100
     2.3 @@ -56,8 +56,7 @@ CFLAGS += -DLOGGING_MODULES="(BITMASK(VT
     2.4  # Do not have manager launch DMs.
     2.5  #CFLAGS += -DMANUAL_DM_LAUNCH
     2.6  
     2.7 -# Fixed SRK
     2.8 -CFLAGS += -DWELL_KNOWN_SRK_AUTH
     2.9 +# Fixed OwnerAuth
    2.10  #CFLAGS += -DWELL_KNOWN_OWNER_AUTH
    2.11  
    2.12  # TPM Hardware Device or TPM Simulator
     3.1 --- a/tools/vtpm_manager/manager/securestorage.c	Thu Dec 29 18:39:50 2005 +0100
     3.2 +++ b/tools/vtpm_manager/manager/securestorage.c	Fri Dec 30 11:31:12 2005 +0100
     3.3 @@ -65,7 +65,7 @@ TPM_RESULT envelope_encrypt(const buffer
     3.4    UINT32 i;
     3.5    struct pack_constbuf_t symkey_cipher32, data_cipher32;
     3.6    
     3.7 -  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping[%d]: 0x", buffer_len(inbuf));
     3.8 +  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping Input[%d]: 0x", buffer_len(inbuf));
     3.9    for (i=0; i< buffer_len(inbuf); i++)
    3.10      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", inbuf->bytes[i]);
    3.11    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
    3.12 @@ -94,6 +94,12 @@ TPM_RESULT envelope_encrypt(const buffer
    3.13  	       BSG_TPM_SIZE32_DATA, &data_cipher32);
    3.14  
    3.15    vtpmloginfo(VTPM_LOG_VTPM, "Saved %d bytes of E(symkey) + %d bytes of E(data)\n", buffer_len(&symkey_cipher), buffer_len(&data_cipher));
    3.16 +
    3.17 +  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Enveloping Output[%d]: 0x", buffer_len(sealed_data));
    3.18 +  for (i=0; i< buffer_len(sealed_data); i++)
    3.19 +    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", sealed_data->bytes[i]);
    3.20 +  vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
    3.21 +
    3.22    goto egress;
    3.23  
    3.24   abort_egress:
    3.25 @@ -125,7 +131,7 @@ TPM_RESULT envelope_decrypt(const long  
    3.26  
    3.27    memset(&symkey, 0, sizeof(symkey_t));
    3.28  
    3.29 -  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "envelope decrypting[%ld]: 0x", cipher_size);
    3.30 +  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypt Input[%ld]: 0x", cipher_size);
    3.31    for (i=0; i< cipher_size; i++)
    3.32      vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", cipher[i]);
    3.33    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
    3.34 @@ -155,6 +161,11 @@ TPM_RESULT envelope_decrypt(const long  
    3.35    
    3.36    // Decrypt State
    3.37    TPMTRY(TPM_DECRYPT_ERROR, Crypto_symcrypto_decrypt (&symkey, &data_cipher, unsealed_data) );
    3.38 +
    3.39 +  vtpmloginfo(VTPM_LOG_VTPM_DEEP, "Envelope Decrypte Output[%d]: 0x", buffer_len(unsealed_data));
    3.40 +  for (i=0; i< buffer_len(unsealed_data); i++)
    3.41 +    vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "%x ", unsealed_data->bytes[i]);
    3.42 +  vtpmloginfomore(VTPM_LOG_VTPM_DEEP, "\n");
    3.43    
    3.44    goto egress;
    3.45    
    3.46 @@ -291,124 +302,175 @@ TPM_RESULT VTPM_Handle_Load_NVM(VTPM_DMI
    3.47    return status;
    3.48  }
    3.49  
    3.50 +
    3.51  TPM_RESULT VTPM_SaveService(void) {
    3.52    TPM_RESULT status=TPM_SUCCESS;
    3.53    int fh, dmis=-1;
    3.54 -  
    3.55 -  BYTE *flat_global;
    3.56 -  int flat_global_size, bytes_written;
    3.57 +
    3.58 +  BYTE *flat_boot_key, *flat_dmis, *flat_enc;
    3.59 +  buffer_t clear_flat_global, enc_flat_global;
    3.60    UINT32 storageKeySize = buffer_len(&vtpm_globals->storageKeyWrap);
    3.61 +  UINT32 bootKeySize = buffer_len(&vtpm_globals->bootKeyWrap);
    3.62    struct pack_buf_t storage_key_pack = {storageKeySize, vtpm_globals->storageKeyWrap.bytes};
    3.63 -  
    3.64 +  struct pack_buf_t boot_key_pack = {bootKeySize, vtpm_globals->bootKeyWrap.bytes};
    3.65 +
    3.66    struct hashtable_itr *dmi_itr;
    3.67    VTPM_DMI_RESOURCE *dmi_res;
    3.68 -  
    3.69 -  UINT32 flat_global_full_size;
    3.70 -  
    3.71 -  // Global Values needing to be saved
    3.72 -  flat_global_full_size = 3*sizeof(TPM_DIGEST) + // Auths
    3.73 -    sizeof(UINT32) +       // storagekeysize
    3.74 -    storageKeySize +       // storage key
    3.75 -    hashtable_count(vtpm_globals->dmi_map) * // num DMIS
    3.76 -    (sizeof(UINT32) + 2*sizeof(TPM_DIGEST)); // Per DMI info
    3.77 -  
    3.78 -  
    3.79 -  flat_global = (BYTE *) malloc( flat_global_full_size);
    3.80 -  
    3.81 -  flat_global_size = BSG_PackList(flat_global, 4,
    3.82 -				  BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth,
    3.83 -				  BSG_TPM_AUTHDATA, &vtpm_globals->srk_usage_auth,
    3.84 -				  BSG_TPM_SECRET,   &vtpm_globals->storage_key_usage_auth,
    3.85 -				  BSG_TPM_SIZE32_DATA, &storage_key_pack);
    3.86 -  
    3.87 +
    3.88 +  UINT32 boot_key_size, flat_dmis_size;
    3.89 +
    3.90 +  // Initially fill these with buffer sizes for each data type. Later fill
    3.91 +  // in actual size, once flattened.
    3.92 +  boot_key_size =  sizeof(UINT32) +       // bootkeysize
    3.93 +                   bootKeySize;           // boot key
    3.94 +
    3.95 +  TPMTRYRETURN(buffer_init(&clear_flat_global, 3*sizeof(TPM_DIGEST) + // Auths
    3.96 +                                              sizeof(UINT32) +// storagekeysize
    3.97 +                                              storageKeySize, NULL) ); // storage key
    3.98 +
    3.99 +  flat_dmis_size = (hashtable_count(vtpm_globals->dmi_map) - 1) * // num DMIS (-1 for Dom0)
   3.100 +                   (sizeof(UINT32) + 2*sizeof(TPM_DIGEST)); // Per DMI info
   3.101 +
   3.102 +  flat_boot_key = (BYTE *) malloc( boot_key_size );
   3.103 +  flat_enc = (BYTE *) malloc( sizeof(UINT32) );
   3.104 +  flat_dmis = (BYTE *) malloc( flat_dmis_size );
   3.105 +
   3.106 +  boot_key_size = BSG_PackList(flat_boot_key, 1,
   3.107 +                               BSG_TPM_SIZE32_DATA, &boot_key_pack);
   3.108 +
   3.109 +  BSG_PackList(clear_flat_global.bytes, 3,
   3.110 +                BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth,
   3.111 +                BSG_TPM_SECRET,   &vtpm_globals->storage_key_usage_auth,
   3.112 +                BSG_TPM_SIZE32_DATA, &storage_key_pack);
   3.113 +
   3.114 +  TPMTRYRETURN(envelope_encrypt(&clear_flat_global,
   3.115 +                                &vtpm_globals->bootKey,
   3.116 +                                &enc_flat_global) );
   3.117 +
   3.118 +  BSG_PackConst(buffer_len(&enc_flat_global), 4, flat_enc);
   3.119 +
   3.120    // Per DMI values to be saved
   3.121    if (hashtable_count(vtpm_globals->dmi_map) > 0) {
   3.122 -    
   3.123 +
   3.124      dmi_itr = hashtable_iterator(vtpm_globals->dmi_map);
   3.125      do {
   3.126        dmi_res = (VTPM_DMI_RESOURCE *) hashtable_iterator_value(dmi_itr);
   3.127        dmis++;
   3.128  
   3.129        // No need to save dmi0.
   3.130 -      if (dmi_res->dmi_id == 0) 	
   3.131 -	continue;
   3.132 -      
   3.133 -      
   3.134 -      flat_global_size += BSG_PackList( flat_global + flat_global_size, 3,
   3.135 -					BSG_TYPE_UINT32, &dmi_res->dmi_id,
   3.136 -					BSG_TPM_DIGEST, &dmi_res->NVM_measurement,
   3.137 -					BSG_TPM_DIGEST, &dmi_res->DMI_measurement);
   3.138 -      
   3.139 +      if (dmi_res->dmi_id == 0)
   3.140 +        continue;
   3.141 +
   3.142 +
   3.143 +      flat_dmis_size += BSG_PackList( flat_dmis + flat_dmis_size, 3,
   3.144 +                                        BSG_TYPE_UINT32, &dmi_res->dmi_id,
   3.145 +                                        BSG_TPM_DIGEST, &dmi_res->NVM_measurement,
   3.146 +                                        BSG_TPM_DIGEST, &dmi_res->DMI_measurement);
   3.147 +
   3.148      } while (hashtable_iterator_advance(dmi_itr));
   3.149    }
   3.150 -  
   3.151 -  //FIXME: Once we have a way to protect a TPM key, we should use it to 
   3.152 -  //       encrypt this blob. BUT, unless there is a way to ensure the key is
   3.153 -  //       not used by other apps, this encryption is useless.
   3.154 +
   3.155    fh = open(STATE_FILE, O_WRONLY | O_CREAT, S_IREAD | S_IWRITE);
   3.156    if (fh == -1) {
   3.157      vtpmlogerror(VTPM_LOG_VTPM, "Unable to open %s file for write.\n", STATE_FILE);
   3.158      status = TPM_IOERROR;
   3.159      goto abort_egress;
   3.160    }
   3.161 -  
   3.162 -  if ( (bytes_written = write(fh, flat_global, flat_global_size)) != flat_global_size ) {
   3.163 -    vtpmlogerror(VTPM_LOG_VTPM, "Failed to save service data. %d/%d bytes written.\n", bytes_written, flat_global_size);
   3.164 +
   3.165 +  if ( ( write(fh, flat_boot_key, boot_key_size) != boot_key_size ) ||
   3.166 +       ( write(fh, flat_enc, sizeof(UINT32)) != sizeof(UINT32) ) ||
   3.167 +       ( write(fh, enc_flat_global.bytes, buffer_len(&enc_flat_global)) != buffer_len(&enc_flat_global) ) ||
   3.168 +       ( write(fh, flat_dmis, flat_dmis_size) != flat_dmis_size ) ) {
   3.169 +    vtpmlogerror(VTPM_LOG_VTPM, "Failed to completely write service data.\n");
   3.170      status = TPM_IOERROR;
   3.171      goto abort_egress;
   3.172 -  }
   3.173 -  vtpm_globals->DMI_table_dirty = FALSE; 
   3.174 -  
   3.175 + }
   3.176 +
   3.177 +  vtpm_globals->DMI_table_dirty = FALSE;
   3.178 +
   3.179    goto egress;
   3.180 -  
   3.181 +
   3.182   abort_egress:
   3.183   egress:
   3.184 -  
   3.185 -  free(flat_global);
   3.186 +
   3.187 +  free(flat_boot_key);
   3.188 +  free(flat_enc);
   3.189 +  buffer_free(&enc_flat_global);
   3.190 +  free(flat_dmis);
   3.191    close(fh);
   3.192 -  
   3.193 +
   3.194    vtpmloginfo(VTPM_LOG_VTPM, "Saved VTPM Service state (status = %d, dmis = %d)\n", (int) status, dmis);
   3.195    return status;
   3.196  }
   3.197  
   3.198  TPM_RESULT VTPM_LoadService(void) {
   3.199 -  
   3.200 +
   3.201    TPM_RESULT status=TPM_SUCCESS;
   3.202    int fh, stat_ret, dmis=0;
   3.203    long fh_size = 0, step_size;
   3.204 -  BYTE *flat_global=NULL;
   3.205 -  struct pack_buf_t storage_key_pack;
   3.206 -  UINT32 *dmi_id_key;
   3.207 -  
   3.208 +  BYTE *flat_table=NULL;
   3.209 +  buffer_t  unsealed_data;
   3.210 +  struct pack_buf_t storage_key_pack, boot_key_pack;
   3.211 +  UINT32 *dmi_id_key, enc_size;
   3.212 +
   3.213    VTPM_DMI_RESOURCE *dmi_res;
   3.214    struct stat file_stat;
   3.215 -  
   3.216 +
   3.217 +  TPM_HANDLE boot_key_handle;
   3.218 +  TPM_AUTHDATA boot_usage_auth;
   3.219 +  memset(&boot_usage_auth, 0, sizeof(TPM_AUTHDATA));
   3.220 +
   3.221    fh = open(STATE_FILE, O_RDONLY );
   3.222    stat_ret = fstat(fh, &file_stat);
   3.223 -  if (stat_ret == 0) 
   3.224 +  if (stat_ret == 0)
   3.225      fh_size = file_stat.st_size;
   3.226    else {
   3.227      status = TPM_IOERROR;
   3.228      goto abort_egress;
   3.229    }
   3.230 -  
   3.231 -  flat_global = (BYTE *) malloc(fh_size);
   3.232 -  
   3.233 -  if ((long) read(fh, flat_global, fh_size) != fh_size ) {
   3.234 +
   3.235 +  flat_table = (BYTE *) malloc(fh_size);
   3.236 +
   3.237 +  if ((long) read(fh, flat_table, fh_size) != fh_size ) {
   3.238      status = TPM_IOERROR;
   3.239      goto abort_egress;
   3.240    }
   3.241 -  
   3.242 +
   3.243 +  // Read Boot Key
   3.244 +  step_size = BSG_UnpackList( flat_table, 2,
   3.245 +                              BSG_TPM_SIZE32_DATA, &boot_key_pack,
   3.246 +                              BSG_TYPE_UINT32, &enc_size);
   3.247 +
   3.248 +  TPMTRYRETURN(buffer_init(&vtpm_globals->bootKeyWrap, 0, 0) );
   3.249 +  TPMTRYRETURN(buffer_append_raw(&vtpm_globals->bootKeyWrap, boot_key_pack.size, boot_key_pack.data) );
   3.250 +
   3.251 +  //Load Boot Key
   3.252 +  TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
   3.253 +                              TPM_SRK_KEYHANDLE,
   3.254 +                              &vtpm_globals->bootKeyWrap,
   3.255 +                              &SRK_AUTH,
   3.256 +                              &boot_key_handle,
   3.257 +                              &vtpm_globals->keyAuth,
   3.258 +                              &vtpm_globals->bootKey,
   3.259 +                              FALSE) );
   3.260 +
   3.261 +  TPMTRYRETURN( envelope_decrypt(enc_size,
   3.262 +                                 flat_table + step_size,
   3.263 +                                 vtpm_globals->manager_tcs_handle,
   3.264 +                                 boot_key_handle,
   3.265 +                                 (const TPM_AUTHDATA*) &boot_usage_auth,
   3.266 +                                 &unsealed_data) );
   3.267 +  step_size += enc_size;
   3.268 +
   3.269    // Global Values needing to be saved
   3.270 -  step_size = BSG_UnpackList( flat_global, 4,
   3.271 -			      BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth,
   3.272 -			      BSG_TPM_AUTHDATA, &vtpm_globals->srk_usage_auth,
   3.273 -			      BSG_TPM_SECRET,   &vtpm_globals->storage_key_usage_auth,
   3.274 -			      BSG_TPM_SIZE32_DATA, &storage_key_pack);
   3.275 -  
   3.276 +  BSG_UnpackList( unsealed_data.bytes, 3,
   3.277 +                  BSG_TPM_AUTHDATA, &vtpm_globals->owner_usage_auth,
   3.278 +                  BSG_TPM_SECRET,   &vtpm_globals->storage_key_usage_auth,
   3.279 +                  BSG_TPM_SIZE32_DATA, &storage_key_pack);
   3.280 +
   3.281    TPMTRYRETURN(buffer_init(&vtpm_globals->storageKeyWrap, 0, 0) );
   3.282    TPMTRYRETURN(buffer_append_raw(&vtpm_globals->storageKeyWrap, storage_key_pack.size, storage_key_pack.data) );
   3.283 -  
   3.284 +
   3.285    // Per DMI values to be saved
   3.286    while ( step_size < fh_size ){
   3.287      if (fh_size - step_size < (long) (sizeof(UINT32) + 2*sizeof(TPM_DIGEST))) {
   3.288 @@ -417,35 +479,38 @@ TPM_RESULT VTPM_LoadService(void) {
   3.289      } else {
   3.290        dmi_res = (VTPM_DMI_RESOURCE *) malloc(sizeof(VTPM_DMI_RESOURCE));
   3.291        dmis++;
   3.292 -      
   3.293 +
   3.294        dmi_res->connected = FALSE;
   3.295 -      
   3.296 -      step_size += BSG_UnpackList(flat_global + step_size, 3,
   3.297 -				  BSG_TYPE_UINT32, &dmi_res->dmi_id, 
   3.298 -				  BSG_TPM_DIGEST, &dmi_res->NVM_measurement,
   3.299 -				  BSG_TPM_DIGEST, &dmi_res->DMI_measurement);
   3.300 -      
   3.301 +
   3.302 +      step_size += BSG_UnpackList(flat_table + step_size, 3,
   3.303 +                                 BSG_TYPE_UINT32, &dmi_res->dmi_id,
   3.304 +                                 BSG_TPM_DIGEST, &dmi_res->NVM_measurement,
   3.305 +                                 BSG_TPM_DIGEST, &dmi_res->DMI_measurement);
   3.306 +
   3.307        // install into map
   3.308        dmi_id_key = (UINT32 *) malloc (sizeof(UINT32));
   3.309        *dmi_id_key = dmi_res->dmi_id;
   3.310        if (!hashtable_insert(vtpm_globals->dmi_map, dmi_id_key, dmi_res)) {
   3.311 -	status = TPM_FAIL;
   3.312 -	goto abort_egress;
   3.313 +        status = TPM_FAIL;
   3.314 +        goto abort_egress;
   3.315        }
   3.316 -      
   3.317 +
   3.318      }
   3.319 -    
   3.320 +
   3.321    }
   3.322 -  
   3.323 +
   3.324    vtpmloginfo(VTPM_LOG_VTPM, "Loaded saved state (dmis = %d).\n", dmis);
   3.325    goto egress;
   3.326 -  
   3.327 +
   3.328   abort_egress:
   3.329    vtpmlogerror(VTPM_LOG_VTPM, "Failed to load service data with error = %s\n", tpm_get_error_name(status));
   3.330   egress:
   3.331 -  
   3.332 -  free(flat_global);
   3.333 +
   3.334 +  free(flat_table);
   3.335    close(fh);
   3.336 -  
   3.337 +
   3.338 +  // TODO: Could be nice and evict BootKey. (Need to add EvictKey to VTSP.
   3.339 +
   3.340    return status;
   3.341  }
   3.342 +
     4.1 --- a/tools/vtpm_manager/manager/vtpm_manager.c	Thu Dec 29 18:39:50 2005 +0100
     4.2 +++ b/tools/vtpm_manager/manager/vtpm_manager.c	Fri Dec 30 11:31:12 2005 +0100
     4.3 @@ -74,16 +74,15 @@ VTPM_GLOBALS *vtpm_globals=NULL;
     4.4  #endif
     4.5  
     4.6  // --------------------------- Well Known Auths --------------------------
     4.7 -#ifdef WELL_KNOWN_SRK_AUTH
     4.8 -static BYTE FIXED_SRK_AUTH[20] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     4.9 +const TPM_AUTHDATA SRK_AUTH = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    4.10                                    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
    4.11 -#endif
    4.12  
    4.13  #ifdef WELL_KNOWN_OWNER_AUTH
    4.14  static BYTE FIXED_OWNER_AUTH[20] =  {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
    4.15                                    0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
    4.16  #endif
    4.17 -                                  
    4.18 +
    4.19 +
    4.20  // -------------------------- Hash table functions --------------------
    4.21  
    4.22  static unsigned int hashfunc32(void *ky) {
    4.23 @@ -100,13 +99,7 @@ TPM_RESULT VTPM_Create_Service(){
    4.24    
    4.25    TPM_RESULT status = TPM_SUCCESS;
    4.26    
    4.27 -  // Generate Auth's for SRK & Owner
    4.28 -#ifdef WELL_KNOWN_SRK_AUTH 
    4.29 -  memcpy(vtpm_globals->srk_usage_auth, FIXED_SRK_AUTH, sizeof(TPM_AUTHDATA));
    4.30 -#else    
    4.31 -  Crypto_GetRandom(vtpm_globals->srk_usage_auth, sizeof(TPM_AUTHDATA) );  
    4.32 -#endif
    4.33 -  
    4.34 +  // Generate Auth for Owner
    4.35  #ifdef WELL_KNOWN_OWNER_AUTH 
    4.36    memcpy(vtpm_globals->owner_usage_auth, FIXED_OWNER_AUTH, sizeof(TPM_AUTHDATA));
    4.37  #else    
    4.38 @@ -116,14 +109,14 @@ TPM_RESULT VTPM_Create_Service(){
    4.39    // Take Owership of TPM
    4.40    CRYPTO_INFO ek_cryptoInfo;
    4.41    
    4.42 -  vtpmloginfo(VTPM_LOG_VTPM, "Attempting Pubek Read. NOTE: Failure is ok.\n");
    4.43    status = VTSP_ReadPubek(vtpm_globals->manager_tcs_handle, &ek_cryptoInfo);
    4.44    
    4.45    // If we can read PubEK then there is no owner and we should take it.
    4.46    if (status == TPM_SUCCESS) { 
    4.47 +    vtpmloginfo(VTPM_LOG_VTPM, "Failed to readEK meaning TPM has an owner. Creating Keys off existing SRK.\n");
    4.48      TPMTRYRETURN(VTSP_TakeOwnership(vtpm_globals->manager_tcs_handle,
    4.49  				    (const TPM_AUTHDATA*)&vtpm_globals->owner_usage_auth, 
    4.50 -				    (const TPM_AUTHDATA*)&vtpm_globals->srk_usage_auth,
    4.51 +				    &SRK_AUTH,
    4.52  				    &ek_cryptoInfo,
    4.53  				    &vtpm_globals->keyAuth)); 
    4.54    
    4.55 @@ -142,7 +135,7 @@ TPM_RESULT VTPM_Create_Service(){
    4.56    TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle,
    4.57  			  TPM_ET_KEYHANDLE,
    4.58  			  TPM_SRK_KEYHANDLE, 
    4.59 -			  (const TPM_AUTHDATA*)&vtpm_globals->srk_usage_auth,
    4.60 +			  &SRK_AUTH,
    4.61  			  &sharedsecret, 
    4.62  			  &osap) ); 
    4.63  
    4.64 @@ -157,8 +150,43 @@ TPM_RESULT VTPM_Create_Service(){
    4.65  				    &vtpm_globals->storageKeyWrap,
    4.66  				    &osap) );
    4.67    
    4.68 -  vtpm_globals->keyAuth.fContinueAuthSession = TRUE;
    4.69 +  // Generate boot key's auth
    4.70 +  Crypto_GetRandom(  &vtpm_globals->storage_key_usage_auth, 
    4.71 +		     sizeof(TPM_AUTHDATA) );
    4.72 +  
    4.73 +  TPM_AUTHDATA bootKeyWrapAuth;
    4.74 +  memset(&bootKeyWrapAuth, 0, sizeof(bootKeyWrapAuth));
    4.75    
    4.76 +  TPMTRYRETURN( VTSP_OSAP(vtpm_globals->manager_tcs_handle,
    4.77 +			  TPM_ET_KEYHANDLE,
    4.78 +			  TPM_SRK_KEYHANDLE, 
    4.79 +			  &SRK_AUTH,
    4.80 +			  &sharedsecret, 
    4.81 +			  &osap) ); 
    4.82 +
    4.83 +  osap.fContinueAuthSession = FALSE;
    4.84 + 
    4.85 +  // FIXME: This key protects the global secrets on disk. It should use TPM
    4.86 +  //        PCR bindings to limit its use to legit configurations.
    4.87 +  //        Current binds are open, implying a Trusted VM contains this code.
    4.88 +  //        If this VM is not Trusted, use measurement and PCR bindings.
    4.89 +  TPMTRYRETURN( VTSP_CreateWrapKey( vtpm_globals->manager_tcs_handle,
    4.90 +				    TPM_KEY_BIND,
    4.91 +				    (const TPM_AUTHDATA*)&bootKeyWrapAuth,
    4.92 +				    TPM_SRK_KEYHANDLE, 
    4.93 +				    (const TPM_AUTHDATA*)&sharedsecret,
    4.94 +				    &vtpm_globals->bootKeyWrap,
    4.95 +				    &osap) );
    4.96 +
    4.97 +  // Populate CRYPTO_INFO vtpm_globals->bootKey. This does not load it into the TPM
    4.98 +  TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
    4.99 +                              TPM_SRK_KEYHANDLE,
   4.100 +                              &vtpm_globals->bootKeyWrap,
   4.101 +                              NULL,
   4.102 +                              NULL,
   4.103 +                              NULL,
   4.104 +                              &vtpm_globals->bootKey,
   4.105 +                              TRUE ) );
   4.106    goto egress;
   4.107    
   4.108   abort_egress:
   4.109 @@ -278,24 +306,26 @@ void *VTPM_Service_Handler(void *threadT
   4.110  #endif
   4.111  
   4.112      // Check status of rx_fh. If necessary attempt to re-open it.    
   4.113 +    char* s = NULL;
   4.114      if (*rx_fh < 0) {
   4.115  #ifdef VTPM_MULTI_VM
   4.116 -      *rx_fh = open(VTPM_BE_DEV, O_RDWR);
   4.117 +      s = VTPM_BE_DEV;
   4.118  #else
   4.119        if (threadType == BE_LISTENER_THREAD) 
   4.120    #ifdef DUMMY_BACKEND
   4.121 -	*rx_fh = open("/tmp/in.fifo", O_RDWR);
   4.122 +	s = "/tmp/in.fifo";
   4.123    #else
   4.124 -        *rx_fh = open(VTPM_BE_DEV, O_RDWR);
   4.125 +      s = VTPM_BE_DEV;
   4.126    #endif
   4.127        else  // DMI Listener   
   4.128 -	*rx_fh = open(VTPM_RX_FIFO, O_RDWR);
   4.129 +	s = VTPM_RX_FIFO;
   4.130 +      *rx_fh = open(s, O_RDWR);
   4.131  #endif    
   4.132      }
   4.133      
   4.134      // Respond to failures to open rx_fh
   4.135      if (*rx_fh < 0) {
   4.136 -      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Can't open inbound fh.\n");
   4.137 +      vtpmhandlerlogerror(VTPM_LOG_VTPM, "Can't open inbound fh for %s.\n", s);
   4.138  #ifdef VTPM_MULTI_VM
   4.139        return TPM_IOERROR; 
   4.140  #else
   4.141 @@ -713,7 +743,7 @@ void *VTPM_Service_Handler(void *threadT
   4.142  
   4.143  ///////////////////////////////////////////////////////////////////////////////
   4.144  TPM_RESULT VTPM_Init_Service() {
   4.145 -  TPM_RESULT status = TPM_FAIL;   
   4.146 +  TPM_RESULT status = TPM_FAIL, serviceStatus;   
   4.147    BYTE *randomsead;
   4.148    UINT32 randomsize;
   4.149  
   4.150 @@ -737,7 +767,7 @@ TPM_RESULT VTPM_Init_Service() {
   4.151    
   4.152    // Create new TCS Object
   4.153    vtpm_globals->manager_tcs_handle = 0;
   4.154 -  
   4.155 + 
   4.156    TPMTRYRETURN(TCS_create());
   4.157    
   4.158    // Create TCS Context for service
   4.159 @@ -756,17 +786,24 @@ TPM_RESULT VTPM_Init_Service() {
   4.160    vtpm_globals->keyAuth.fContinueAuthSession = TRUE;
   4.161  
   4.162  	// If failed, create new Service.
   4.163 -  if (VTPM_LoadService() != TPM_SUCCESS)
   4.164 +  serviceStatus = VTPM_LoadService();
   4.165 +  if (serviceStatus == TPM_IOERROR) {
   4.166 +    vtpmloginfo(VTPM_LOG_VTPM, "Failed to read service file. Assuming first time initialization.\n");
   4.167      TPMTRYRETURN( VTPM_Create_Service() );    
   4.168 +  } else if (serviceStatus != TPM_SUCCESS) {
   4.169 +    vtpmlogerror(VTPM_LOG_VTPM, "Failed to read existing service file");
   4.170 +    exit(1);
   4.171 +  }
   4.172  
   4.173    //Load Storage Key 
   4.174    TPMTRYRETURN( VTSP_LoadKey( vtpm_globals->manager_tcs_handle,
   4.175  			      TPM_SRK_KEYHANDLE,
   4.176  			      &vtpm_globals->storageKeyWrap,
   4.177 -			      (const TPM_AUTHDATA*)&vtpm_globals->srk_usage_auth,
   4.178 +			      &SRK_AUTH,
   4.179  			      &vtpm_globals->storageKeyHandle,
   4.180  			      &vtpm_globals->keyAuth,
   4.181 -			      &vtpm_globals->storageKey) );
   4.182 +			      &vtpm_globals->storageKey,
   4.183 +                              FALSE ) );
   4.184  
   4.185    // Create entry for Dom0 for control messages
   4.186    TPMTRYRETURN( VTPM_Handle_New_DMI(NULL) );
   4.187 @@ -797,12 +834,11 @@ void VTPM_Stop_Service() {
   4.188  		free (dmi_itr);
   4.189    }
   4.190    
   4.191 -	
   4.192 +  if ( (vtpm_globals->DMI_table_dirty) && (VTPM_SaveService() != TPM_SUCCESS) )
   4.193 +    vtpmlogerror(VTPM_LOG_VTPM, "Unable to save manager data.\n");
   4.194 +
   4.195    TCS_CloseContext(vtpm_globals->manager_tcs_handle);
   4.196 -  
   4.197 -  if ( (vtpm_globals->DMI_table_dirty) &&
   4.198 -       (VTPM_SaveService() != TPM_SUCCESS) )
   4.199 -    vtpmlogerror(VTPM_LOG_VTPM, "Unable to save manager data.\n");
   4.200 +  TCS_destroy();
   4.201    
   4.202    hashtable_destroy(vtpm_globals->dmi_map, 1);
   4.203    free(vtpm_globals);
     5.1 --- a/tools/vtpm_manager/manager/vtpmpriv.h	Thu Dec 29 18:39:50 2005 +0100
     5.2 +++ b/tools/vtpm_manager/manager/vtpmpriv.h	Fri Dec 30 11:31:12 2005 +0100
     5.3 @@ -108,6 +108,7 @@ typedef struct tdVTPM_GLOBALS {
     5.4    TCS_CONTEXT_HANDLE  manager_tcs_handle;     // TCS Handle used by manager
     5.5    TPM_HANDLE          storageKeyHandle;       // Key used by persistent store
     5.6    CRYPTO_INFO         storageKey;             // For software encryption
     5.7 +  CRYPTO_INFO         bootKey;                // For saving table
     5.8    TCS_AUTH            keyAuth;                // OIAP session for storageKey 
     5.9    BOOL                DMI_table_dirty;        // Indicates that a command
    5.10                                                // has updated the DMI table
    5.11 @@ -115,15 +116,17 @@ typedef struct tdVTPM_GLOBALS {
    5.12      
    5.13    // Persistent Data
    5.14    TPM_AUTHDATA        owner_usage_auth;       // OwnerAuth of real TPM
    5.15 -  TPM_AUTHDATA        srk_usage_auth;         // SRK Auth of real TPM    
    5.16    buffer_t            storageKeyWrap;         // Wrapped copy of storageKey
    5.17 +  TPM_AUTHDATA        srk_usage_auth;
    5.18 +  TPM_AUTHDATA        storage_key_usage_auth; 
    5.19  
    5.20 -  TPM_AUTHDATA        storage_key_usage_auth; 
    5.21 -    
    5.22 +  buffer_t            bootKeyWrap;            // Wrapped copy of boot key 
    5.23 +
    5.24  }VTPM_GLOBALS;
    5.25  
    5.26 -//Global dmi map
    5.27 -extern VTPM_GLOBALS *vtpm_globals;
    5.28 +// --------------------------- Global Values --------------------------
    5.29 +extern VTPM_GLOBALS *vtpm_globals;   // Key info and DMI states
    5.30 +extern const TPM_AUTHDATA SRK_AUTH;  // SRK Well Known Auth Value
    5.31  
    5.32  // ********************** Command Handler Prototypes ***********************
    5.33  TPM_RESULT VTPM_Handle_Load_NVM(       VTPM_DMI_RESOURCE *myDMI, 
     6.1 --- a/tools/vtpm_manager/manager/vtsp.c	Thu Dec 29 18:39:50 2005 +0100
     6.2 +++ b/tools/vtpm_manager/manager/vtsp.c	Fri Dec 30 11:31:12 2005 +0100
     6.3 @@ -563,63 +563,69 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
     6.4                          const TPM_AUTHDATA          *parentAuth,
     6.5                          TPM_HANDLE                  *newKeyHandle,
     6.6                          TCS_AUTH                    *auth,
     6.7 -                        CRYPTO_INFO                 *cryptoinfo /*= NULL*/) {
     6.8 +                        CRYPTO_INFO                 *cryptoinfo,
     6.9 +                        const BOOL                  skipTPMLoad) { 
    6.10    
    6.11    
    6.12 -  vtpmloginfo(VTPM_LOG_VTSP, "Loading Key.\n%s","");
    6.13 +  vtpmloginfo(VTPM_LOG_VTSP, "Loading Key %s.\n", (!skipTPMLoad ? "into TPM" : "only into memory"));
    6.14    
    6.15    TPM_RESULT status = TPM_SUCCESS;
    6.16    TPM_COMMAND_CODE command = TPM_ORD_LoadKey;
    6.17 -  
    6.18 -  BYTE *paramText;        // Digest to make Auth.
    6.19 +
    6.20 +  BYTE *paramText=NULL;        // Digest to make Auth.
    6.21    UINT32 paramTextSize;
    6.22 +
    6.23 +  // SkipTPMLoad stops key from being loaded into TPM, but still generates CRYPTO_INFO for it
    6.24 +  if (! skipTPMLoad) { 
    6.25    
    6.26 -  if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || 
    6.27 -      (newKeyHandle==NULL) || (auth==NULL)) {
    6.28 -    status = TPM_BAD_PARAMETER;
    6.29 -    goto abort_egress;
    6.30 -  }
    6.31 -  
    6.32 -  // Generate Extra TCS Parameters
    6.33 -  TPM_HANDLE phKeyHMAC;
    6.34 +    if ((rgbWrappedKeyBlob == NULL) || (parentAuth == NULL) || 
    6.35 +        (newKeyHandle==NULL) || (auth==NULL)) {
    6.36 +      status = TPM_BAD_PARAMETER;
    6.37 +      goto abort_egress;
    6.38 +    }
    6.39    
    6.40 -  // Generate HMAC
    6.41 -  Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
    6.42 +    // Generate Extra TCS Parameters
    6.43 +    TPM_HANDLE phKeyHMAC;
    6.44    
    6.45 -  paramText = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);
    6.46 +    // Generate HMAC
    6.47 +    Crypto_GetRandom(&auth->NonceOdd, sizeof(TPM_NONCE) );
    6.48 +  
    6.49 +    paramText = (BYTE *) malloc(sizeof(BYTE) *  TCPA_MAX_BUFFER_LENGTH);
    6.50    
    6.51 -  paramTextSize = BSG_PackList(paramText, 1,
    6.52 -			       BSG_TPM_COMMAND_CODE, &command);
    6.53 +    paramTextSize = BSG_PackList(paramText, 1,
    6.54 +  			         BSG_TPM_COMMAND_CODE, &command);
    6.55    
    6.56 -  memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob));
    6.57 -  paramTextSize += buffer_len(rgbWrappedKeyBlob);
    6.58 +    memcpy(paramText + paramTextSize, rgbWrappedKeyBlob->bytes, buffer_len(rgbWrappedKeyBlob));
    6.59 +    paramTextSize += buffer_len(rgbWrappedKeyBlob);
    6.60    
    6.61 -  TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
    6.62 +    TPMTRYRETURN( GenerateAuth( paramText, paramTextSize,
    6.63  			      parentAuth, auth) );
    6.64    
    6.65 -  // Call TCS
    6.66 -  TPMTRYRETURN( TCSP_LoadKeyByBlob(  hContext,
    6.67 -				     hUnwrappingKey,
    6.68 -				     buffer_len(rgbWrappedKeyBlob),
    6.69 -				     rgbWrappedKeyBlob->bytes,
    6.70 -				     auth,
    6.71 -				     newKeyHandle,
    6.72 -				     &phKeyHMAC) );
    6.73 +    // Call TCS
    6.74 +    TPMTRYRETURN( TCSP_LoadKeyByBlob(  hContext,
    6.75 +				       hUnwrappingKey,
    6.76 +				       buffer_len(rgbWrappedKeyBlob),
    6.77 +				       rgbWrappedKeyBlob->bytes,
    6.78 +				       auth,
    6.79 +				       newKeyHandle,
    6.80 +				       &phKeyHMAC) );
    6.81    
    6.82 -  // Verify Auth
    6.83 -  paramTextSize = BSG_PackList(paramText, 3,
    6.84 -			       BSG_TPM_RESULT, &status,
    6.85 -			       BSG_TPM_COMMAND_CODE, &command,
    6.86 -			       BSG_TPM_HANDLE, newKeyHandle);
    6.87 +    // Verify Auth
    6.88 +    paramTextSize = BSG_PackList(paramText, 3,
    6.89 +			         BSG_TPM_RESULT, &status,
    6.90 +			         BSG_TPM_COMMAND_CODE, &command,
    6.91 +			         BSG_TPM_HANDLE, newKeyHandle);
    6.92    
    6.93 -  TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
    6.94 -			    parentAuth, auth, 
    6.95 -			    hContext) );
    6.96 +    TPMTRYRETURN( VerifyAuth( paramText, paramTextSize,
    6.97 +			      parentAuth, auth, 
    6.98 +			      hContext) );
    6.99 +  } 
   6.100    
   6.101 -  // Unpack/return key structure
   6.102 +  // Build cryptoinfo structure for software crypto function. 
   6.103    if (cryptoinfo != NULL) {
   6.104      TPM_KEY newKey;
   6.105      
   6.106 +    // Unpack/return key structure
   6.107      BSG_Unpack(BSG_TPM_KEY, rgbWrappedKeyBlob->bytes , &newKey);
   6.108      TPM_RSA_KEY_PARMS rsaKeyParms;
   6.109      
     7.1 --- a/tools/vtpm_manager/manager/vtsp.h	Thu Dec 29 18:39:50 2005 +0100
     7.2 +++ b/tools/vtpm_manager/manager/vtsp.h	Fri Dec 30 11:31:12 2005 +0100
     7.3 @@ -86,7 +86,8 @@ TPM_RESULT VTSP_LoadKey(const TCS_CONTEX
     7.4                          const TPM_AUTHDATA          *parentAuth,
     7.5                          TPM_HANDLE                  *newKeyHandle,
     7.6                          TCS_AUTH                    *pAuth,
     7.7 -                        CRYPTO_INFO                 *cryptoinfo);
     7.8 +                        CRYPTO_INFO                 *cryptoinfo,
     7.9 +                        const BOOL                  skipTPMLoad);
    7.10  
    7.11  TPM_RESULT VTSP_Unbind( const TCS_CONTEXT_HANDLE    hContext,
    7.12                          const TPM_KEY_HANDLE        key_handle,