Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for tapping into TPM communication #515

Open
wants to merge 10 commits into
base: master
Choose a base branch
from
Open

Add support for tapping into TPM communication #515

wants to merge 10 commits into from

Conversation

hslatman
Copy link
Member

@hslatman hslatman commented May 30, 2024
edited
Loading

This PR adds support for tapping into all communication to and from the TPM. It's currently only supported on Linux.

A couple concrete implementations of taps are provided too, incl. one that writes binary data by simply writing all reads and writes to a single io.Writer, and one that writes in pcapng format. The binary tap is compatible with https://github.com/joholl/tpmstream, and the output of the pcapng tap can be inspected using Wireshark (or compatible tooling).

Example output:

$ tpmstream convert out.bin
Command                                   .
TPMI_ST_COMMAND_TAG                       |   .tag                                       8001                 TPMI_ST_COMMAND_TAG.NO_SESSIONS
UINT32                                    |   .commandSize                               00000016             22
TPM_CC                                    |   .commandCode                               0000017a             TPM_CC.GetCapability
TPMS_COMMAND_HANDLES_GET_CAPABILITY       |   .handles
TPMS_COMMAND_PARAMS_GET_CAPABILITY        |   .parameters
TPM_CAP                                   |   |   .capability                            00000006             TPM_CAP.TPM_PROPERTIES
UINT32                                    |   |   .property                              0000012c             300
UINT32                                    |   |   .propertyCount                         00000001             1
Response                                  .
TPM_ST                                    |   .tag                                       8001                 TPM_ST.NO_SESSIONS
UINT32                                    |   .responseSize                              0000001b             27
TPM_RC                                    |   .responseCode                              00000000             TPM_RC.SUCCESS
TPMS_RESPONSE_HANDLES_GET_CAPABILITY      |   .handles
TPMS_RESPONSE_PARAMS_GET_CAPABILITY       |   .parameters
TPMI_YES_NO                               |   |   .moreData                              01                   1
TPMS_CAPABILITY_DATA                      |   |   .capabilityData
TPM_CAP                                   |   |   |   .capability                        00000006             TPM_CAP.TPM_PROPERTIES
TPMU_CAPABILITIES                         |   |   |   .data
TPML_TAGGED_TPM_PROPERTY                  |   |   |   |   .tpmProperties
UINT32                                    |   |   |   |   |   .count                     00000001             1
TPMS_TAGGED_PROPERTY                      |   |   |   |   |   .tpmProperty[0]
TPM_PT                                    |   |   |   |   |   |   .property              0000012c             TPM_PT.None
Warning: Parsed bad value for TPM_PT .parameters.capabilityData.data.tpmProperties.tpmProperty[0].property = 0x12c = 300 not in ValidValues(TPM_PT)
UINT32                                    |   |   |   |   |   |   .value                 00000300             768
Command                                   .
TPMI_ST_COMMAND_TAG                       |   .tag                                       8001                 TPMI_ST_COMMAND_TAG.NO_SESSIONS
UINT32                                    |   .commandSize                               0000000e             14
TPM_CC                                    |   .commandCode                               00000169             TPM_CC.NV_ReadPublic
TPMS_COMMAND_HANDLES_NV_READ_PUBLIC       |   .handles
TPMI_RH_NV_INDEX                          |   |   .nvIndex                               01c00002             TPM_HR.NV_INDEX.c00002
TPMS_COMMAND_PARAMS_NV_READ_PUBLIC        |   .parameters
Response                                  .
TPM_ST                                    |   .tag                                       8001                 TPM_ST.NO_SESSIONS
UINT32                                    |   .responseSize                              0000003e             62
TPM_RC                                    |   .responseCode                              00000000             TPM_RC.SUCCESS
TPMS_RESPONSE_HANDLES_NV_READ_PUBLIC      |   .handles
TPMS_RESPONSE_PARAMS_NV_READ_PUBLIC       |   .parameters
TPM2B_NV_PUBLIC                           |   |   .nvPublic
UINT16                                    |   |   |   .size                              000e                 14
TPMS_NV_PUBLIC                            |   |   |   .nvPublic
....
Screenshot 2024-06-04 at 13 49 19

@hslatman hslatman marked this pull request as ready for review June 5, 2024 18:52
@hslatman hslatman requested a review from a team June 5, 2024 19:01
maraino
maraino reviewed Oct 7, 2024
View reviewed changes
tpm/debug/pcapng.go
Comment on lines +149 to +150
tcpLayer.SrcPort = layers.TCPPort(2321)
tcpLayer.DstPort = layers.TCPPort(50001)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Didn't look too much into this PR, but we probably want to move these ports customizable.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could, but that wouldn't change much functionally. The PCAP is used just as a container in this case; we're not actually capturing traffic from/to those ports. The bytes read from and written to the TPM device are "massaged into network packets", so to say.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@maraino maraino maraino left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs triage
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@hslatman @maraino