In a previous post, I discussed how to retrieve Platform Configuration Register (PCR) values from a discrete TPM (Trusted Platform Module) 1.2 chip (dTPM 1.2) and provided source code for a UEFI shell utility to display the digests from the first 16 PCRs. In this post, I discuss a number of key TPM 2.0 features and provide the source code for a UEFI shell utility to display the digests from the first 24 PCRs of a TPM 2.0 implementation. What is driving the move to TPM 2.0? Simple, TPM 1.2 ((ISO/IEC 11889) only supports one hash algorithm, i.e. SHA1, and
|
|
||
    |
The ability to quickly configure an LDAP (Lightweight Directory Access Protocol) client for accessing user and group accounts is one of the skills you are expected to have when you sit the Red Hat RHSCA exam. LDAP is a application-level protocol for accessing and maintaining distributed directory services over an IP-based network. It is specified in a series of RFCs (Request for Comments) using ASN.1. The latest LDAP specification is Version 3, published as RFC 4511. Typically, at a minimum, LDAP is used to facilitate centralized user and group account administration. Instead of storing user and group account information locally A Trusted Platform Module (TPM) is, traditionally, a hardware device (chip) designed to enable commodity computing platforms (think laptop or personal computer) to achieve greater levels of security than non-TPM equipped platform. There are over 600 million installed TPMs, mostly in high-end laptops made by Lenovo, HP, Dell, Toshiba and others. TPMs are manufactured by many chip producers including Atmel, STMicroelectronics and Toshiba. Via it’s Trusted Execution Technology (TXT), Intel now incorporates TPM functionality in many of its current processors. TPM technology is specified by the Trusted Computing Group (TCG), an industry consortium that includes Intel, Microsoft, AMD, IBM, HP, The TCG Trusted Platform Module (TPM) 1.2 library specification provides a mechanism for accessing TPM event log details. This post describes a simple UEFI shell utility which can be used to display the TPM event logs. It uses the TrEE protocol which I described in an earlier post this year and so will only work with a TPM which supports the TrEE protocol. The Intel PTT is one such TPM. Here is the source code for the utility: // // Copyright (c) 2015 Finnbarr P. Murphy. All rights reserved. // // Display all the TCG TrEE log entries // // With the drive towards hardening platform firmware, for example Microsoft’s Secure Boot initiative, I have decided to explore what forensic artifacts concerning TCG Trusted Platform Module (TPM) can be retrieved from the UEFI shell command line. The EFI Trusted Execution Environment (TrEE) protocol implements a subset of the TPM 2.0 library specification. Microsoft pushed the TrEE protocol due to the delay in finalizing the TCG EFI Protocol Specification Family “2.0”. As of the date of this post, this TCG specification is currently at the public review stage. This post provides the source code for a small UEFI shell utility that |
 |
| Copyright © 2007-2017 Finnbarr P. Murphy. All Rights Reserved | ||