In a previous post, I discussed how to retrieve Platform Configuration Register (PCR) values from a discrete TPM (Trusted Platform Module) 1.2 chip (dTPM 1.2) and provided source code for a UEFI shell utility to display the digests from the first 16 PCRs. In this post, I discuss a number of key TPM 2.0 features and provide the source code for a UEFI shell utility to display the digests from the first 24 PCRs of a TPM 2.0 implementation. What is driving the move to TPM 2.0? Simple, TPM 1.2 ((ISO/IEC 11889) only supports one hash algorithm, i.e. SHA1, and
|
|
||
    |
A Trusted Platform Module (TPM) supports many security functions including a number of special registers called Platform Configuration Registers (PCRs) which can hold data in a shielded location in a manner that prevents tampering or spoofing. A PCR is a 20-byte register. which incidentally is the length of a SHA-1 (Secure Hash Algorithm) hash. Most modern TPMs have 24 or even more PCRs; older ones have 16 PCRs. The TPM 1.2 specification, developed by the Trusted Computing Group (TCG) only requires 16 PCRs. Typically PCRs are used to store measurements. Measurements can be of code, data structures, configuration, information, or The UEFI specification defines a Random Number Generator protocol (RNG), which can be used to provide random numbers for use in nonces, key generators, signature schemes and more. This protocol was first introduced in version 2.4 of the specification. A UEFI RNG service that implements this protocol takes an optional input value that identifies an RNG algorithm and provides a RNG value based on the input value and internal state, including the state of its entropy sources. When a Deterministic Random Bit Generator (DRBG) is used on the output of the raw entropy source, its security level must be at The Lenovo ThinkPwn zeroday (Oday) proof of concept (POC) that a UEFI application can write via SMM to SMRAM has been very widely and sensationally reported in computing news media, including SlashDot in the last week or so. The POC was developed by Dmytro Oleksiuk, an independent infosec researcher and developer, who once worked as a technician for Esage Lab and was one of the cofounders of Neuron, the first Moscow hackspace. Olelsiuk claims to be “currently engaged in the research of vulnerabilities and malware as a hobby.” His blog post on ThinkPwn is here and the actual POC source |
 |
| Copyright © 2007-2017 Finnbarr P. Murphy. All Rights Reserved | ||