Software TPM in a Virtual Machine - PowerPoint PPT Presentation

About This Presentation
Title:

Software TPM in a Virtual Machine

Description:

SOFTWARE TPM IN A VIRTUAL MACHINE Jordan Jump Go to next to begin the presentation Cpre681 - Semester Project - Jordan Jump Gave me trouble. – PowerPoint PPT presentation

Number of Views:100
Avg rating:3.0/5.0
Slides: 25
Provided by: jordan
Category:

less

Transcript and Presenter's Notes

Title: Software TPM in a Virtual Machine


1
Software TPMin aVirtual Machine
  • Jordan Jump

Go to next slide to begin the presentation
2
Original Proposal
  • Demonstrate a software-only TPM within a virtual
    machine
  • Generally equivalent to real TPM, except doesnt
    contain correct certificate to link to CA.
  • Guest OS within VM doesnt know not HW (excepting
    the certificate)

3
Physical PC Diagram
  • TPM typically located on Low Pin Count (LPC) bus
  • Shares bus with other low rate peripherals

4
Accessing a Physical TPM v1.1
  • x86 has two address spaces
  • Typical memory addressing
  • I/O addressing
  • I/O addresses accessed via OUT and IN
    instructions
  • Used to access LPC bus
  • Commonly used addresses, but NOT standardized
    (the set 0x4E, 0x4F, 0x400, 0x401 is common)

5
Accessing a Physical TPM v1.2
  • TCG PC Client Specific TPM Interface
    Specification (TIS)
  • Defines and mandates a Memory Mapped (MMIO)
    interface
  • Physical addresses 0xFED40000 0xFED44FFF
  • One device driver to rule them all
  • The reason why

6
Windows TPM Architecture
  • Windows TPM architecture only supports 1.2 TPMs
  • Windows Vista and Windows 7 device drivers
    builtin
  • Sure would be nice to use that

7
Software TPM
  • TPM Emulator by Mario Strasser
  • Open source
  • De facto standard for projects using SW TPMs
  • Implements 100 TPM commands
  • Accessible via TDDL
  • Runs as daemon (no device driver necessary)

8
The Goal
  • Figure out how to link the TPM Emulator with
    unmodified Windows 7 running in a VM

9
Virtual Machine Survey
  • Xen
  • KVM
  • QEMU
  • VMWare
  • VirtualBox
  • MS Virtual PC
  • and many more
  • What sets them apart??

10
Virtual Machine Survey
  • Not much
  • VMWare and VirtualPC not Open Source, so not
    viable option
  • Xen, KVM, QEMU, VirtualBox all support Windows
    (some require VT-x)
  • In fact, all borrow from QEMUs device emulation.
  • QEMU itself is slow because it doesnt
    paravirtualize
  • side project to accelerate QEMU abandoned
    because VirtualBox does it better.
  • Chose VirtualBox
  • Rather arbitrary choice Xen might have been OK
  • Xen and KVM were first and foremost for
    paravirtualization

11
VirtualBox
  • Developed by Innotek, purchased by Sun, purchased
    by Oracle
  • Provides Open Source Edition (OSE)
  • No USB support
  • No builtin remote desktop server
  • otherwise the same

12
VirtualBox
  • Complicated
  • Virtualizes using dynamic recompiler (from QEMU).
  • Also disassembles and patches guest code so it
    doesnt have to redo recompilation
  • Why do I care?

13
TPM to VM Interface
  • Dynamic recompiler enables the green box
  • Guest VM writes or reads to TPM memory mapped
    address
  • Recompiler replaces write/read with hook to my
    code
  • My code processes the write/read and, if a read,
    provides a value back
  • Missing piece was to emulate the TPM MMIO
    interface to act as gatekeeper between Windows VM
    and Software TPM

14
TPM MMIO Interface
  • TIS provides implementation details
  • Localities allow multiple accessors
  • Only 1 can access at a time
  • Locality 4 highest priority cannot be accessed
    by software
  • Locality 0/Legacy for SRTM
  • Windows (BitLocker) only uses Locality 0
  • Inputs/Outputs read 1 byte at a time

15
Implementing in VirtualBox
  • Struggled a lot!
  • Few code comments
  • Almost no documentation (some short, high-level
    docs that arent useful)
  • Learned by reverse-engineering other drivers and
    search in files
  • (seems simple now)

16
Implementing in VirtualBox
  • On startup, register memory address range with
    VirtualBox and provide callbacks
  • Memory Write/Read by VM triggers write/read
    callback
  • My code handles TIS protocol items such as
    locking, signaling, buffering, etc.
  • Once a full command has been received, my code
    calls SW TPM via host TDDL and retrieves result
  • My code handles TIS protocol to send back response

17
Other implementation details
  • Windows wont read at memory address unless
    registered in ACPI
  • Entered ACPI source language (ASL) listed in TCG
    PC Client Specific Implementation Specification
    For Conventional BIOS
  • Device (TPM)
  • Name (_HID, EISAID(PNP0C31))
  • Name (_CRS, ResourceTemplate()
  • Memory32Fixed (ReadWrite, 0xFED40000, 0x5000,)
  • )

18
ImplementationScreenshots
19
(No Transcript)
20
Opening tpm panel in Windows 7
21
(No Transcript)
22
No SRTM
23
Future Work
  • Modify VirtualBox BIOS to support SRT
  • Support hashing function for locality 4
  • Multiple SW TPM instances for multiple VMs
  • Start/Stop SW TPM instance when starting/stopping
    VM
  • More robust misbehavior checking
  • Modify SW TPM to allow locality to be specified
    via TDDL

24
Thanks!
  • jmjumps_at_iastate.edu

I like prerecorded presentations because I can
delete out most of my uhs and uhms
I dislike them because I cant gauge or engage
the class
Write a Comment
User Comments (0)
About PowerShow.com