s oftware tpm in a v irtual m achine jordan jump cpre681 - semester project - jordan jump go to next...

SOFTWARE TPMIN A

VIRTUAL MACHINEJordan Jump

Cpre681 - Semester Project - Jordan Jump

Go to next slide to begin the presentation …

Original Proposal


Physical PC Diagram


• TPM typically located on Low Pin Count (LPC) bus

• Shares bus with other low rate peripherals

Accessing a Physical TPM v1.1

• x86 has two address spaces– Typical memory addressing– I/O addressing

• I/O addresses accessed via OUT and IN instructions– Used to access LPC bus– Commonly used addresses, but NOT standardized

(the set 0x4E, 0x4F, 0x400, 0x401 is common)


Accessing a Physical TPM v1.2

• TCG PC Client Specific TPM Interface Specification (TIS)– Defines and mandates a Memory Mapped (MMIO)

interface– Physical addresses 0xFED40000 – 0xFED44FFF – One device driver to rule them all– The reason why …


Windows TPM Architecture


• Windows TPM architecture only supports 1.2 TPMs

• Windows Vista and Windows 7 device drivers builtin

• Sure would be nice to use that…

Software TPM

• TPM Emulator by Mario Strasser– Open source– De facto standard for projects using SW TPMs– Implements 100% TPM commands– Accessible via TDDL– Runs as daemon (no device driver necessary)


The Goal• Figure out how to link the TPM Emulator with

unmodified Windows 7 running in a VM


Virtual Machine Survey

XenKVMQEMUVMWareVirtualBoxMS Virtual PC… and many more

What sets them apart??


Virtual Machine Survey• … Not much– VMWare and VirtualPC not Open Source, so not

viable option– Xen, KVM, QEMU, VirtualBox all support Windows

(some require VT-x)– In fact, all borrow from QEMU’s device emulation.– QEMU itself is slow because it doesn’t paravirtualize

• side project to accelerate QEMU abandoned because VirtualBox does it better.

– Chose VirtualBox• Rather arbitrary choice; Xen might have been OK• Xen and KVM were first and foremost for paravirtualization


VirtualBox

• Developed by Innotek, purchased by Sun, purchased by Oracle

• Provides Open Source Edition (OSE)– No USB support– No builtin remote desktop server– … otherwise the same


VirtualBox

• Complicated• Virtualizes using dynamic recompiler (from

QEMU).• Also disassembles and patches guest code so

it doesn’t have to redo recompilation

• Why do I care?


TPM to VM Interface

• Dynamic recompiler enables the green box– Guest VM writes or reads to TPM memory

mapped address– Recompiler replaces write/read with hook to my

code– My code processes the write/read and, if a read,

provides a value back– Missing piece was to emulate the TPM MMIO

interface to act as gatekeeper between Windows VM and Software TPM


TPM MMIO Interface


• TIS provides implementation details– Localities allow multiple accessors• Only 1 can access at a time• Locality 4 highest priority; cannot be

accessed by software• Locality 0/Legacy for SRTM• Windows (BitLocker) only uses Locality 0

– Inputs/Outputs read 1 byte at a time

Implementing in VirtualBox

• Struggled a lot!• Few code comments• Almost no documentation (some short, high-

level docs that aren’t useful)• Learned by reverse-engineering other drivers

and ‘search in files’• (seems simple now)


Implementing in VirtualBox

• On startup, register memory address range with VirtualBox and provide callbacks

• Memory Write/Read by VM triggers write/read callback– My code handles TIS protocol items such as locking,

signaling, buffering, etc.

• Once a full command has been received, my code calls SW TPM via host TDDL and retrieves result– My code handles TIS protocol to send back response


Other implementation details

• Windows won’t read at memory address unless registered in ACPI – Entered ACPI source language (ASL) listed in TCG

PC Client Specific Implementation Specification For Conventional BIOS

Device (TPM) {Name (_HID, EISAID(“PNP0C31”))Name (_CRS, ResourceTemplate() {Memory32Fixed (ReadWrite, 0xFED40000, 0x5000,)

})}


ImplementationScreenshots


Opening tpm panel in Windows 7


No SRTM


Future Work

• Modify VirtualBox BIOS to support SRT– Support hashing function for locality 4

• Multiple SW TPM instances for multiple VMs• Start/Stop SW TPM instance when

starting/stopping VM• More robust misbehavior checking• Modify SW TPM to allow locality to be

specified via TDDL


Thanks!

[email protected]


“I like prerecorded presentations because I can delete out most of my ‘uhs’ and ‘uhms’”

“I dislike them because I can’t gauge or engage the class”

s oftware tpm in a v irtual m achine jordan jump cpre681 - semester project - jordan jump go to next...

Documents

software tpm tpm emulator

real tpm

presentation slide

physical tpm v1

tpm mmio interface

tpm commands accessible

s oftware tpm

windows vm