Google Git
Sign in
chromium / chromiumos / platform2 / refs/heads/main / . / vtpm
tree: 28a9c5c1d5d42a5479d2dfc672102044a47d6bc7 [path history] [tgz]
  1. backends/
  2. client/
  3. commands/
  4. dbus_bindings/
  5. minijail/
  6. tmpfiles.d/
  7. BUILD.gn
  8. dbus_interface.h
  9. DIR_METADATA
  10. main.cc
  11. org.chromium.Vtpm.conf
  12. OWNERS
  13. README.md
  14. vtpm_daemon.h
  15. vtpm_interface.proto
  16. vtpm_service.cc
  17. vtpm_service.h
  18. vtpm_service_test.cc
  19. vtpmd-seccomp-amd64.policy
  20. vtpmd-seccomp-arm.policy
  21. vtpmd-seccomp-arm64.policy
  22. vtpmd.conf
vtpm/README.md

Virtual TPM service

vtpm is the system service that provides virtualized TPM interface. It provides a D-Bus interface like a TPM daemon while the backend of the TPM

implementation is virtualized, and can be backed by SW or the real TPM.

This document below provides the top view of the behavior of vtpm.

Persistent keys

Vpm supports pre-defined persistent keys. It is implemented using a loadable transient key in the storage hierarchy. When a virtual persistent key is being used, vtpm loads the key to the host TPM, and the loaded transient key handle replaces the virtual persistent key handle value.

So far there are 2 pre-defined keys: storage root key (vSRK) and endorsement key (vEK).

Authorization & sessions

Vptm provides a very limited support for authorization and sessions:

  • Password authorization is supported.
  • HMAC is not supported due to a command not always sent to the host TPM as is. In fact, most of time, a command is handled in the vtpm daemon directly, sent to with replacement of handles or authorization values, or compose a series of host TPM commands. Those cases make HMAC sessions incompatible with any existing use of HMAC sessions (because obviously the integrity checking of the HMAC values won’t add up).
  • Policy session is supported, though the only policy command vtpm supports are currently PolicySecret.

Predefined NVRAM spaces

Vtpm supports pre-defined, read-only NVRAM spaces. A typical (and currently the only) use is to store a virtual endorsement key certificate.

For now, only the vEK certificate is supported.

Supported key type and algorithm

All the key types and algorithm inputs/outputs are passed through to/from the host TPM.

Note that, though it implies that what is supported by the host TPM should work with vtpm, during the development, the testing of the vtpm implementation is ECC focused.

Unsupported commands & error handling

If vtpm receives a command that is not supported, it returns TPM_RC_COMMAND_CODE.

If any system error occurs, usually it might return TPM_RC_FAILURE. (For example, A dependent daemon service is down and a certain operation cannot be performed.)

Supported commands & arguments

TPM2_GetCapability

It supports to list TPM_CAP_HANDLES with persistent key handles.

For development purposes, transient key handles and policy session handles are also supported, but they are not tested in production logic.

TPM2_NV_Read

It supports reading the data from a predefined NV space.

Despite only vEK certificate being the only one that is supported, different indice can be implemented in different ways by design ; there is no unified way to maintain the NV space like what a real TPM does.

TPM2_NV_ReadPublic

It supports reading the public area of a predefined NV space.

Like TPM2_NV_Read, the public information can be implemented differently index by index.

Forwarding a command to the host TPM

Forwarding rules

The following virtual objects are transferred to the ones the host TPM recognizes:

  1. Persistent key handles. When a virtual persistent key handle, e.g. a virtual storage root key or a virtual endorsement key is used, it is loaded as a transient key on the host TPM, and the transient key handle then replaces the virtual key handle.
  2. Endorsement password. When the virtual endorsement password is used, vtpm replaces it with the endorsement password for the host TPM.

Supported command

The following commands are forwarded to the host TPM with the rule mentioned above. Additional notes to a specific command is also documented below:

  • TPM2_Create
  • TPM2_Load
  • TPM2_ReadPublic
  • TPM2_FlushContext
  • TPM2_StartAuthSession
    • Note that, as documented in the previous section, only policy session is supported.
  • TPM2_PolicySecret
    • Note that only password authorization is supported as other policy commands are not supported.
  • TPM2_MakeCredential
  • TPM2_ActivateCredential
  • TPM2_Hash
  • TPM2_Sign
  • TPM2_VerifySignature
  • TPM2_Certify

gLinux profile

Below the important constants and parameters for gLinux use are listed below:

  • ECC SRK (handle 0x81000002)
    • Decrypt key.
    • curve id: TPM_ECC_NIST_P256.
    • Password authorization: empty password.
    • Policy digest: empty.
    • PCR: not bound.
  • ECC EK (handle 0x81010002)
    • Decrypt key.
    • curve id: TPM_ECC_NIST_P256.
    • Password authorization: empty password.
    • Policy digest: As recommended in ECC EK template for TCG Credential Profile EK 2.0.
    • PCR: not bound.
  • ECC EK certificate (index 0x01C0000a)
  • RSA SRK & EK: not provided.
  • Endorsement password: empty.
  • Owner password & lockout password: the values are not defined because the authorization with them are not supported.