semi-automated prototyping of a tpm v2 software and hardware simulation ... - trust 2013 ·...

Institute for Applied Information Processing and Communications (IAIK)Secure and Correct Systems Group (SCoS) – Graz University of Technology (TUG)

1

TRUST'13 17.Jun.2013

Semi-Automated Prototyping of aTPM v2 Software and Hardware

Simulation Platform

Martin Pirker, Johannes Winter

{mpirker,jwinter}@iaik.tugraz.at

Institute for Applied Information Processing and Communications (IAIK),Graz University of Technology, Austria

rev 20130628, non-interactive


2


2

Trusted Platform Module

Feb'02 TPM v1.1b specification

Oct'03 TPM v1.2 rev. 62

Mar'11 TPM v1.2 rev. 116


3


3

Trusted Software Stack

2 full open-source implementations of TSS specs

TrouSerS / C http://trousers.sourceforge.net/

jTSS / Java http://trustedjava.sourceforge.net/


4


4

jTSS

Developed / started by IAIK within EU OpenTC project

100% Java implementation of every TSS detail

Manual work

Tried automation of implementation process...but gave up on it


5


5

Oct'12

TPM v2first publicdraft


6


6

v2 Specification Promise

“The information in this document is formatted so thatit may be converted to standard computer-language formats by an automated process. The purpose ofthis automated process is to minimize the transcription errors that often occur during the conversion process […]In addition, the conventions and notations in thisclause describe the representation of various dataso that it is both human readable and amenable to automated processing.”


7


7

Specification Text Extraction

*.PDF files, ~1400 pages TPM v2 spec

… run through Libreoffice PDF import ...

→ *.FODG files OpenDocument Graphics (XML based)

… run through custom script ...

→ raw text fragments[x,y,style,text], [x,y,style,text], ...


8


8


9


9

Spec Parts

Part 2Data structures

Part 3Commands

Part 4Support / Runtime environment


10


10


11


11


12


12


13


13

Script Run


14


14


15


15


16


16


17


17

Towards a TPM v2 Simulator

write Makefile / OpenSSL inclusion remove winsock.h / windows.h references socket interface instead of RPC

remove MS-stuff, e.g. fopen_s CFLAGS += -std=C99 -pedantic case sensitive header includes (e.g. Tpm.h vs tpm.h) duplicate / inconsistent s_NvIsAvailable declaration startup / init / self-test code … … ...

→ and obtain a Linux build :-)


18


18

Hardware TPM v2

TPM v2 in software is nice.... and as hardware?

Idea: run SW Simulator on FGPA platform


19


19

Hardware TPM v2

Xilinx XC3S700ANN FGPA board

32-bit Xilinx MicroBlaze soft-core processor

I2C+LPC bus slave controllers

open-source lwIP TCP/IP stack

stripped OpenSSL cryptography

..…fits just in on-chip flash (8Mbit) of FPGA (FPGA bitstream + bootloader + TPM simulator code)


20


20

Net

Power


21


21

Net USB/JTAGPower

LPCSerial

I2C


22


22

SerialConsole


23


23

“Hello World”


24


24

TPM v2 in-system Simulation

Done JTAG debugging of FPGA TPM I2C interface for embedded (e.g. for Arduino) Network interface (similar to IBM SW TPM v1.2)

Ongoing FPGA LPC interface based on previous work, FPGA side

handling of TIS protocol work-in-progress


25


25

Lessons Learned

Is the TPM v2 spec suited for automated processing?Yes, better than v1.2

Is it possible to synthesize a TPM simulator from it?Yes, but quite some work to create/generate missing code

Can we use a SW simulator to fake a HW TPM v2?Port to FPGA board, work-in-progress...

Outlook Cleanup, debug, document… someone with a TSS v2... ? :-)


26


26

Credits

Martin Pirker ([email protected]) Spec parser, extractor, code generation

Johannes Winter ([email protected]) FPGA port

Paper:Proceedings of 6th International Conference onTrust & Trustworthy Computing (TRUST 2013),17-19 Jun 2013, London, UK; LNCS 7904, Springerhttp://trust2013.sba-research.org/


27


27

INTRUST'13 conference

5/6 Dec 2013 – Graz, Austria

CFP: 8.Jul !

intrust13.iaik.tugraz.at

semi-automated prototyping of a tpm v2 software and hardware simulation ... - trust 2013 ·...

Documents