• Stars
    star
    202
  • Rank 193,691 (Top 4 %)
  • Language
    C
  • License
    GNU General Publi...
  • Created over 9 years ago
  • Updated about 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Use a TPM to store a TOTP token in order to attest boot state to another device

tpmtotp - attest computer boot state to phone via TOTP

This is a small collection of tools for allowing "remote attestation" between a computer and a phone via TOTP.

sealtotp

Generates a TOTP token, seals it against the TPM using the state of PCRs 0-5 and 7, saves it to the file given as the first argument and prints an ANSI QR code

unsealtotp

Takes the file given as the first argument, unseals it with the TPM and prints a TOTP value.

usage

sealtotp and unsealtotp both use libtpm to talk to the TPM directly, and so will not run if a TPM service daemon such as Trousers is running. In addition, they need access to /dev/tpm0 and so will normally need to be run as root. To use, do the following:

./sealtotp totpblob

and enrol the QR code in an app like Google Authenticator. Copy totpblob and unsealtotp (and its dependencies) into your initrd and run

./unsealtotp totpblob

or

./plymouth-unsealtotp totpblob

in your boot process before requesting the disk decryption passphrase. Verify that the value matches the value on your phone before typing any passphrase. The plymouth variant talks to the Plymouth boot splash service and will display your token in the top left of the screen, updating every 30 seconds.

TPM non-volatile storage

If you pass the -n argument to sealtotp, the sealed secret will be stored in nvram on the TPM. plymouth-unsealtotp and unsealtotp will automatically attempt to obtain a secret from there before falling back to attempting to read from files.

UEFI non-volatile storage

If you use /sys/firmware/efi/efivars/ as a prefix to the filename, tpmtotp will handle inserting and removing appropriate attributes and so permit the storage of the encrypted secret as a UEFI variable.

Using multiple filenames

If you pass multiple filenames to the unseal commands, they will attempt to open each in turn and use the first that can be successfully opened. This allows you to attempt to open a UEFI variable and then fall back to an on-disk location.

Passing PCR values

You can choose which PCR values the secret is sealed to using the -p argument to sealtotp. A comma separated list of PCRs will default to using the current value of the PCR. If you are sealing a secret to calculated variables, you may pass them like so:

sealtotp -p 0=62 64 98 1C B8 2B D1 2F 45 C3 C2 06 18 6B C7 6E 23 EB 21 88, 1=3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75, 2=3A 3F 78 0F 11 A4 B4 99 69 FC AA 80 CD 6E 39 57 C3 3B 22 75

requirements

sealtotp requires libqrencode. unsealtotp requires liboath.

limitations

The TPM policy measurement does not currently include the initrd or kernel that you are booting, since grub lacks support for performing the initial measurement of these objects. This results in the following vulnerability:

  1. Shim will be measured into PCR[4]

  2. Shim will verify that the next stage loader is signed with a trusted key

  3. The next stage loader will verify that the kernel is signed with a trusted key

  4. The initrd will be loaded without any verification, and so will be able to unseal the TOTP value while still providing a malicious codebase

Avoiding this requires either signature validation of the initrd (problematic, as these are typically generated on the local system) or for the second stage loader (typically grub) to gain support for measuring its payloads into the TPM.

An attacker who is able to perform DMA-based attacks may be able to boot the system, attach a DMA-capable device and extract the valid TOTP secret from RAM. This will allow them to spoof legitimate boots later on. This can be avoided by ensuring that your kernel and hardware support and enable an IOMMU, or by adding support to the kernel to allow enumeration of DMA-capable external devices to be deferred until later.

Sufficiently malicious firmware may still be able to extract the TOTP secret from system RAM and exfiltrate it such that an attacker can later spoof legitimate boots on a compromised system. Of course, any such sufficiently malicious firmware is also capable of modifying your OS at runtime, so you've already lost.

TODO

Add commandline-switch to sealtotp for choosing trousers (tspi) vs direkt access (libtpm)

Add support for migration of sealed data to new PCR values in order to support bootloader updates.

Add TPM support to grub.

Get distributions to turn on iommus.

Modify the kernel to allow delayed enumeration of DMA-capable external devices.

More Repositories

1

python-broadlink

Python module for controlling Broadlink RM2/3 (Pro) remote controls, A1 sensor platforms and SP2/3 smartplugs
Python
1,373
star
2

mei-amt-check

Check whether AMT is enabled and provisioned under Linux
C
464
star
3

ssh_pki

PKI support for SSH certificates
Go
56
star
4

xevilteddy

An evil teddy bear that steals your secrets
Shell
38
star
5

efitools

Fork of jejb's efitools
C
28
star
6

ulfire

Bridge for LIFX and WeMo Link LED bulbs to an Amazon Echo compatible Hue interface
Python
28
star
7

python-tikteck

Python module for controlling Tikteck Bluetooth LED bulbs
Python
26
star
8

wink-relay-handler

Use a Wink Relay as a generic MQTT sensor, switch and control device
C
24
star
9

python-zengge

Python module for controlling Zengge Bluetooth LED bulbs
Python
16
star
10

python-tss

Python library for interfacing with TPMs
Python
13
star
11

python-decora

Python module for controlling Leviton Decora switches
Python
13
star
12

firmware_config

Python library for performing firmware configuration via out of band management controllers
Python
10
star
13

python-qube

Python module for controlling Qube Bluetooth smartbulbs
Python
8
star
14

kexec-tools

Using kexec to modify the running kernel
C
8
star
15

jargon

Hacky history of the jargon file
Perl
7
star
16

gmusiccast-mpd

Cast Google Music to Chromecasts using MPD-compatible clients
Python
6
star
17

python-mpd-server

Forked version of http://pympdserver.tuxfamily.org/
Python
4
star
18

pupnp-code

Portable Universal Plug'n'Play implementation
C
4
star
19

python-irobotapi

Python API for interacting with iRobot cloud functionality
Python
3
star
20

python-avion

Python module for controlling Avi-on Bluetooth dimmers
Python
3
star
21

python-eficompressor

Compress and decompress files in the EFI compression format
C
3
star
22

seabios

Local SeaBIOS hacks
C
2
star
23

python-tintlink

Python module for controlling Tintlink Bluetooth LED bulbs
Python
2
star
24

robot_telemetry

C++
1
star
25

iwrongbow

Python module for controlling iRainbow Zigbee LED bulbs
Python
1
star
26

grub-fedora

Fedora's grub1 development tree
C
1
star