Hello Team,
We wanted to write the ftpm’s PCR registers, requirement is to have disk encryption during the runtime instead of having it during flashing time or build time. How to save hashes persistently in ftpm?
We are trying to implement our own disk encryption for Jetson Orin Nano using cryptsetup with ftpm using this scripts in initramfs.
During the first boot we are able to enroll the keys and see the system is encrypted, as below, But for further successive boot, we are noticing that the ftpm PCR:7:sha256 keys were not updated or reset from UEFI when we reboot the device. Note that we are not using optee related utilities for writing the keys.
here’re commands check PCR,
it’s also an example to confirm whether measured boot is active.
for instance, $ sudo modprobe tpm_ftpm_tee $ sudo tpm2_pcrread
please refer to The fTPM Boot Flow and fTPM Measured Boot.
The fTPM boot flow is a process that verifies and measures the integrity of firmware components during the boot process.
it’s hash value to verify the authenticity and consistency of various components within the boot chain.
I have tried enabling the IMA but it was not using ftpm, Even I have enabled the TCG_FTPM_TEE as a static modules, (Note that IMA cannot be configured as loadable modules) Kindly refer the below logs
root@orin-nano:~# zcat /proc/config.gz |grep -i FTPM
CONFIG_TCG_FTPM_TEE=y
root@orin-nano:~# dmesg |grep -i ima
[ 0.000000] Kernel command line: initrd=\initrd.img-5.15.148-1 LABEL=Boot root=PARTUUID=fedcba98-7654-3210-cafe-5e0710000001 nvidia-drm.fbdev=1 rootwait rw firmware_cl
ass.path=/etc/firmware fbcon=map:0 nv-auto-config video=efifb:off ima_tcb ima_appraise=fix ima_appraise_tcb rootflags=i_version debug log_buf_len=4M
[ 0.266636] device-mapper: core: CONFIG_IMA_DISABLE_HTABLE is disabled. Duplicate IMA measurements will not be recorded in the IMA log.
[ 1.666929] ima: No TPM chip found, activating TPM-bypass!
[ 1.666963] ima: Allocated hash algorithm: sha256
[ 1.667083] ima: No architecture policies found
[ 4.720359] systemd[1]: No IMA custom policy file /etc/ima/ima-policy, ignoring: No such file or directory
[ 4.807368] systemd[1]: systemd 254.22-1~bpo12+1 running in system mode (+PAM +AUDIT +SELINUX +APPARMOR +IMA +SMACK +SECCOMP +GCRYPT -GNUTLS +OPENSSL +ACL +BLKID +CURL +
ELFUTILS +FIDO2 +IDN2 -IDN +IPTC +KMOD +LIBCRYPTSETUP +LIBFDISK +PCRE2 -PWQUALITY +P11KIT +QRENCODE +TPM2 +BZIP2 +LZ4 +XZ +ZLIB +ZSTD -BPF_FRAMEWORK -XKBCOMMON +UTMP +SYSVI
NIT default-hierarchy=unified)
[ 10.320380] systemd[1]: systemd-pcrphase.service: ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f failed.
root@orin-nano:~#
root@orin-nano:~# ls -la /dev/tpm*
crw-rw---- 1 tss root 10, 224 Mar 4 2024 /dev/tpm0
crw-rw---- 1 tss tss 252, 65536 Mar 4 2024 /dev/tpmrm0
root@orin-nano:~#
Is there any utility available from nvidia to update/extend the ftpm pcr registers permanently (not reset from UEFI).
please refer to developer guide, Flashing Support.
BTW, may I double check what’s the Jetson security you’ve enabled? for instance, did you fuse a target to burn PKC/SBK..etc?
Do you mean to say, PCR hashes will get updated only when flashing MB1/MB2/TOS, It cannot be modified persistently on our own, as the scope of the PCRs are limited to only firmwares as per this boot flow
please update the firmware components (such as mb1, mb2, TOS..etc).
since you’re not fusing a target, you may flash a specific partition instead of flashing the whole device.
@JerryChang
What would be the recommended way to store credential (private keys, certificates etc.) in a secure manner (ARM Trust Zone?) on the Jetson Orin Nano module? Are there tutorials / best practices available from Nvidia side how to do that? Where can we get a general overview about them? Are there any limitations on that for using it together with Ubuntu or should this way work with Debian as well?
As discussed over call with @DanieleTafani below it seems that we are not able to bring your recommended way of storing in the PCR registers to our Debian base for example:
As discussed over weekly meeting, I am adding more details for accessing fTPM’s PCR registers persistently.
We wanted to utilize the ftpm’s PCR registers to be precisely PCR7 for disk encryption support during the runtime.
We are trying to implement our own disk encryption for Jetson Orin Nano using cryptsetup with fTPM’s PCR7 using the scripts from initramfs.
During the first boot we are able to enroll the keys and see the system is encrypted, as below, but for further successive boot, we are noticing that the ftpm PCR:7:sha256 keys were not updated or reset from UEFI when we reboot the device.
