Tip / Sign in to post questions, reply, level up, and achieve exciting badges. Know more

cross mob

Sealing and unsealing data in TPM

Sealing and unsealing data in TPM

250 sign-ins First comment on blog 50 solutions authored

Lately, most applications have Two-Factor Authentication enabled, making it difficult for an attacker to access a user account or a system. This got me wondering about various mechanisms that are there to ensure the security of systems beyond just a username and password.

While reading about this, I came across a mechanism called sealing, which is used by the TPM to secure user credentials and keys. Sealing is essentially encrypting data based on certain conditions. TPM allows decryption only if the conditions defined during encryption are satisfied. Sealing is also used in encrypting the BitLocker key with the TPM which is used for disk encryption. This blog explains the steps involved in sealing/unsealing data using an OPTIGATM SLB9670VQ2.0.

In the previous blog, we saw that TPM has a limited Non-Volatile Random Access Memory (NVRAM) area to store user credentials and other secret data. TPM also has a set of Platform Configuration Registers (PCR) that confirm the uncompromised system state measured during bootup. This is explained in detail in the : Storing and reporting system measurements with TPM.

TPM uses PCR measurements to implement policies that restrict unauthorized access to Non-Volatile (NV) area. This operation of locking an NV area to the system state is called sealing. So, if the system configuration changes or the software is compromised, the policy will be left unsatisfied at the time of unsealing and the data would be irretrievable.

How is data sealed?

The process of sealing requires the following steps:

1. Policy creation

A policy can be created using the tpm2_createpolicy’ command specifying the PCR indices to be locked to the policy.

tpm2_pcrread -o measured.pcrvalues sha256:0,1,2

The above command reads the PCR values (hash) from indices 0,1 & 2 and stores it in measured.pcrvalues.

tpm2_createpolicy --policy-pcr -l sha256:0,1,2 -f measured.pcrvalues -L measured.policy

Where measured.policy is the output file for the policy and PCR indices (SHA256) 0,1 and 2 are considered.

2. Defining an NVRAM area 

An NVRAM space can be created using the ‘tpm2_nvdefine’ command. While creating, a policy can be attached to the NV index.

tpm2_nvdefine 0x1500016 -C o -s 32 -L measured.policy -a "policyread|policywrite"

Where 0x1500016 is the NV index, measured.policy is the policy file, policyread|policywrite are the NV space attributes.

3. Reading and writing into the NVRAM space

Now, to read and write to the NV space, the policy needs to be satisfied.  The PCR values at the time of sealing should be consistent while reading or writing into the NV space.

echo -n "top secret!!" | tpm2_nvwrite 0x1500016 -C 0x1500016 -P pcr:sha256:0,1,2=measured.pcrvalues -i –

Where 0x1500016 is the NVRAM handle and the location where the policy is stored pcr:sha256:0,1,2 = measured.pcrvalues: We now check if the PCR values match the ones that were generated earlier, then the intended data is written into the NVRAM area. We do the same check for reading from the index as well.       

tpm2_nvread 0x1500016 -C 0x1500016 -P pcr:sha256:0,1,2=measured.pcrvalues

This way, sensitive data can be sealed and protected by a policy in the TPM. It is also possible to seal a key to a set of PCR values and use it to encrypt data. So, at the time of decryption, we need to first satisfy the policy and then use the key to decrypt data. OPTIGA™ TPM 2.0 Explorer demonstrates how OPTIGA™ TPM 2.0 can be used for sealing/unsealing data.

Links to explore further:

1 Comment