Backing / protecting swtpm key by the hardware tpm (v2) of the host ?

[benth42]

Hello,

First thank you for this software, really impressive.

Well I have a question : is there any way to use the hardware tpm of the host to "protect" the swtpm ?
Any research or idea in this direction ?

Perhaps with swtpm_setup --keyfile-fd ? Or I miss understand this options ?

Thank you in advance.

Regards,

[stefanberger]

Well I have a question : is there any way to use the hardware tpm of the host to "protect" the swtpm ? Any research or idea in this direction ?

Other than using the host's hardware TPM as a certificate authority for issuing the TPM's EK and platform certificates there is no other (known) way of using the hardware TPM for securing keys, performing crypto ops etc. of swtpm.

Perhaps with swtpm_setup --keyfile-fd ? Or I miss understand this options ?

This option is for creating an encrypted TPM state file and the file descriptor passed here must be for a file containing the key to use for state file encryption/decryption (symmetric key).

From the manpage:

       --keyfile <keyfile>
           The key file contains an ASCII hex key consisting of 32 hex
           digits with an optional leading '0x'. This is the key to be used
           by the TPM emulator for encrypting the state of the TPM.

       --keyfile-fd <file descriptor>
           Like --keyfile but the key will be read from the file descriptor.

[benth42]

Hello,

Thank you for your answer ! and sorry for my late reply :(

About the first part, well it could be interesting to use an external CA : the hardware TPM chips or a know/trusted local CA.
I will look how to do this "issuing the TPM's EK and platform certificates"

About the second part, thank you, indeed I was not sure, but now I'm, not related to the initial question.

[benth42]

Hello,

Thank you again. Well I have managed to work with a custom CA, and do some tpm hardware and software operations.

But, sadly, I must miss understood something (not only one, i know) : how, in the VM, the user could checks that the ek certificate of the swtpm is coming from a CA sign by the hardware tpm ? Is it possible at least ?

Hope you have some time to point me to the right direction.
Thank you in advance

Regards,

Ben

[stefanberger]

But, sadly, I must miss understood something (not only one, i know) : how, in the VM, the user could checks that the ek certificate of the swtpm is coming from a CA sign by the hardware tpm ? Is it possible at least ?

Generally, there's no way to check what type of device was involved in the minting of any certificate. This also applies in this case.

[benth42]

Hello,

Thank you, seems logical that I don't find a way todo it :D

I'm very curious GCP announcing : ". This will allow us to establish a hardware
root of trust that we can chain all the way to vTPM" here

Thank you