From 61b4ecb68f9944f2b329319f3b70b63ca4a4eccf Mon Sep 17 00:00:00 2001 From: Marcio Silva Date: Mon, 29 Jun 2020 11:24:53 -0400 Subject: [PATCH 01/13] Documentation for PR #320 Signed-off-by: Marcio Silva --- docs/user_guide.rst | 1 + docs/user_guide/use_pre_created_ek.rst | 64 ++++++++++++++++++++++++++ 2 files changed, 65 insertions(+) create mode 100644 docs/user_guide/use_pre_created_ek.rst diff --git a/docs/user_guide.rst b/docs/user_guide.rst index fd8076d..c38675b 100644 --- a/docs/user_guide.rst +++ b/docs/user_guide.rst @@ -10,3 +10,4 @@ User Guide user_guide/runtime_ima.rst user_guide/encrypted_payload.rst user_guide/revocation.rst + user_guide/use_pre_created_ek.rst diff --git a/docs/user_guide/use_pre_created_ek.rst b/docs/user_guide/use_pre_created_ek.rst new file mode 100644 index 0000000..dc696ba --- /dev/null +++ b/docs/user_guide/use_pre_created_ek.rst @@ -0,0 +1,64 @@ +User Selected PCR Monitoring +============================ + +.. warning:: + This page is still under development and not complete. It will be so until + this warning is removed. + + +Introduction +------------ + +The normal behavior of `keylime_agent` during startup is pretty forceful +and uncompromising on "taking over" the TPM device. This takeover, includes +a "startup & clear (tpm2_startup -c), "change owner, endorsement and +lockout authorizations" (tpm2_changeauth) and "generate a new Endorsement +Key" (tpm2_createek). + +In this scenario, when the agent submits the public part of the EK to registrar, +there isn't a specific way for an administrator to tie a particular (EK) +to a specific piece of hardware. + +However, this kind of "chain of provenance", +which started at a factory, and included an "air-gapped boot measurement station", +before going into production is mandatory in certain high-security corporate +environments. + +How to use +---------- + +In order to use this keylime feature, the TPM will have to initialized before +the keylime agent is started. + +First of all, the administrator has to issue the following commands against +following commands against a "clean" TPM (virtual or otherwise):: + + tpm2_startup --version + tpm2_startup -c + tpm2_changeauth -c o + tpm2_changeauth -c e + tpm2_changeauth -c o -p + tpm2_changeauth -c e -p + tpm2_getcap handles-persistent + tpm2_createek -c - -G rsa -u /tmp/test -p -w -P + tpm2_getcap handles-persistent + +Using the last two `tpm2_getcap handles-persistent` commands, an administrator +can observe the handle of the newly created EK. At this point, in addition to +recording such handle, the administrator can chose to store the public part of +the EK in some sort of store/database. + +Afterwards, the value of the EK handle (`ek_handle`, default value is +`generate`) can be added to `keylime.conf`, under the `[cloud_agent]` section:: + + ek_handle = + +Now, when the keylime agent is started, it will "just" use this EK, and will +just create a new AIK. Equally important, the agent will make sure +that particular handle is not flushed on exit. + +An additional clarification: this arrangement, of course, does not prevent the +registrar from recording any EK submitted, but rather it makes the (tenant-side) +script (defined by the attribute `ek_check_script`) much more useful. An administrator +can now use it to check the EK against a list of properly pre-defined (and +previously collected) values. From e15cc6b099e0a004e3004cf92ae2780045bfcdf7 Mon Sep 17 00:00:00 2001 From: Marcio Silva Date: Mon, 22 Mar 2021 15:42:17 -0400 Subject: [PATCH 02/13] Add a first draft of documentation for measured boot Signed-off-by: Marcio Silva Signed-off-by: Marcio Silva --- docs/user_guide/use_measured_boot.rst | 88 +++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 docs/user_guide/use_measured_boot.rst diff --git a/docs/user_guide/use_measured_boot.rst b/docs/user_guide/use_measured_boot.rst new file mode 100644 index 0000000..938b3f2 --- /dev/null +++ b/docs/user_guide/use_measured_boot.rst @@ -0,0 +1,88 @@ +User Selected PCR Monitoring +============================ + +.. warning:: + This page is still under development and not complete. It will be so until + this warning is removed. + + +Introduction +------------ + +In any real-world large-scale production environment, a large number of +different types of nodes will typically be found. The TPM 2.0 defines specific +meaning - measurement of UEFI bios, measurement of boot device firmware - for +lower-numbered PCRs (e.g., PCRs 0-9), as these are extended during the multiple +events of a measured boot log. However, simply comparing the contents of these +PCRs against a well-known "golden value" becomes unfeasible. The reason for +this is, in addition to the potentially hundreds of variations due to node +type, that it can be experimentally demonstrated that some PCRs (e.g, PCR 1) +vary for each physical machine, if such machine is netbooted (as it encodes the +MAC address of the NIC used during boot.) + +Fortunately, the UEFI firmware is now exposing the event log through an ACPI +table and a "recent enough" Linux kernel (e.g., 5.4 or later) is now consuming +this table and exposing this boot event log through the securityfs, typically +at the path `/sys/kernel/security/tpm0/binary_bios_measurements`. When combined +with `secure boot` and a "recent enough" version of grub (TBD), the +aforementioned can be fully populated, including measurements of all +components, up to the `kernel` and `initrd`. + +In addition to these sources of (boot log) data, a "recent enough" version of +`tpm2-tools` (5.0 or later) can be used to consume the contents of such logs +and thus rebuild the contents of PCRs [0-9] (and potentially PCRs [11-14]). + +Implementation +---------- + +Keylime can make use of this new capability in a very flexible manner. A +"measured boot reference state" or `mb_refstate` for short can be specified by +the `keylime` operator (i.e. the `tenant`). This operator-provided piece of +information is used, in a fashion similar to the "IMA policy" (previously known +as "allowlist"), by the `keylime_verifier`, to compare the contents of the +information shipped from the `keylime_agent` (boot log in one case, IMA log on +the other), against such reference state. + +Due to the fact that physical node-specific information can be encoded on the +"measured boot log", it became necessary to specify (optionally) a second piece +of information, a "measured boot policy". This information is used to instruct +the `keylime_verifier` on how to do the comparison (e.g., using a regular +expression, rather than a simple equality match). The policy name is specified +in `keylime.conf`, under the `[cloud_verifier]` section of the file, with +paramater named `measured_boot_policy_name`. The default value for it is +`accept-all`, meaning "just don't try to match the contents". + +Whenever a "measured boot reference state" is defined - via a new command-line +option in `keylime_tenant` - `--mb_refstaste`, the following actions will be +taken. + +1) PCRs [0-9] and [11-14] will be included in the quote sent by `keylime_agent` + +2) The `keylime_agent` will also send the contents of +`/sys/kernel/security/tpm0/binary_bios_measurements` + +3) The `keylime_verifier` will replay the boot log from step 2, ensuring the +correct values for PCRs collected in step 1. Again, this is very similar to +what it is done with "IMA logs" and PCR 10. + +4) The very same `keylime_verifier` will take the boot log, now deemed +"attested" and compare it against the "measured boot reference state", +according to the "measured boot policy", causing the attestation to fail if it +does not conform. + +How to use +---------- + +The simplest way to use this new functionality is by +providing an empty "measured boot reference state" and an `accept-all` +"measured boot policy", which will cause the `keylime_verifer` to simply skip +the aforementioned step 4. + +An example follows: + + echo "{}" > measured_boot_reference_state.txt + keylime_tenant -c add -t -v -u --mb_refstate ./measured_boot_reference_state.txt + +Note: please keep in mind that the IMA-specific options can be combined with +the above options in the example, resulting in a configuration where a +`keylime_agent` sent a quote with PCRs [0-15] and both logs (boot and IMA) From 8518bb63d9714483301bd7f331edb017e9ba64c4 Mon Sep 17 00:00:00 2001 From: Marcio Silva Date: Mon, 22 Mar 2021 15:46:01 -0400 Subject: [PATCH 03/13] Simple fix Signed-off-by: Marcio Silva --- docs/user_guide/use_measured_boot.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/user_guide/use_measured_boot.rst b/docs/user_guide/use_measured_boot.rst index 938b3f2..5f83587 100644 --- a/docs/user_guide/use_measured_boot.rst +++ b/docs/user_guide/use_measured_boot.rst @@ -81,6 +81,7 @@ the aforementioned step 4. An example follows: echo "{}" > measured_boot_reference_state.txt + keylime_tenant -c add -t -v -u --mb_refstate ./measured_boot_reference_state.txt Note: please keep in mind that the IMA-specific options can be combined with From 18d074c0ebc560bc62a02f644a65ce74b47bad05 Mon Sep 17 00:00:00 2001 From: Luke Hinds Date: Fri, 10 Jul 2020 14:58:06 +0100 Subject: [PATCH 04/13] Add Apache 2.0 License Signed-off-by: Marcio Silva --- LICENSE | 201 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 LICENSE diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..261eeb9 --- /dev/null +++ b/LICENSE @@ -0,0 +1,201 @@ + Apache License + Version 2.0, January 2004 + http://www.apache.org/licenses/ + + TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION + + 1. Definitions. + + "License" shall mean the terms and conditions for use, reproduction, + and distribution as defined by Sections 1 through 9 of this document. + + "Licensor" shall mean the copyright owner or entity authorized by + the copyright owner that is granting the License. + + "Legal Entity" shall mean the union of the acting entity and all + other entities that control, are controlled by, or are under common + control with that entity. For the purposes of this definition, + "control" means (i) the power, direct or indirect, to cause the + direction or management of such entity, whether by contract or + otherwise, or (ii) ownership of fifty percent (50%) or more of the + outstanding shares, or (iii) beneficial ownership of such entity. + + "You" (or "Your") shall mean an individual or Legal Entity + exercising permissions granted by this License. + + "Source" form shall mean the preferred form for making modifications, + including but not limited to software source code, documentation + source, and configuration files. + + "Object" form shall mean any form resulting from mechanical + transformation or translation of a Source form, including but + not limited to compiled object code, generated documentation, + and conversions to other media types. + + "Work" shall mean the work of authorship, whether in Source or + Object form, made available under the License, as indicated by a + copyright notice that is included in or attached to the work + (an example is provided in the Appendix below). + + "Derivative Works" shall mean any work, whether in Source or Object + form, that is based on (or derived from) the Work and for which the + editorial revisions, annotations, elaborations, or other modifications + represent, as a whole, an original work of authorship. For the purposes + of this License, Derivative Works shall not include works that remain + separable from, or merely link (or bind by name) to the interfaces of, + the Work and Derivative Works thereof. + + "Contribution" shall mean any work of authorship, including + the original version of the Work and any modifications or additions + to that Work or Derivative Works thereof, that is intentionally + submitted to Licensor for inclusion in the Work by the copyright owner + or by an individual or Legal Entity authorized to submit on behalf of + the copyright owner. For the purposes of this definition, "submitted" + means any form of electronic, verbal, or written communication sent + to the Licensor or its representatives, including but not limited to + communication on electronic mailing lists, source code control systems, + and issue tracking systems that are managed by, or on behalf of, the + Licensor for the purpose of discussing and improving the Work, but + excluding communication that is conspicuously marked or otherwise + designated in writing by the copyright owner as "Not a Contribution." + + "Contributor" shall mean Licensor and any individual or Legal Entity + on behalf of whom a Contribution has been received by Licensor and + subsequently incorporated within the Work. + + 2. Grant of Copyright License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + copyright license to reproduce, prepare Derivative Works of, + publicly display, publicly perform, sublicense, and distribute the + Work and such Derivative Works in Source or Object form. + + 3. Grant of Patent License. Subject to the terms and conditions of + this License, each Contributor hereby grants to You a perpetual, + worldwide, non-exclusive, no-charge, royalty-free, irrevocable + (except as stated in this section) patent license to make, have made, + use, offer to sell, sell, import, and otherwise transfer the Work, + where such license applies only to those patent claims licensable + by such Contributor that are necessarily infringed by their + Contribution(s) alone or by combination of their Contribution(s) + with the Work to which such Contribution(s) was submitted. If You + institute patent litigation against any entity (including a + cross-claim or counterclaim in a lawsuit) alleging that the Work + or a Contribution incorporated within the Work constitutes direct + or contributory patent infringement, then any patent licenses + granted to You under this License for that Work shall terminate + as of the date such litigation is filed. + + 4. Redistribution. You may reproduce and distribute copies of the + Work or Derivative Works thereof in any medium, with or without + modifications, and in Source or Object form, provided that You + meet the following conditions: + + (a) You must give any other recipients of the Work or + Derivative Works a copy of this License; and + + (b) You must cause any modified files to carry prominent notices + stating that You changed the files; and + + (c) You must retain, in the Source form of any Derivative Works + that You distribute, all copyright, patent, trademark, and + attribution notices from the Source form of the Work, + excluding those notices that do not pertain to any part of + the Derivative Works; and + + (d) If the Work includes a "NOTICE" text file as part of its + distribution, then any Derivative Works that You distribute must + include a readable copy of the attribution notices contained + within such NOTICE file, excluding those notices that do not + pertain to any part of the Derivative Works, in at least one + of the following places: within a NOTICE text file distributed + as part of the Derivative Works; within the Source form or + documentation, if provided along with the Derivative Works; or, + within a display generated by the Derivative Works, if and + wherever such third-party notices normally appear. The contents + of the NOTICE file are for informational purposes only and + do not modify the License. You may add Your own attribution + notices within Derivative Works that You distribute, alongside + or as an addendum to the NOTICE text from the Work, provided + that such additional attribution notices cannot be construed + as modifying the License. + + You may add Your own copyright statement to Your modifications and + may provide additional or different license terms and conditions + for use, reproduction, or distribution of Your modifications, or + for any such Derivative Works as a whole, provided Your use, + reproduction, and distribution of the Work otherwise complies with + the conditions stated in this License. + + 5. Submission of Contributions. Unless You explicitly state otherwise, + any Contribution intentionally submitted for inclusion in the Work + by You to the Licensor shall be under the terms and conditions of + this License, without any additional terms or conditions. + Notwithstanding the above, nothing herein shall supersede or modify + the terms of any separate license agreement you may have executed + with Licensor regarding such Contributions. + + 6. Trademarks. This License does not grant permission to use the trade + names, trademarks, service marks, or product names of the Licensor, + except as required for reasonable and customary use in describing the + origin of the Work and reproducing the content of the NOTICE file. + + 7. Disclaimer of Warranty. Unless required by applicable law or + agreed to in writing, Licensor provides the Work (and each + Contributor provides its Contributions) on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or + implied, including, without limitation, any warranties or conditions + of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A + PARTICULAR PURPOSE. You are solely responsible for determining the + appropriateness of using or redistributing the Work and assume any + risks associated with Your exercise of permissions under this License. + + 8. Limitation of Liability. In no event and under no legal theory, + whether in tort (including negligence), contract, or otherwise, + unless required by applicable law (such as deliberate and grossly + negligent acts) or agreed to in writing, shall any Contributor be + liable to You for damages, including any direct, indirect, special, + incidental, or consequential damages of any character arising as a + result of this License or out of the use or inability to use the + Work (including but not limited to damages for loss of goodwill, + work stoppage, computer failure or malfunction, or any and all + other commercial damages or losses), even if such Contributor + has been advised of the possibility of such damages. + + 9. Accepting Warranty or Additional Liability. While redistributing + the Work or Derivative Works thereof, You may choose to offer, + and charge a fee for, acceptance of support, warranty, indemnity, + or other liability obligations and/or rights consistent with this + License. However, in accepting such obligations, You may act only + on Your own behalf and on Your sole responsibility, not on behalf + of any other Contributor, and only if You agree to indemnify, + defend, and hold each Contributor harmless for any liability + incurred by, or claims asserted against, such Contributor by reason + of your accepting any such warranty or additional liability. + + END OF TERMS AND CONDITIONS + + APPENDIX: How to apply the Apache License to your work. + + To apply the Apache License to your work, attach the following + boilerplate notice, with the fields enclosed by brackets "[]" + replaced with your own identifying information. (Don't include + the brackets!) The text should be enclosed in the appropriate + comment syntax for the file format. We also recommend that a + file or class name and description of purpose be included on the + same "printed page" as the copyright notice for easier + identification within third-party archives. + + Copyright [yyyy] [name of copyright owner] + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. From b7b575c49dda8a7d972544a090cf3e880b23f071 Mon Sep 17 00:00:00 2001 From: Luke Hinds <7058938+lukehinds@users.noreply.github.com> Date: Wed, 7 Oct 2020 11:49:19 +0100 Subject: [PATCH 05/13] Create MAINTAINERS Signed-off-by: Marcio Silva --- MAINTAINERS | 3 +++ 1 file changed, 3 insertions(+) create mode 100644 MAINTAINERS diff --git a/MAINTAINERS b/MAINTAINERS new file mode 100644 index 0000000..d4f5a75 --- /dev/null +++ b/MAINTAINERS @@ -0,0 +1,3 @@ +@lukehinds +@font +@axelsimon From c019e1529158d451847f339a88eb7bfc5cf9daf5 Mon Sep 17 00:00:00 2001 From: axelsimon Date: Fri, 18 Sep 2020 16:50:20 +0200 Subject: [PATCH 06/13] Secure payload documentaton, based on Luke and Nabil's work Signed-off-by: Marcio Silva --- docs/user_guide/encrypted_payload.rst | 6 - docs/user_guide/secure_payload.rst | 233 ++++++++++++++++++++++++++ 2 files changed, 233 insertions(+), 6 deletions(-) delete mode 100644 docs/user_guide/encrypted_payload.rst create mode 100644 docs/user_guide/secure_payload.rst diff --git a/docs/user_guide/encrypted_payload.rst b/docs/user_guide/encrypted_payload.rst deleted file mode 100644 index 3143fa8..0000000 --- a/docs/user_guide/encrypted_payload.rst +++ /dev/null @@ -1,6 +0,0 @@ -Encrypted Payloads -================== - -.. warning:: - This page is still under development and not complete. It will be so until - this warning is removed. diff --git a/docs/user_guide/secure_payload.rst b/docs/user_guide/secure_payload.rst new file mode 100644 index 0000000..ea724d4 --- /dev/null +++ b/docs/user_guide/secure_payload.rst @@ -0,0 +1,233 @@ +Secure Payloads +================ + +.. warning:: + This page is still under development and not complete. It will be so until + this warning is removed. + +Secure payloads offer the ability to provision encrypted data to an enrolled node. +This encrypted data can be used to deliver secrets needed by the node such as +keys, passwords, certificate roots of trust, etc. + +Secure payloads are for anything which requires strong confidentiality and +integrity to bootstrap your system. + +The payload itself is encrypted and sent via the Keylime Tenant CLI (or rest API) +to the Keylime Agent. The Agent also sends part of the key needed to decrypt the +payload, a key share, called the `u_key` or user key. Only when the Agent has +passed its enrolment criteria (including any `tpm_policy` or IMA whitelist), +will the other key share of the decryption key, called the `v_key` or verification +key, be passed to the Agent by the Keylime Verifier to decrypt the payload. + +.. note:: An alternative to secure payloads is to deliver the encrypted data to + the node through some other mechanism like `cloud-init` or pre-embedded in a + disk image. The Keylime protocol described above will still run to derive + the decryption key for this data, but the data itself will never been seen + or transported by Keylime. This guide does not discuss this method. + +Keylime offers two modes for sending secure payloads: single file encryption +and certificate package mode. In the following sections we describe each. If +you're interested in using the more advanced certificate package mode, we +recommend you also read the Single File Encryption section as it contains +configuration options and other information that both modes share. + +Single File Encryption +---------------------- + +In this mode, a file you specify to the `keylime_tenant` application with the +`-f` option will be encrypted by the Tenant using the bootstrap key and securely +delivered to the Agent. Once the Keylime protocol with the Tenant and Verifier +has completed, the Keylime Agent will decrypt this file and place it in +`/var/lib/keylime/secure/decrypted_payload` This is the default file name, but +you can adjust the name of this file using the `dec_payload_file` option in +`keylime.conf`. You can also optionally specify a zip file as the file to be +securely delivered. If the `extract_payload_zip` option in `keylime.conf` is +set (which it is by default), then Keylime will automatically extract the zip +file to `/var/lib/keylime/secure/unzipped`. Finally, Keylime can also execute a +script contained in the zip file once it has been unzipped. You can think of +this like a very simple form of `cloud-init `_. +By default this script is called `autorun.sh`. You can configure this to some +other script with the `payload_script` option in `keylime.conf`. Note that this +script must be contained in the encrypted zip file and must be located in +`/var/lib/keylime/secure/unzipped`. + +Because the keys that Keylime uses to decrypt the data and the decrypted data +itself are very sensitive, Keylime will only write those files to the +memory-backed (and therefore non-persistent) `/var/lib/keylime/secure` +directory. This is a bind-mounted tmpfs partition. As such, depending on how +large your payload is, you may need to increase the size of this mounted +partition by adjusting the `secure_size` option in `keylime.conf`. + +This simple mode of operation is suitable for many situations where the secrets +and other bootstrapping information is basic. However, there are several +features that Keylime supports like revocation and certificate management that +do not work in this mode. For those, you'll need the next mode: Certificate +Package Mode. + + +Certificate Package Mode +------------------------ + +This mode of Keylime automates many common actions that tenants will want to do +when provisioning their Agents. First, Keylime can create an X509 certificate +authority (CA) and then issue certificates and corresponding private keys to each +provisioned node. This CA lives on the tenant and can be used to bootstrap many +other security solutions like mutual TLS or SSH. To use this mode, pass +the `--cert` option and a directory where the CA is located as the parameter to +this option. Keylime will then create a certificate for the node (with the common +name set to the Agent's UUID) and then create a zip file containing the newly +generated X509 certificates, trust roots, and private keys. It then uses the +same process for single file encryption as described above to securely deliver +all the keys to the Agent. Optionally, the user can specify with the `--include` +option a directory of additional files to be put into the certification package zip +and securely delivered to the Agent. + +This mode of operation also natively supports certificate revocation. If the Keylime +Verifier detects an Agent that no longer satisfies its integrity policy (e.g., it booted +an authorized kernel or ran an unauthorized binary not on the IMA whitelist), it +will create a signed revocation notification. These revocation notifications are +signed by a special certificate/private key called the RevocationNotifier. Keylime +will automatically create this certificate and pass it to the verifier when you add +a new Agent to the verifier. Keylime will also include the public certificate for +this key in the zip it sends to the Agent. This way Agents can validate the +revocation notifications they receive from the verifier. + +By default all Keylime Agents listen for these revocation notifications (see +the `listen_notifications` option in `keylime.conf`). Using the keys in the +unzipped certificate package, Agents can check that the revocations are valid. +Keylime Agents can also take actions in response to a valid revocation. +You can configure these actions by putting additional files into the delivered zip +file using `--include`. + +Revocation actions are small Python scripts that will run on an Agent when a valid +revocation is received. They should contain an `execute` function that takes +one argument. This argument is a Python dictionary of metadata that can be used +to tailor what the revocation action does. In the cert package mode, Keylime +will specify the certificate serial number and common name (aka UUID) of the node +that has failed its integrity check inside this metadata passed to the revocation +action. For example, you can use this info to revoke the the offending X509 +certificate. + +One subtlety to revocation actions is that they are not intended for the Agent +that has been revoked. If an Agent has failed its integrity check, then we +really can't trust that it won't ignore the revocations and do arbitrarily +malicious things. So, revocation actions are for other well-behaving Agents in +the system to take action against the revoked Agent. For example, by revoking +its certificate as described above or blacklisting it from the network, etc. + +There are several revocation actions implemented in Keylime that you can look at +to get an idea of how to write your own. See the files starting with `local_action` +in https://github.com/keylime/keylime/tree/master/auto-ipsec/libreswan/src + +There are some conventions to specifying revocation actions. As described above, +their names must start with `local_action` to be executed. They also must be +listed (without `.py` extensions) in a comma separated list in a file called +`action_list` in the zip file. For example to run `local_action_a.py` and +`local_action_b.py` the `action_list` file should contain `local_action_a,local_action_b`. + +So far we've described all the details of this in fine detail, but much of this +automation will happen by default. + +Certificate Package Example +--------------------------- + +Let's put all of the above together with an example. + +For the following example, we will provision some SSH keys onto the Agent. + +1. Create a directory to host the files and `autorun.sh` script. For this example, we will use the directory `payload` +2. Create an `autorun.sh` script in the `payload` directory: + +``` +#!/bin/bash + +# this will make it easier for us to find our own cert +ln -s `ls *-cert.crt | grep -v Revocation` mycert.crt + +mkdir -p /root/.ssh/ +cp payload_id_rsa* /root/.ssh/ +chmod 600 /root/.ssh/payload_id_rsa* +``` + +3. Copy the files you wish to provision into the `payload` directory. + +``` +$ ls payload/ +autorun.sh +payload_id_rsa.pub +payload_id_rsa +``` + +Send the files using the Keylime Tenant tool: + +``` +keylime_tenant -t --cert myca --include payload +``` + +Recall that the `--cert` option tells Keylime to create a certificate authority +at the default location `/var/lib/keylime/ca` and give this machine an X509 +identity with its UUID. Keylime will also create a revocation notifier +certificate for this CA and make it available to the verifier. Finally, the +`--include` option tells Keylime to securely deliver the files in the specified +directory (`payload` in our case) along with the X509 certs to the targeted +Agent machine. + +If the enrolment was been successful, you will be able to see the contents of +the `payload` directory in `/var/lib/keylime/secure/unzipped` along with the +certs and included files. You should also see the SSH keys we included made in +`/root/.ssh` directory from where the autorun.sh script was ran. + +Now, let's extend this example with revocation. In this example, we're going to +execute a simple revocation action on the node that was revoked. + +It is also possible to configure scripts for execution should a node fail any +given criteria (IMA measurements, for example). + +To configure this, we will use our `payload` directory again. + +First create a Python script with the preface of `local_action` + +For example `local_action_rm_ssh.py` + +Within this script create an `execute` function: + +``` +import os +from M2Crypto import X509 +import keylime.secure_mount as secure_mount + +async def execute(json_revocation): + if json_revocation['type']!='revocation': + return + + serial = revocation.get("metadata",{}).get("cert_serial",None) + if revocation.get('type',None) != 'revocation' or serial is None: + logger.error("Unsupported revocation message: %s"%revocation) + + # load up my own cert + secdir = secure_mount.mount() + ca = X509.load_cert('%s/unzipped/mycert.crt'%secdir) + + # is this revocation meant for me? + if serial === mycert.get_serial_number(): + os.remove("/root/.ssh/payload_id_rsa") + os.remove("/root/.ssh/payload_id_rsa.pub") +``` + +Next create the `payload` directory the `action_list` file containing +`local_action_rm_ssh` (remember not to put the `.py` extension). + +.. warning:: + In the above example, the node that fails its integrity check is the same one + that we're expecting to run the revocation action to delete the key. Since + the node is potentially compromised, we really can't expect that it will + actually do this and not just ignore the revocation. A more realistic + scenario for SSH keys is to provision one node with the SSH key generated + as above, then provision a second server and add `payload_id_rsa.pub` to `.ssh/authorized_keys` + using an autorun script. At this point, you can SSH from the first server to + the second one. Should the first machine fail its integrity, then an + revocation action on the second server can remove the compromised first + machine from its list of Secure machines in `.ssh/authorized_keys` + +Many actions can be executed based on CA revocation. For more details +and examples, please refer to the `Agent Revocation`_ page. From aa65142ea4940b9ab5728b31ccfc55a6e6e59c76 Mon Sep 17 00:00:00 2001 From: axelsimon Date: Fri, 18 Sep 2020 17:10:58 +0200 Subject: [PATCH 07/13] Rname document to the right name, incorporate changes suggested by mpeters Signed-off-by: Marcio Silva --- ...secure_payload.rst => secure_payloads.rst} | 42 ++++++++++--------- 1 file changed, 22 insertions(+), 20 deletions(-) rename docs/user_guide/{secure_payload.rst => secure_payloads.rst} (86%) diff --git a/docs/user_guide/secure_payload.rst b/docs/user_guide/secure_payloads.rst similarity index 86% rename from docs/user_guide/secure_payload.rst rename to docs/user_guide/secure_payloads.rst index ea724d4..e44d7f3 100644 --- a/docs/user_guide/secure_payload.rst +++ b/docs/user_guide/secure_payloads.rst @@ -45,10 +45,11 @@ securely delivered. If the `extract_payload_zip` option in `keylime.conf` is set (which it is by default), then Keylime will automatically extract the zip file to `/var/lib/keylime/secure/unzipped`. Finally, Keylime can also execute a script contained in the zip file once it has been unzipped. You can think of -this like a very simple form of `cloud-init `_. -By default this script is called `autorun.sh`. You can configure this to some -other script with the `payload_script` option in `keylime.conf`. Note that this -script must be contained in the encrypted zip file and must be located in +this as a very simple form of `cloud-init `_. +By default this script is called `autorun.sh`. You can override this default +with a different script name by adjusting the `payload_script` option in +`keylime.conf`. Note also that this script must be contained in the encrypted +zip file, from which it will be extraced and then placed in `/var/lib/keylime/secure/unzipped`. Because the keys that Keylime uses to decrypt the data and the decrypted data @@ -59,7 +60,7 @@ large your payload is, you may need to increase the size of this mounted partition by adjusting the `secure_size` option in `keylime.conf`. This simple mode of operation is suitable for many situations where the secrets -and other bootstrapping information is basic. However, there are several +and other bootstrapping information are basic. However, there are several features that Keylime supports like revocation and certificate management that do not work in this mode. For those, you'll need the next mode: Certificate Package Mode. @@ -68,19 +69,20 @@ Package Mode. Certificate Package Mode ------------------------ -This mode of Keylime automates many common actions that tenants will want to do -when provisioning their Agents. First, Keylime can create an X509 certificate -authority (CA) and then issue certificates and corresponding private keys to each -provisioned node. This CA lives on the tenant and can be used to bootstrap many -other security solutions like mutual TLS or SSH. To use this mode, pass -the `--cert` option and a directory where the CA is located as the parameter to -this option. Keylime will then create a certificate for the node (with the common -name set to the Agent's UUID) and then create a zip file containing the newly -generated X509 certificates, trust roots, and private keys. It then uses the -same process for single file encryption as described above to securely deliver -all the keys to the Agent. Optionally, the user can specify with the `--include` -option a directory of additional files to be put into the certification package zip -and securely delivered to the Agent. +This mode of Keylime automates many common actions that tenants will want to +take when provisioning their Agents. First, Keylime can create an X509 +certificate authority (CA) using `keylime_ca -d listen` and then issue +certificates and the corresponding private keys to each provisioned node. This +CA lives on the same host where the tenant issues the `keylime_ca` command and +can be used to bootstrap many other security solutions like mutual TLS or SSH. +To use this mode, pass the `--cert` option and a directory where the CA is +located as the parameter to this option. Keylime will then create a certificate +for the node (with the common name set to the Agent's UUID) and then create a +zip file containing the newly generated X509 certificates, trust roots, and +private keys. It then uses the same process for single file encryption as +described above to securely deliver all the keys to the Agent. Optionally, the +user can specify with the `--include` option a directory of additional files to +be put into the certification package zip and securely delivered to the Agent. This mode of operation also natively supports certificate revocation. If the Keylime Verifier detects an Agent that no longer satisfies its integrity policy (e.g., it booted @@ -196,8 +198,8 @@ import os from M2Crypto import X509 import keylime.secure_mount as secure_mount -async def execute(json_revocation): - if json_revocation['type']!='revocation': +async def execute(event): + if event['type']!='revocation': return serial = revocation.get("metadata",{}).get("cert_serial",None) From 853067e795f9f302f606ad7f09d9ebab4fcc6425 Mon Sep 17 00:00:00 2001 From: Michael Peters Date: Mon, 19 Oct 2020 09:50:20 -0400 Subject: [PATCH 08/13] Rename whitelist -> allowlist Now that the code change has merged, updating the documentation to reflect this. Signed-off-by: Marcio Silva --- docs/rest_apis.rst | 2 +- docs/user_guide/runtime_ima.rst | 48 +++++++++---------- docs/user_guide/secure_payloads.rst | 14 +++--- .../user_selected_pcr_monitoring.rst | 10 ++-- 4 files changed, 37 insertions(+), 37 deletions(-) diff --git a/docs/rest_apis.rst b/docs/rest_apis.rst index ff17d4e..09cd703 100644 --- a/docs/rest_apis.rst +++ b/docs/rest_apis.rst @@ -38,7 +38,7 @@ Cloud verifier (CV) “tpm_policy” : json, “vtpm_policy” : json, “metadata” : json, - “ima_whitelist” : json, + “allowlist” : json, “accept_tpm_hash_algs”: list, “accept_tpm_encryption_algs”: list, “accept_tpm_signing_algs”: list, diff --git a/docs/user_guide/runtime_ima.rst b/docs/user_guide/runtime_ima.rst index 1a01e03..e3aa184 100644 --- a/docs/user_guide/runtime_ima.rst +++ b/docs/user_guide/runtime_ima.rst @@ -47,49 +47,49 @@ You can then verify IMA is measuring your system:: 10 7efd8e2a3da367f2de74b26b84f20b37c692b9f9 ima-ng sha1:af78ea0b455f654e9237e2086971f367b6bebc5f /usr/lib/systemd/libsystemd-shared-239.so 10 784fbf69b54c99d4ae82c0be5fca365a8272414e ima-ng sha1:b0c601bf82d32ff9afa34bccbb7e8f052c48d64e /etc/ld.so.cache -Keylime IMA whitelists +Keylime IMA allowlists ---------------------- -A whitelist is a set of "golden" cryptographic hashes of a files un-tampered +An allowlist is a set of "golden" cryptographic hashes of a files un-tampered state. -The structure of the white list is a hash followed by a full POSIX path to the +The structure of the allowlist is a hash followed by a full POSIX path to the file:: ffe3ad4c395985d143bd0e45a9a1dd09aac21b91 /path/to/file -Keylime will load the whitelist into the Keylime Verifier. Keylime will then +Keylime will load the allowlist into the Keylime Verifier. Keylime will then poll tpm quotes to `PCR 10` on the agents TPM and validate the agents file(s) -state against the whitelist. If the object has been tampered with, the hashes +state against the allowlist. If the object has been tampered with, the hashes will not match and Keylime will place the agent into a failed state. Likewise, if any files invoke the actions stated in `ima-policy` that are not matched in -the whitelist, keylime will place the agent into a failed state. +the allowlist, keylime will place the agent into a failed state. -Generate a whitelist +Generate an allowlist ~~~~~~~~~~~~~~~~~~~~ -Keylime provides a script to generate whitelists from `initramfs`, but this is +Keylime provides a script to generate allowlists from `initramfs`, but this is only a guide. We encourage developers / users of Keylime to be creative and come -up with their own process for securely creating and maintaining a whitelist. +up with their own process for securely creating and maintaining an allowlist. -The `create_whitelist.sh` script is `available here `_ +The `create_allowlist.sh` script is `available here `_ Run the script as follows:: - # create_whitelist.sh whitelist.txt [hash-algo] + # create_allowlist.sh allowlist.txt [hash-algo] With `[hash-algo]` being `sha1sum`, `sha256sum` (note, you need the OpenSSL app installed to have the shasum CLI applications available). -This will then result in `whitelist.txt` being available for Agent provisioning. +This will then result in `allowlist.txt` being available for Agent provisioning. .. warning:: - It’s best practice to create the whitelist in a secure environment. Ideally, + It’s best practice to create the allowlist in a secure environment. Ideally, this should be on a fully encrypted, air gapped computer that is permanently - isolated from the Internet. Disable all network cards and sign the whitelist + isolated from the Internet. Disable all network cards and sign the allowlist hash to ensure no tampering occurs when transferring to other machines. -Alongside building a whitelist from `initramfs`, you could also generate good +Alongside building an allowlist from `initramfs`, you could also generate good hashes for your applications files or admin scripts that will run on the remotely attested machine. @@ -107,38 +107,38 @@ regular expressions. For example the `tmp` directory can be ignored using:: Remotely Provision Agents ~~~~~~~~~~~~~~~~~~~~~~~~~ -Now that we have our whitelist available, we can send it to the verifier. +Now that we have our allowlist available, we can send it to the verifier. .. note:: If you're using a TPM Emulator (for example with the ansible-keylime-tpm-emulator, you will also need to run the keylime ima emulator. To do this, open a terminal and run `keylime_ima_emulator` -Using the `keylime_tenant` we can send the whitelist and our excludes list as +Using the `keylime_tenant` we can send the allowlist and our excludes list as follows:: - keylime_tenant -v -t -f /path/excludes.txt --uuid D432FBB3-D2F1-4A97-9EF7-75BD81C00000 --whitelist /path/whitelist.txt --exclude /path/excludes.txt + keylime_tenant -v -t -f /path/excludes.txt --uuid D432FBB3-D2F1-4A97-9EF7-75BD81C00000 --allowlist /path/allowlist.txt --exclude /path/excludes.txt .. note:: If your agent is already registered, you can use `-c update` -Should you prefer, you can set the values `ima_whitelist` & `ima_excludelist` +Should you prefer, you can set the values `allowlist` & `ima_excludelist` within `/etc/keylime.conf`, you can then use `default` as follows:: - `keylime_tenant -v 127.0.0.1 -t neptune -f /root/excludes.txt --uuid D432FBB3-D2F1-4A97-9EF7-75BD81C00000 --whitelist default --exclude default` + `keylime_tenant -v 127.0.0.1 -t neptune -f /root/excludes.txt --uuid D432FBB3-D2F1-4A97-9EF7-75BD81C00000 --allowlist default --exclude default` -The whitelist can also be uploaded using the WebApp: +The allowlist can also be uploaded using the WebApp: -.. image:: ../images/whitelist_ui.png +.. image:: ../images/allowlist_ui.png How can I test this? -------------------- Create a script that does anything (for example `echo "hello world"`) that is not -present in your whitelist or the excludes list. Run the script as root on the +present in your allowlist or the excludes list. Run the script as root on the agent machine. You will then see the following output on the verifier showing the agent status change to failed:: keylime.tpm - INFO - Checking IMA measurement list... - keylime.ima - WARNING - File not found in whitelist: /root/evil_script.sh + keylime.ima - WARNING - File not found in allowlist: /root/evil_script.sh keylime.ima - ERROR - IMA ERRORS: template-hash 0 fnf 1 hash 0 good 781 keylime.cloudverifier - WARNING - agent D432FBB3-D2F1-4A97-9EF7-75BD81C00000 failed, stopping polling diff --git a/docs/user_guide/secure_payloads.rst b/docs/user_guide/secure_payloads.rst index e44d7f3..c1b2c23 100644 --- a/docs/user_guide/secure_payloads.rst +++ b/docs/user_guide/secure_payloads.rst @@ -6,16 +6,16 @@ Secure Payloads this warning is removed. Secure payloads offer the ability to provision encrypted data to an enrolled node. -This encrypted data can be used to deliver secrets needed by the node such as +This encrypted data can be used to deliver secrets needed by the node such as keys, passwords, certificate roots of trust, etc. Secure payloads are for anything which requires strong confidentiality and integrity to bootstrap your system. The payload itself is encrypted and sent via the Keylime Tenant CLI (or rest API) -to the Keylime Agent. The Agent also sends part of the key needed to decrypt the +to the Keylime Agent. The Agent also sends part of the key needed to decrypt the payload, a key share, called the `u_key` or user key. Only when the Agent has -passed its enrolment criteria (including any `tpm_policy` or IMA whitelist), +passed its enrolment criteria (including any `tpm_policy` or IMA allowlist), will the other key share of the decryption key, called the `v_key` or verification key, be passed to the Agent by the Keylime Verifier to decrypt the payload. @@ -48,8 +48,8 @@ script contained in the zip file once it has been unzipped. You can think of this as a very simple form of `cloud-init `_. By default this script is called `autorun.sh`. You can override this default with a different script name by adjusting the `payload_script` option in -`keylime.conf`. Note also that this script must be contained in the encrypted -zip file, from which it will be extraced and then placed in +`keylime.conf`. Note also that this script must be contained in the encrypted +zip file, from which it will be extraced and then placed in `/var/lib/keylime/secure/unzipped`. Because the keys that Keylime uses to decrypt the data and the decrypted data @@ -86,7 +86,7 @@ be put into the certification package zip and securely delivered to the Agent. This mode of operation also natively supports certificate revocation. If the Keylime Verifier detects an Agent that no longer satisfies its integrity policy (e.g., it booted -an authorized kernel or ran an unauthorized binary not on the IMA whitelist), it +an authorized kernel or ran an unauthorized binary not on the IMA allowlist), it will create a signed revocation notification. These revocation notifications are signed by a special certificate/private key called the RevocationNotifier. Keylime will automatically create this certificate and pass it to the verifier when you add @@ -232,4 +232,4 @@ Next create the `payload` directory the `action_list` file containing machine from its list of Secure machines in `.ssh/authorized_keys` Many actions can be executed based on CA revocation. For more details -and examples, please refer to the `Agent Revocation`_ page. +and examples, please refer to the `Agent Revocation`_ page. diff --git a/docs/user_guide/user_selected_pcr_monitoring.rst b/docs/user_guide/user_selected_pcr_monitoring.rst index 871e1f5..8299427 100644 --- a/docs/user_guide/user_selected_pcr_monitoring.rst +++ b/docs/user_guide/user_selected_pcr_monitoring.rst @@ -25,7 +25,7 @@ Or you can add a node to using `keylime_tenant`:: keylime_tenant -v 127.0.0.1 -t 127.0.0.1 -f /root/excludes.txt \ --uuid D432FBB3-D2F1-4A97-9EF7-75BD81C00000 \ - --whitelist /root/whitelist.txt \ + --allowlist /root/allowlist.txt \ --exclude /root/exclude.txt \ --tpm_policy {"22":["0000000000000000000000000000000000000001","0000000000000000000000000000000000000000000000000000000000000001","000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001","ffffffffffffffffffffffffffffffffffffffff","ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff","ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"],"15":["0000000000000000000000000000000000000000","0000000000000000000000000000000000000000000000000000000000000000","000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"]} \ -c add @@ -50,10 +50,10 @@ PCR7: - DBX - the system blacklist, logged as "dbx" - MokListX - the Mok blacklist, logged as "MokListX" - vendor_dbx - shim's built-in vendor blacklist, logged as "dbx" - - DB - the system whitelist, logged as "db" - - MokList the Mok whitelist, logged as "MokList" - - vendor_cert - shim's built-in vendor whitelist, logged as "Shim" - - shim_cert - shim's build-time generated whitelist, logged as "Shim" + - DB - the system allowlist, logged as "db" + - MokList the Mok allowlist, logged as "MokList" + - vendor_cert - shim's built-in vendor allowlist, logged as "Shim" + - shim_cert - shim's build-time generated allowlist, logged as "Shim" - MokSBState will be extended into PCR7 if it is set, logged as "MokSBState". From a1c05a28b3e5a3d0eb3bf37644459626c1869bf0 Mon Sep 17 00:00:00 2001 From: Michael Peters Date: Thu, 22 Oct 2020 09:44:44 -0400 Subject: [PATCH 09/13] Minor doc updates * Clarify that tpm_policy is a JSON datastructure * Rename "blacklist" to something clearer Signed-off-by: Marcio Silva --- docs/user_guide/secure_payloads.rst | 2 +- docs/user_guide/user_selected_pcr_monitoring.rst | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/user_guide/secure_payloads.rst b/docs/user_guide/secure_payloads.rst index c1b2c23..b9c845c 100644 --- a/docs/user_guide/secure_payloads.rst +++ b/docs/user_guide/secure_payloads.rst @@ -115,7 +115,7 @@ that has been revoked. If an Agent has failed its integrity check, then we really can't trust that it won't ignore the revocations and do arbitrarily malicious things. So, revocation actions are for other well-behaving Agents in the system to take action against the revoked Agent. For example, by revoking -its certificate as described above or blacklisting it from the network, etc. +its certificate as described above or firewalling it from the network, etc. There are several revocation actions implemented in Keylime that you can look at to get an idea of how to write your own. See the files starting with `local_action` diff --git a/docs/user_guide/user_selected_pcr_monitoring.rst b/docs/user_guide/user_selected_pcr_monitoring.rst index 8299427..5aad922 100644 --- a/docs/user_guide/user_selected_pcr_monitoring.rst +++ b/docs/user_guide/user_selected_pcr_monitoring.rst @@ -17,7 +17,7 @@ How to use Select which PCRs you would like Keylime to measure, by using the `tpm2_pcrread` from the `tpm2-tools `_ tool. -Now you can set the PCR values as an array in either the `keylime.conf` file:: +Now you can set the PCR values as a JSON data structure in either the `keylime.conf` file:: tpm_policy = {"22":["0000000000000000000000000000000000000001","0000000000000000000000000000000000000000000000000000000000000001","000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001","ffffffffffffffffffffffffffffffffffffffff","ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff","ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff"],"15":["0000000000000000000000000000000000000000","0000000000000000000000000000000000000000000000000000000000000000","000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"]} @@ -47,9 +47,9 @@ PCR4: PCR7: - Any certificate in one of our certificate databases that matches a binary we try to load will be extended into PCR7. That includes: - - DBX - the system blacklist, logged as "dbx" - - MokListX - the Mok blacklist, logged as "MokListX" - - vendor_dbx - shim's built-in vendor blacklist, logged as "dbx" + - DBX - the system denylist, logged as "dbx" + - MokListX - the Mok denylist, logged as "MokListX" + - vendor_dbx - shim's built-in vendor denylist, logged as "dbx" - DB - the system allowlist, logged as "db" - MokList the Mok allowlist, logged as "MokList" - vendor_cert - shim's built-in vendor allowlist, logged as "Shim" From cd2e526e8a13fb98b3e8ca17726ccdbce3bb9860 Mon Sep 17 00:00:00 2001 From: axelsimon Date: Tue, 20 Oct 2020 18:47:00 +0100 Subject: [PATCH 10/13] Update User Guide page to link to secure payloads doc Signed-off-by: axelsimon Signed-off-by: Marcio Silva --- docs/user_guide.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user_guide.rst b/docs/user_guide.rst index c38675b..47296bf 100644 --- a/docs/user_guide.rst +++ b/docs/user_guide.rst @@ -8,6 +8,6 @@ User Guide user_guide/user_selected_pcr_monitoring.rst user_guide/runtime_ima.rst - user_guide/encrypted_payload.rst + user_guide/secure_payload.rst user_guide/revocation.rst user_guide/use_pre_created_ek.rst From f1cd685f117b28e3e04d8d46010e5fb32f4911e0 Mon Sep 17 00:00:00 2001 From: kaifeng Date: Wed, 4 Nov 2020 11:07:12 +0800 Subject: [PATCH 11/13] Fix incorrect api doc A few api description is not aligned with code. Signed-off-by: Marcio Silva --- docs/rest_apis.rst | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/rest_apis.rst b/docs/rest_apis.rst index 09cd703..efe3de1 100644 --- a/docs/rest_apis.rst +++ b/docs/rest_apis.rst @@ -15,7 +15,7 @@ RESTful API for Keylime (v2) ---------------------------- Cloud verifier (CV) -~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~~~~~ .. http:get:: /v2/agents/{agent_id:UUID} @@ -89,7 +89,7 @@ Cloud Agent “payload”: b64, (opt) } -.. http:get:: /v2/keys/pubkey +.. http:get:: /v2/keys/verify Get confirmation of bootstrap key derivation @@ -97,7 +97,7 @@ Cloud Agent .. sourcecode:: js - challenge : int + challenge : string .. http:get:: /v2/quotes/integrity @@ -134,8 +134,8 @@ Cloud Agent /v2/quotes/identity?nonce=# -Cloud verifier (CV) -~~~~~~~~~~~~~~~~~~ +Cloud Registrar +~~~~~~~~~~~~~~~ .. http:get:: /v2/agents/ From 40157182a276ad1818368d62f44e9abc0532a5e2 Mon Sep 17 00:00:00 2001 From: Marcio Silva Date: Wed, 22 Sep 2021 09:47:16 -0400 Subject: [PATCH 12/13] Fixed the title Signed-off-by: Marcio Silva --- docs/user_guide/use_pre_created_ek.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user_guide/use_pre_created_ek.rst b/docs/user_guide/use_pre_created_ek.rst index dc696ba..255272c 100644 --- a/docs/user_guide/use_pre_created_ek.rst +++ b/docs/user_guide/use_pre_created_ek.rst @@ -1,4 +1,4 @@ -User Selected PCR Monitoring +Use pre created EK ============================ .. warning:: From b1badd8fe822fb06d830184aba34051218d8743c Mon Sep 17 00:00:00 2001 From: Marcio Silva Date: Wed, 22 Sep 2021 09:53:09 -0400 Subject: [PATCH 13/13] Small fix for pre-created EK Signed-off-by: Marcio Silva --- docs/user_guide/use_pre_created_ek.rst | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/user_guide/use_pre_created_ek.rst b/docs/user_guide/use_pre_created_ek.rst index 255272c..6fdb100 100644 --- a/docs/user_guide/use_pre_created_ek.rst +++ b/docs/user_guide/use_pre_created_ek.rst @@ -5,7 +5,6 @@ Use pre created EK This page is still under development and not complete. It will be so until this warning is removed. - Introduction ------------