Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
tpm [2020-02-19 07:36] – [Pro uživatele MS Windows] xsvenda | tpm [2024-04-02 16:03] (current) – xsvenda | ||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== | + | ====== |
- | <callout type="success" | + | ~~NOTOC~~ |
+ | <text size="large"> | ||
+ | The goal of the research is to get a better understanding of the Trusted Platform Modules ecosystem. Such information is vital for the designers and developers using this technology, allowing them to answer questions like What fraction of devices has a TPM chip? Which cryptographic algorithms are widely supported? What is the overhead of computing a digital signature? | ||
- | <callout type="primary" icon=" | + | The research consists of two primary |
+ | - **Collection of raw data about TPM chips** deployed in real-world devices like notebooks, desktops, and servers (the part we are asking you for kind help with). | ||
+ | - **Analysis of the data collected to provide insight into the TPM ecosystem** (done by us, resulting in a summary of the most important findings, scientific paper, and research dataset available for replicability and further research). | ||
+ | </text> | ||
- | ===== Pro uživatele MS Windows | + | <TEXT align=" |
- | **Výzkumný cíl:** Dlouhodobý sběr PCR registrů a jejich vývoj v čase | + | <button type=" |
+ | <button type=" | ||
+ | </ | ||
+ | ===== How to collect data via Live Bootable Image | ||
- | Postup: | + | The data collection consists of 3 principal steps: |
- | | + | |
- | | + | |
- | * Spuštění vytvoří pravidelně spouštěnou úlohu | + | - Send collected data (anonymous upload, email) |
- | * 1x denně (19:00) uloží PCR vašeho počítače do souboru (nechte prosím běžet, máme zájem o co nejdelší časový úsek) | + | * (step 2., and 3., can be repeated for multiple computers; no need to create a USB drive again) |
- | * Vytváří soubory ve tvaru PCR_datum_čas.txt, | + | |
- | * Vytváří soubor PCR_measurements_náhodnéčíslo.zip, | + | |
- | * Po prvním spuštění prosím zašlete PCR_measurements.zip na svenda@fi.muni.cz | + | |
- | * Po 2-3 týdnech vás poprosím zaslání dodatečného meření (opět soubor PCR_measurements.zip) | + | |
- | Dodatečný sběr veřejných klíčů: | + | ---- |
- | * Informace jsou dostupné zde: https:// | + | |
- | ===== Pro uživatele Linux ===== | + | <panel type=" |
- | **Výzkumný cíl:** Analýza rychlosti TPM čipu a testovacích klíčů | + | |
- | Postup: | + | <text type=" |
- | * Přečtěte si návod na https://github.com/ | + | Duration: The preparation of a bootable device will take approximately 20 minutes to download the image and 10 minutes to set up. |
- | * Pokud nemáte, nainstalujte si docker | + | </text> |
- | * Stáhněte si [[https:// | + | |
- | * Spusťte ' | + | |
- | * Nástroj provede analýzu rychlosti vašeho TPM čipu a vygeneruje sadu testovacích klíčů (RSA/ECC) | + | |
- | * Po dokončení běhu scriptu (cca 2-3 hodiny, ale velmi malé zatížení CPU) zašlete out.zip na xstruk@fi.muni.cz (Simon Struk) | + | |
- | * Měření je jednorázové, | + | |
- | + | ||
+ | - Prepare an empty USB drive with at least 4GB size (IMPORTANT: all content will be erased) | ||
+ | - Download live USB image: [[https:// | ||
+ | - Download and install [[https:// | ||
+ | - Run Balena Etcher, click //Select image// and browse for previously downloaded algtest-usb-disk.img on your disk | ||
+ | - Insert empty USB drive, click //Select target//, and pick the USB disk | ||
+ | * (double-check that the displayed drive is your intended USB drive – check the label and check size) | ||
+ | - Click //Flash!// and wait approximately 5 minutes until flashing is completed. | ||
+ | <TEXT align=" | ||
+ | < | ||
+ | </ | ||
+ | <row> | ||
+ | <col xs=" | ||
+ | <col xs=" | ||
+ | </ | ||
+ | </ | ||
+ | |||
+ | |||
+ | <panel type=" | ||
+ | |||
+ | <text type=" | ||
+ | Duration: Running the Fedora-based system from the bootable device and data collection will take approximately 1-3 hours (8 at most). | ||
+ | </ | ||
+ | * Place your computer in a steady location (on the desk) and plug-in the power cable. | ||
+ | * Insert the installed USB drive from step 1 into the computer and restart your machine. | ||
+ | * If prompted, select boot from USB device instead of standard disk. Select //Start Fedora-algtest-Live 37// boot option. | ||
+ | {{ : | ||
+ | <TEXT align=" | ||
+ | * Wait until the Fedora-based TPM testing system is booted. Read the summary of the data we are collecting. | ||
+ | {{ : | ||
+ | <TEXT align=" | ||
+ | * Press the //Start basic test// button | ||
+ | * Check that test has started and is running (Log window contains ' | ||
+ | {{ : | ||
+ | <TEXT align=" | ||
+ | * Wait for 1-3 (5 at most) hours until the test is finished (100% Test progress). | ||
+ | * <text type=" | ||
+ | * Press the //Upload results// button (if network is configured) | ||
+ | {{ : | ||
+ | <TEXT align=" | ||
+ | * Press the //Shutdown PC// button; wait until your machine is stopped. Unplug the USB drive. | ||
+ | * Restart your computer to your standard environment | ||
+ | </ | ||
+ | |||
+ | <panel type=" | ||
+ | - Make sure the USB drive is unplugged. | ||
+ | - Start into your standard environment (e.g., Windows, Linux). | ||
+ | - Plug the USB drive, new drive with label '' | ||
+ | - Locate file(s) with a file name in the form of '' | ||
+ | - Visit the page '' | ||
+ | |||
+ | |||
+ | <TEXT align=" | ||
+ | <button type=" | ||
+ | or send data by email to %%< | ||
+ | </ | ||
+ | |||
+ | |||
+ | {{ : | ||
+ | <TEXT align=" | ||
+ | |||
+ | <TEXT size=" | ||
+ | |||
+ | </ | ||
+ | |||
+ | <panel type=" | ||
+ | |||
+ | <text type=" | ||
+ | |||
+ | === Issue: Solutions below do not solve the problem === | ||
+ | **Solution: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === Issue: The bootable image cannot be downloaded === | ||
+ | **Solution: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === Issue: The live Fedora system will not start to boot === | ||
+ | **Solution: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === Issue: The live Fedora system will stop with an error during boot === | ||
+ | **Solution: | ||
+ | |||
+ | ---- | ||
+ | |||
+ | === Issue: The TPM data collection will start but finish very quickly (less than 10 seconds) with the error ' | ||
+ | |||
+ | **Solution 1:** Restart your computer, enter BIOS (press F1, F8, F12, Enter or special button right), and enable option named 'TPM chip,' ' | ||
+ | |||
+ | **Solution 2:** Try to update your BIOS if possible (older BIOSes are known to have incompatibility with some TPM chips under Linux). Then restart and boot from USB again. | ||
+ | |||
+ | Please submit the results even if the error persists. | ||
+ | |||
+ | ---- | ||
+ | === Issue: I want to see the source code and build a live image myself === | ||
+ | **Solution: | ||
+ | |||
+ | </ | ||
+ | |||
+ | ======= Research details ======= | ||
+ | |||
+ | <TEXT size=" | ||
+ | {{fa> | ||
+ | |||
+ | {{fa> | ||
+ | |||
+ | {{fa> | ||
+ | |||
+ | {{fa> | ||
+ | </ | ||
+ | **We do not collect any personal data.** We collect only the TPM chip metadata, PCR registers, supported cryptographic algorithms, output of random number generator, performance measurements and temporary cryptographic keys generated by TPM chip, product name of your device (e.g., Lenovo ThinkBook 15) and anonymized endorsement key certificates. We plan to release the data collected later as an open research dataset. | ||
+ | |||
+ | **Data we collect:** | ||
+ | * Device vendor, type (e.g., '' | ||
+ | * TPM vendor, firmware version (e.g., '' | ||
+ | * TPM PCR registers (see '' | ||
+ | * TPM metadata ('' | ||
+ | * Algorithms and commands supported by TPM (see '' | ||
+ | * Performance measurements for various cryptographic algorithms (see '' | ||
+ | * Freshly generated transient keys and signatures for ECC and RSA (see '' | ||
+ | * Generated random data (see '' | ||
+ | * Anonymized endorsement key (EK) certificates (see '' | ||
+ | * //Note: All mentioned files are stored inside the '' | ||
+ | | ||
+ | **Data we do NOT collect:** | ||
+ | * Personal information about the user of the analyzed computer. | ||
+ | * Full endorsement keys (we collect only the first and the last two bytes). | ||
+ | * Attestation key(s). | ||
+ | * User-specific content of the non-volatile TPM memory (NVRAM). | ||
+ | |||
+ | **Data Retention: | ||
+ | * We plan to release the data collected as open research dataset to enable wider research cooperation. | ||
+ | * The CRoCS research team will first analyze the data collected for the purpose of analyzing the current TPM chip ecosystem. We plan to release the data collected together with the research findings. |