Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

The feature_mask seems unable to correctly configure whether to enable the hardware TPM #23

Open
bronzeMe opened this issue Nov 26, 2024 · 1 comment
Open

The feature_mask seems unable to correctly configure whether to enable the hardware TPM #23

bronzeMe opened this issue Nov 26, 2024 · 1 comment
Assignees
@Bonjourz
Labels
bug Something isn't working

Comments

@bronzeMe
Copy link

Describe the bug

The feature_mask seems unable to correctly configure whether to enable the hardware TPM,

According to the readme.md of the hyperenclave-driver, bit 8 indicates whether to turn off the fake TPM. However, even after setting bit 8 to 0, changing the feature_mask from 0x302 to 0x102, HyperEnclave still launched using the fake TPM.

To reproduce

image
...

Expected behavior

Starting hyperenclave using real hardware TPM

Logs

[1607662.972441] [76] tpm_detect starting....
[1607662.972441] [76] fake tpm is detected and initialized
[1607662.972441] [76] FAKE TPM: tpm signing key pub x
[1607662.972442] [76] C29974C9F1090FA4A10E9990620E91828B593A7211E2468450E3DC96DD5933FB
[1607662.972442] [76] size= :0x20
[1607662.972443] [76] FAKE TPM: tpm signing key pub y
[1607662.972443] [76] 402206ECCC5479289F33668EAAB85527ABBBB9F7B41CEB71551027D57AF28267
[1607662.972443] [76] size= :0x20
[1607662.972444] [76] FAKE TPM: root secret is generated and sealed
[1607662.972444] [76] FAKE TPM: hypervisor AK pub x=
[1607662.972444] [76] 3D9BB7BA028C5F97AC5AB1619336D9ED23E86858DDBDC23B510D5F0EBA8FF338
[1607662.972444] [76] size= :0x20
[1607662.972445] [76] FAKE TPM: hypervisor AK pub y=
[1607662.972445] [76] 0B28428BDA30B2800FCB032ABCED81071B5F0DCB1A02B22AFF56B7DD22E52522
[1607662.972445] [76] size= :0x20
[1607662.972445] [76] FAKE TPM: hash of he_ak_pub extended to PCR 13:
[1607662.972450] [76] AAA056CA1F030B7BD6C4089C2AEEC36D01173B46E0FD2B4C1BD2C14649B66539

Environment

test@test:~$ cat /etc/os-release
NAME="Ubuntu"
VERSION="20.04.6 LTS (Focal Fossa)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 20.04.6 LTS"
VERSION_ID="20.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=focal
UBUNTU_CODENAME=focal
test@test:~$ uname -a
Linux test 5.4.0-custom #1 SMP Thu Aug 22 05:22:55 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux

Additional context

Possible solution/Implementation

https://github.com/asterinas/hyperenclave-driver/blob/master/driver/feature.c#L92
@bronzeMe bronzeMe added the bug Something isn't working label Nov 26, 2024
@Bonjourz
Copy link
Collaborator

Hi @bronzeMe , the bit index starts from 0.

Try to set the feature_mask to 0x202. Bit 8 is still be set in the 0x102.

By the way, it is not recommended to turn on the hardware TPM mode.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Bonjourz Bonjourz

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bronzeMe @Bonjourz