This repository contains agent and server plugins for SPIRE to allow TPM 2-based node attestation.
Here's a quick demo that shows how this plugin looks when run:
Before starting, create a running SPIRE deployment and add the following configuration to the agent and server:
NodeAttestor "tpm" {
plugin_cmd = "/path/to/plugin_cmd"
plugin_checksum = "sha256 of the plugin binary"
plugin_data {
}
}
NodeAttestor "tpm" {
plugin_cmd = "/path/to/plugin_cmd"
plugin_checksum = "sha256 of the plugin binary"
plugin_data {
ca_path = "/opt/spire/.data/certs"
hash_path = "/opt/spire/.data/hashes"
}
}
key | type | required | description | default |
---|---|---|---|---|
ca_path | string | the path to the CA directory | /opt/spire/.data/certs | |
hash_path | string | the path to the Hash directory | /opt/spire/.data/hashes |
For this plugin to work, either ca_path
, hash_path
, or both must be configured.
Contains the manufacturer CA cert that signed the TPM's EK certificate in PEM or DER format. Drop all manufacturer CA certs in the directory ca_path
.
Note: not all TPM's have an EK certificate, if yours does not then use hash_path
Contains empty files named after the EK public key hash. Use the get_tpm_pubhash
command to print out the TPM's EK public key hash. Example:
agent $ ./get_tpm_pubhash
1b5bbe2e96054f7bc34ebe7ba9a4a9eac5611c6879285ceff6094fa556af485c
server $ mkdir -p /opt/spire/.data/hashes
server $ touch /opt/spire/.data/hashes/1b5bbe2e96054f7bc34ebe7ba9a4a9eac5611c6879285ceff6094fa556af485c
The plugin uses TPM credential activation as the method of attestation. The plugin operates as follows:
- Agent generates AK (attestation key) using TPM
- Agent sends the AK attestation parameters and EK certificate or public key to the server
- Server inspects EK certificate or public key
- If
hash_path
exists, and the public key hash matches filename inhash_path
, validation passes - If
ca_path
exists, and the EK certificate was signed by any chain inca_path
, validation passes
- If
- If validation passed, the server generates a credential activation challenge using
- The EK public key
- The AK attestation parameters
- Server sends challenge to agent
- Agent decrypts the challenge's secret
- Agent sends back decrypted secret
- Server verifies that the decrypted secret is the same it used to build the challenge
- Server creates a SPIFFE ID in the form of
spiffe://<trust_domain>/spire/agent/tpm/<sha256sum_of_tpm_pubkey>
- All done!
For info on how TPM attestation usually works and how this implementation differs, visit TPM.md.
To build this plugin on Linux, run make build
. Because of the dependency on go-attestation, you must have libtspi-dev
installed.
Please read the LICENSE file.