Trusted Computing Group and NVM Express

--- tags: TCG --- # Trusted Computing Group and NVM Express slide: https://hackmd.io/@QSquirrel/r1AjguqZK {%hackmd ryr9Ug6sd %} --- ## Introduction TCG (Trusted Computing Group)為一專司工業標準發展及制定的組織，內容由組織成員共同制定，並公佈供業界採用施行。 TCG的儲存裝置組織制定Opal安全子系統分級 (Security Subsystem Class; SSC)，此為儲存裝置安全管理規範分級的其中一種級別，多應用於PC、NB裝置。在此規範中針對儲存裝置的資料管理及資料存取的權限分層管理相關細節皆有所定義，以保護使用者資料。經認證符合Opal SSC規範的儲存裝置，則稱之具有TCG Opal級的可信賴安全儲存裝置 Opal制定了全面性架構的規範，對象同時包含儲存裝置的製造商、軟體供應商、系統整合業者及學術機構，此規範涵括儲存裝置的製作、系統安裝、管理及使用方式，將資料進行加密保存, 分層管理，以避免資料遭竊取、篡改，達到確保資料安全性的目的。支援Opal規範的儲存裝置架構，同時具有以下特色： - 皆為自我加密機制裝置SED(Self Encrypting Device)：裝置對於資料的加解密皆於裝置內部完成，不透過Host端的處理，加解密的金鑰也同樣保存於裝置內 (常見的技術如硬體AES加密功能)。 - 具開機認証程序：使用者開啟時先進入一個稱為shadow MBR模擬空間進行pre-boot的身份驗證動作，通過驗證後，才會進入真正的開機程序，與裝置連結。 - 具分區分權設定功能：裝置管理者可針對儲存裝置本身建立邏輯區塊位址LBA (Logical Block Address)範圍， - 針對不同的LBA範圍設定不同的權限，唯有擁有相對應金鑰者可進入該分區內進行權限內的作業。同時也 - 針對擁有金鑰者進行管理，將已劃分的加密硬碟區塊授權給不同的使用者管理。 ![](https://i.imgur.com/rT3u2Qu.png) ![](https://i.imgur.com/yy09SSM.png) ![](https://i.imgur.com/FeCv7oA.png) ## Main function - Trusted Computing Group and NVM Express TCGandNVMe_Joint_White_Paper-TCG_Storage_Opal_and_NVMe_FINAL.pdf - Sample and flow TCG_Storage_Opal_SSC_Application_Note_1-00_1-00-Final.pdf - Main spec TCG_Storage_Architecture_Core_Spec_v2.01_r1.00.pdf TCG_Storage-Opal_SSC_v2.01_rev1.00.pdf TCG_SWG_SIIS_Version_1_07_Revision_1_00.pdf - Other SPC-4 https://trustedcomputinggroup.org/ ![](https://i.imgur.com/U9iMs53.png) ![](https://i.imgur.com/FbU1UoV.png) ### SECURITY PROTOCOL IN ![](https://i.imgur.com/5GpM58I.png) ![](https://i.imgur.com/BrBtm4P.png) ### SECURITY PROTOCOL OUT ![](https://i.imgur.com/PPY3SO2.png) ![](https://i.imgur.com/kHRm02d.png) ### Token The Token Types identified in Table 04 are divided into 3 subgroups, - Simple Tokens - Atoms: tiny, short, medium, long, and empty atoms. - Sequence Tokens: Start List, End List, Start Name, and End Name. - Control Tokens: Call, End of Data, End of Session, Start Transaction, End Transaction. ![](https://i.imgur.com/TdxrLNU.png) ### Trusted Peripheral(TPer) Session Manager - Properties - StartSession - SyncSession - CloseSession ![](https://i.imgur.com/dIU2b6l.png) ### Method – Properties Properties (Method) The Properties method is a control session method used by the host to provide its communication properties to the TPer, and to retrieve the communication properties of the TPer. The purpose of the Properties method is to permit the host and the TPer to exchange the information about their respective communications capabilities required for session startup and maintenance, <span class="highlight1">without the need to first start a session.</span> <span class="highlight1">Properties are maintained on a per-ComID basis in both the host and the TPer</span>. The HostProperties parameter is used to describe the communications capabilities that the host possesses, and apply to any sessions started using the ComID associated with this Properties method invocation once the TPer has processed the method and prepared a response. ![](https://i.imgur.com/AfNElun.png) session[0:0] -> SMUID.Properties[ HostProperties = [“MaxComPacketSize” = 4096, “MaxResponseComPacketSize” = 4096, “MaxPacketSize” = 4076, “MaxIndTokenSize” = 4040, “MaxPackets” = 1, “MaxSubpackets” = 1, “MaxMethods” = 1] ] session[0:0] <- SMUID.Properties[ Properties : [“MaxComPacketSize” = 8192, “MaxResponseComPacketSize” = 8192, “MaxPacketSize” = 8172, “MaxIndTokenSize” = 8136, “MaxPackets” = 1, “MaxSubpackets” = 1, “MaxMethods” = 1, “ContinuedTokens” = FALSE, “SequenceNumbers” = FALSE, “AckNak” = FALSE, “Asynchronous” = FALSE, “MaxSessions” = 1, “MaxAuthentications” = 2, “MaxTransactionLimit” = 1, “DefSessionTimeout” = 120000], HostProperties = [“MaxComPacketSize” = 4096, “MaxPacketSize” = 4076, “MaxIndTokenSize” = 4040, “MaxPackets” = 1, “MaxSubpackets” = 1, “MaxMethods” = 1] ] An Opal compliant SD SHALL support the Properties method. The requirements for support of the various TPer and Host properties, and the requirements for their values, are shown in Table 12. ![](https://i.imgur.com/Tum5dnc.png) ### Method – StartSession ![](https://i.imgur.com/gqc61Wb.png) ![](https://i.imgur.com/SKKLvWc.png) ### Method – SyncSession ![](https://i.imgur.com/JxG02IJ.png) ![](https://i.imgur.com/G7xkvq6.png) ### Method manager – CloseSession ![](https://i.imgur.com/lgKxPJ7.png) ![](https://i.imgur.com/Hpo6cBa.png) ### Tables ![](https://i.imgur.com/TOLxRKn.png) - Base Template: Provides the tables and methods common for all SPs. - Admin Template: Provides administrative control over other SPs and the TPer settings as a whole, and control over Issuance of new SPs. - Clock Template: Contains tables and methods specialized for forensic and cryptographic clocks. - Crypto Template: Contains functional extensions to the Base SP cryptographic and procedural capabilities. - Locking Template: Provides tables and methods for storage encryption/decryption and read/write lock state control. - Log Template: Contains tables and methods specialized to forensic logging. ## Is support TCG opal? 1. Supported SECURITY_PROTOCOL_IN/OUT commnad 1. Supported security protocol list 1. Check Level 0 Discovery - Opal SSC V2.00 Feature - Is support TCG opal? - Check Level 0 Discovery - Opal SSC V2.00 Feature ![](https://i.imgur.com/8vahTOU.png) ![](https://i.imgur.com/OhSn1e8.png) ![](https://i.imgur.com/DxWIkNL.png) ## Command flows 1. Check supported TCG opal and get the comID 1. Exchange communication properties with the Trusted Peripheral(TPer) 1. Taking Ownership of the Storage Device 1. Activating the Locking SP 1. Changing the Admin1 PIN in the Locking SP ### Lock - Exchange communication properties with the TPer - Properties. - Properties Response - Taking Ownership of the Storage Device - Open a session to the Admin SP as the Anybody authority. - StartSession - SyncSession - Gets the MSID’s PIN value from the C_PIN table. - Get - Get Result - Close the Session. - End of Session - End of Session Response - Opens a session to the Admin SP as the SID authority using the <MSID_password>. - StartSession - SyncSession - Sets the <new_SID_password> value in the SID's C_PIN credential PIN column. - Set - Set Result - Close the Session. - End of Session - End of Session Response - Activating the Locking SP - Opens a session to the Admin SP as the SID authority. - StartSession - SyncSession - Determines the life cycle state of the Locking SP. - Get - Get Result - Activates the Locking SP by using the Activate method on the Locking SP object in the Admin SP. - Activate - Activate Result - Close the Session. - End of Session - End of Session Response - Changing the Admin1 PIN in the Locking SP - Opens a session to the Locking SP as Admin1 - StartSession - SyncSession - Sets the <Admin1_password> value in Admin1’s C_PIN credential PIN column - Set - Set Result - Enables the C_PIN_Admin1 - Set - Set Result - Change the password for C_PIN_Admin1 - Set - Set Result - Close the Session - End of session - End of Session Response :::info Note: After the Locking SP is activated, the PIN for Admin1 in the Locking SP will be set to the current SID PIN, which is “<new_SID_password>”. ::: ### Unlock - Opens a session to the Locking SP as User1 - StartSession - SyncSession - Unlocks a range by setting the Locked columns in the Locking table to FALSE - Set - Set Result - Closes the session - End of Session - End of Session Response ### Revert - Opens a session to the Admin SP as SID - StartSession - SyncSession - Reverts the Tper - Revert - Revert Result ### Change password - Opens a session to the Locking SP as Admin1 - StartSession - SyncSession - Sets the <Admin1_password> value in Admin1’s C_PIN credential PIN column - Set - Set Result - Closes the session - End of Session - End of Session Response