KVM virtual TPM aka the "Universal Smartcard"

KVM has recently added virtualized TPM support. They can be very valuable from a security standpoint (and more trustworthy than hardware TPMs). A big thing is they can be used like virtual smartcards providing security like Qubes’ split-gpg but for more types of software keys like OpenSSH, OpenSSL and more.

To summarize in someone else’s words:

TPMs are useful as an alternative to key cards: they provide the same security against key theft and the same cryptographic protections. The main difference is that TPMs are universally present in every laptop, so they provide a simple and ubiquitous solution to key security. The only real downside is that unlike key cards, TPM protected keys cannot be transferred between laptops, you must instead keep an offline backup copy of the key can then be transferred to the TPM of any new laptop.

The way TPM protection works is slightly different from key cards.
Instead of moving the key inside the card, the TPM converts any given key to a TPM specific representation (meaning it’s encrypted by a special key that only the TPM possesses). The TPM represenation must be stored offline somewhere and if it is lost, so is the protected key.

The way I implemented this is to use the TPM to convert the key to
protected representation and then store it in the shadow_info of a
shadowed-private-key using a shadow type of tpm2-v1. The TPM can handle an arbitrary number of keys, but the price is the shadow_info stores the keys and must be preserved.

https://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/


Patches for GPG support for TPMs has been submitted but I have yet to see what happened. Needs following up for sure so it can make it before the next freeze hopefully.

To be done:

  • How to secure OpenSSH keys
  • Suggesting Tor supports this for Onion service keys and even session key material if TPM detected.

Contents of TPM can be encrypted in the libvirt version in Bullseye.


EDIT:

This nifty code supports the major applications on TPM 2

https://wiki.archlinux.org/index.php/TPM2-PK11

* OpenSSH Client (SSH key in TPM)
* Firefox (Private key of Client certificate in TPM)
* GnuPG using gnupg-pkcs11-scd (PGP key in TPM)
1 Like

How so?

Hopefully the average cryptomessenger too?

Hardware TPMs come with their own secret keys burned into the chip from the factory. If they collude with states or are infiltrated then these private keys are considered compromised. There is no way I can trust the crypto engine’s RNG on these things as these can be silently compromised and there is no way to find out unlike other security exploits. As QEMU’s hardware is an open implementation it has a chance of being properly vetted and being easily fixed in case of a vuln more than a hardware chip can be. The Infineon TPM debacle makes a case for this.

A software TPM can be easily updated to support more modern encryption algos which is not the case for laptops that have chips with the 1.2 spec where they are limited to SHA1 and can’t be upgraded without changing the hardware.

Note that physical access is out of scope here, but I would never rely on the physical chip to store secrets because they can be cracked by those who get their hands on the machine.

If they natively support TPMs then yes it can happen. Adam Langley’s asynchronous messenger over Tor “Pond” was designed to make use of TPMs. Without their explicit support, the software package I found can in theory be extended to support other programs though I’m not sure if they must support the PKCS#11 standard or not.

gpg 2.3 now supports TPM devices, but unfortunately only 2.2 is in stable. @Patrick is it recommeded to use fasttrack for a newer version of this core program?

https://www.gnupg.org/blog/20210315-using-tpm-with-gnupg-2.3.html

fasttrack.debian.net has a limited scope. It’s really awesome, livesaver for Whonix VirtualBox but not a magic bullet by any stretch. Since gnupg doesn’t have any issues requiring it being uploaded to fasttrack.debian.net I don’t think it will ever be added to fasttrack.debian.net. fasttrack isn’t going to succeed Debian backports in speed. To verify gnupg being unavailable in fasttrack, web search term:

site:fasttrack.debian.net gnupg

At time of writing, gnupg doesn’t seem to be available in Debian backports either.

Milestones:

  • Add TPM2 virtual hardware to VM config and update KVM host install dependencies

  • Add tpm tools packages in Whonix/Kicksecure

  • Wait for the stable next for GPG/OpenSSH versions that know how to talk to TPMs. Meanwhile fetch from backports these updated versions and figure out what commands are used to import existing keys this way and hopefully automate these steps in a single wrapper script that one points at the directory with keys and lets it do its thing so this sees more widespread use.

Related:
Xen and VBox seem to both have included virtual TPM support too so this is worthwhile to implement for the whole userbase.

1 Like

Cannot be done by default:
( Dev/APT Pinning - Kicksecure )

I know. I mean for early testing development of this feature so it is ready when stable-next rolls around

1 Like