First published on TECHNET on Sep 08, 2014
Hey Everyone, I am back with the last part of this 3 of this series on TPM protected certificates. The last topic for this series is on Key Attestation. Recently I have had a few people ask me about the Key Attestation tab in Windows Server 2012 R2. Another person informed me they tried to set it up, and it didn’t work. That’s not cool. I hadn’t used the feature before so I decided to take a dive into it and maybe I could help y’all out. Here is what I found. First, what is this for? Key Attestation is an assurance mechanism. It validates the private key in a certificate key pair are protected via a TPM. If you don’t know what the big deal is about protecting keys via TPM please see part 1 and part 2 of this series. Depending on how the key is being protected, the CA can also insert Issuance Policy OID’s into a certificate based on what attestation method was used.
The 3 methods used for Key Attestation are:
User Credentials: (Low Assurance) Issuance Policy/Certificate Policy OID: 1.3.6.1.4.1.311.21.32 – The user provides an EKPub to the enterprise CA. The enterprise CA performs no further validation.
Endorsement Certificate: (Medium Assurance) Issuance Policy/Certificate Policy OID 1.3.6.1.4.1.311.21.31 – The TPM has a manufacturer supplied certificate embedded. The Enterprise CA validates the EKCert chain. All CA’s in the chain must be trusted. This method also means that ALL TPM’s from the manufacturer’s chain are trusted.
Endorsement Key: (High Assurance) Issuance Policy/Certificate Policy OID: 1.3.6.1.4.1.311.21.30 – The Enterprise CA validates each EKPub provided against an administrator defined list of allowed EKPub. The list is contained in a directory that includes files named for each EKPub SHA-256 hash.
Assumptions
This article assumes the individual has a basic understanding of Microsoft PKI and its components.
Requirements:
This option only requests the client send an EKPub to the Enterprise CA. There is no further validation other than the user’s domain credentials (low assurance).
In this section we will modify the template we configured in Part 1 of this 3 part series to perform key attestation and insert issuance policies.
Open the Certificate Template Console (certtmpl.msc)
Modify the Workstation Authentication Template you created in Part 1 of this series
Verify the following:
Compatibility Tab
Certificate Authority: Windows Server 2012 R2
Certificate Recipient: Windows 8.1/Windows Server 2012 R2
Cryptography Tab
Provider Category: Key Storage Provider
Requests must be from one of the following providers: Check only Microsoft Platform Crypto Provider
New Settings:
Request Handling
Renew with the same key: cleared/unchecked
Key Attestation Tab
Key Attestation: Required
Attestation Type
User Credentials
Issuance Policies for key attested certificates
Include issuance polices for enforced attestation types
This option makes use of the certificate some manufacturers burn into their TPM’s. Notice I said some, not all manufacturers are doing this. The next fun thing about this one is, depending on the manufacturer you have to go chase them down to get copies of the public keys for all the CA’s in their chain and import those certificates into special containers on your CA. The good thing about this is, after you do it all of the TPM enabled devices that chain to those certificates are trusted for attestation.
Let’s get started on setting this up.
From the Windows 8.1 device that has a TPM.
Now that the manufacturer has given us the public keys we can go ahead and import them into special containers in the local machine store so they can be used for attestation purposes.
Some of this is from the TechNet Article: TPM Key Attestation . So a big thanks to the folks that wrote this.
The following commands will create the EKCert containers for the manufacturer’s certificates.
# Create EKCert containers and import TPM manufacturer certificates cd cert: new-item EKROOT new-item EKCA |
These commands will create the following certificate containers in the local machine store:
After you create the containers you will need to import the manufacturer’s certificates to the proper containers.
Now we can configure your certificate template for Endorsement Certificate attestation.
Open the Certificate Template Console (certtmpl.msc)
Modify the Workstation Authentication Template you created in Part 1 of this series
Verify the following:
Compatibility Tab
Certificate Authority: Windows Server 2012 R2
Certificate Recipient: Windows 8.1/Windows Server 2012 R2
Request Handling
Renew with the same key: cleared/unchecked
Cryptography Tab
Provider Category: Key Storage Provider
Requests must be from one of the following providers: Check only Microsoft Platform Crypto Provider
New Settings:
Key Attestation Tab
Key Attestation: Required
Attestation Type
Endorsement Certificate
Issuance Policies for key attested certificates
Include issuance polices for enforced attestation types
This process takes the most administrative effort and thus provides the highest level of assurance. With this method our goal is to populate a folder, either locally or network, with empty files. The names of the files are the sha256 hash of the TPM endorsement keys for the devices in your organization you want to perform attestation.
For this we are going to use a sample PowerShell script that I made using the one in the Technet article for a reference (with a few tweaks of course J ).
#This line provides us with the TPM Public Endorsement Key info and also provides the hash in sha-256 form $tpmhash=Get-TpmEndorsementKeyInfo -HashAlgorithm sha256 # We only want the hash value so here we pull just that value $tpmhashfile=$tpmhash.PublicKeyHash #Lastly we create an empty file with no extension whose name is the hash of the TPM EK public key. Mine writes to a file share where multiple CA’s can read it. Notice I said READ . So the NTFS and file share permissions will need to be configured to allow the machine accounts of the CA’s to READ. New-Item -path \\Fab-LAB-DC01\TPMHash\$tpmhashfile -ItemType file |
Now that we have an EKPub hash file in the folder we need to have the CA recognize this folder as a repository. Remember, the CA machine account needs to have read permissions on this folder so if it’s local that’s no big deal. But since mine is on a network share I needed to configure this on the NTFS and share permissions.
We are going to run this command to add the folder as an Endorsement Key List Directory, there is currently no method to do this through the GUI
certutil.exe -setreg CA\EndorsementKeyListDirectories +\\con-lab-dc01\EKPub$
Alternatively you can run certutil.exe -setreg CA\EndorsementKeyListDirectories -\\con-lab-dc01\EKPub$ to remove a directory
Now we need to restart the CA services for the change to take effect. You can choose your favorite method I am going to use the command line.
net stop certsvc & net start certsvc
Open the Certificate Template Console (certtmpl.msc)
Modify the Workstation Authentication Template you created in Part 1 of this series
Verify the following:
Compatibility Tab
Certificate Authority: Windows Server 2012 R2
Certificate Recipient: Windows 8.1/Windows Server 2012 R2
Cryptography Tab
Provider Category: Key Storage Provider
Requests must be from one of the following providers: Check only Microsoft Platform Crypto Provider
New Settings:
Request Handling
Renew with the same key: cleared/unchecked
Key Attestation Tab
Key Attestation: Required
Attestation Type
Endorsement Key
Issuance Policies for key attested certificates
Include issuance polices for enforced attestation types
Processing Rules for Key Attestation Based on a Trusted Endorsement Key
http://msdn.microsoft.com/en-us/library/dn410471.aspx
Get-TPMEndorsementKeyInfo
http://technet.microsoft.com/en-us/library/dn449037.aspx
TPM Key Attestation
http://technet.microsoft.com/en-us/library/dn581921.aspx
TPM System Fundamentals Testing Prerequisites
http://msdn.microsoft.com/en-us/library/windows/hardware/dn247549.aspx
TPM Attestation Test
http://msdn.microsoft.com/en-us/library/windows/hardware/hh998296.aspx
Links to part 1 and 2 of this 3 part series are below:
Part 1 : Microsoft Platform Crypto Provider
Part 2 : Virtual Smart Cards
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.