This pull request ends the Android client part of the protocol.

It also adds support for PCR extension on both server and client side: If the --pcr-extend option is used during the enrollment (with --enroll), a secret will be generated on client side, and sent back on each attesatation. The server will then extend the 9th PCR with it. This allows the user to base disk decryption of his machine on the attestation response.

This pull request ends the Android client part of the protocol.

It also adds support for PCR extension on both server and client side: If the --pcr-extend option is used during the enrollment (with --enroll), a secret will be generated on client side, and sent back on each attesatation. The server will then extend the 9th PCR with it. This allows the user to base disk decryption of his machine on the attestation response.

Adds a test environment to the ultablue project, it's able to generate a linux distro image which includes the ultrablue server, its dracut module and systemd unit. Once the image is generated one can use it to enroll an ultrablue client and test a remote attested boot.

Hi!

I watched your talk on OSFC 2022 and I would like to give this project a go. However, I have basically zero experience compiling Android apps. Thus I was wondering if you have any plans on releasing binaries for the clients and server?

Ideally being able to just install ultrablue through dnf and Google Play Store would be extremely nice.

Thanks for your work!

Review open comments in https://github.com/ANSSI-FR/ultrablue/pull/12 against current code.

In particular, pay attention to whether replaying the event log rehashes the events to validate hash values or only chains the provided hashes, and whether we check that TPM is a physical one (ie. the key is derived from the key of a known manufacturer).

Commits before bee4b1015f5949169fc50a0a076a40c6340d210e in this pull request comes from the Android PR, from which several changes are also needed here.

I wasn't able to test it before the Pull Request again because of an issue with xcode, but nothing should have changed from the last time I used the application.

When testing PR #7, I get the following error in the testbed, running the server in --enroll mode and the latest client on a Pixel 4a:

panic: runtime error: invalid memory address or nil pointer dereference
[signal SIGSEGV: segmentation violation code=0x1 addr=0x0 pc=0x5dbce7]

goroutine 16 [running]:
main.parseAttestEK(0xc000136c30)
	/root/src/protocol.go:98 +0x1a7
main.registration(0xc000013860?, 0xc0000495d0)
	/root/src/protocol.go:115 +0x113
main.ultrablueProtocol(0xc0000a0480?)
	/root/src/protocol.go:250 +0xde
created by main.getConnectionState
	/root/src/state.go:95 +0x185

The last message I see on the Android side is Getting EkPub and EkCert.

This does not happen when running the server outside of the testbed. My guess is that this comes from the fact that I don't have clean build of the testbed, so my server and client are out-of-sync.

However, the server should not crash, even if the client sends garbage data. We should investigate this crash and makes sure the server handles the situation properly.

I see the following in logcat:

2022-07-28 17:09:32.961 29017-29216/fr.gouv.ssi.ultrablue D/TransportRuntime.CctTransportBackend: Making request to: https://firebaselogging.googleapis.com/v0cc/log/batch?format=json_proto3

Why is this happening? We shouldn't make requests to external servers.