Getting vTPM Endorsement Key Certificates

Use the instructions in this topic to get endorsement key certificates from the virtual trusted platform module (vTPM) of a Compute Engine VM instance that uses a Shielded VM image.

Windows

You can use the endorsement key encryption certificate to encrypt data so that only the vTPM can read it. You can also use certificate information to ascertain the identity of the VM instance before sending sensitive information to it.

  1. Go to the VM instances page
  2. Locate the Shielded VM instance whose vTPM you want to use to shield data.
  3. Click RDP to open a connection the VM instance.
  4. Open a Powershell window as an administrator.
  5. Install the endorsement key root certificate to the Windows Trusted Root Certification Authorities by running the following commands. This only needs to be done once, so you can skip this step if you have already done this.

    cd c:\
    $root_file = 'c:\root.crt'
    $root_url = 'https://pki.goog/cloud_integrity/tpm_ek_root_1.crt'
    $webclient = New-Object System.Net.WebClient
    $webclient.DownloadFile($root_url, $root_file)
    $file = (Get-ChildItem -Path $root_file)
    $file | Import-Certificate -CertStoreLocation Cert:\LocalMachine\Root\ 

    The last command will return a result similar to the following:

    PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root

    Thumbprint Subject ---------- ------- X12345671234Z123Y123H9123AB98B98F6D2F4 CN="tpm_ek_v1_cloud_host_root-signer-0-2018-04-06T10:58:26-07:00 K:1, 1:Pw...

  6. Download and verify the endorsement key certificates by running the following commands:

    $ek_cert = Get-TpmEndorsementKeyInfo
    $cert = $ek_cert.ManufacturerCertificates[0]
    Export-Certificate -Type CERT -Cert $cert -FilePath "c:\ek.cer"
    certutil.exe -verify -urlfetch c:\ek.cer

    You get the result Leaf certificate revocation check passed towards the end of the output if verification is successful:

    ...
    Verified Application Policies:
    2.23.133.8.1 Endorsement Key Certificate
    Cert is an End Entity certificate
    Leaf certificate revocation check passed
    CertUtil: -verify command completed successfully.

  7. Dump the details of the endorsement key certificates, including identity information like instance ID and location, by running the following commands:

    $ek_cert = Get-TpmEndorsementKeyInfo
    $cert = $ek_cert.ManufacturerCertificates[0]
    Export-Certificate -Type CERT -Cert $cert -FilePath "c:\ek.cer"
    certutil.exe -dump c:\ek.cer

Linux

You can use the endorsement key encryption certificate to encrypt data so that only the vTPM can read it, or the signing certificate to verify signatures that the vTPM makes. You can also use certificate information to ascertain the identity of the VM instance before sending sensitive information to it.

Use Google's go-tpm library to get the endorsement key certificates on Linux operating systems.

  1. Go to the VM instances page
  2. Locate the Shielded VM instance whose vTPM you want to use to shield data.
  3. Click SSH to open a terminal window on the VM instance.
  4. Using your preferred text editor, save the following code as a script called build_go_tpm.sh. This code installs the Google's go-tpm library.

    #!/bin/bash
    set -e

    # Install dependencies. sudo apt-get -y install golang git

    # Build go-tpm library. export GOPATH=${HOME}/go mkdir -p "${GOPATH}" go get github.com/google/go-tpm/...

  5. Save the following code as a script called read_ek_certs.sh. This code runs the build_go_tpm.sh script, and then reads the encryption and signing certificates from the vTPM.

    #!/bin/bash
    set -e
    source ./build_go_tpm.sh

    # Read EK cert from NVDATA. # tpm2-ekcert also verifies the certificate matches the public key material. EK_CERT_NV_INDEX=0x01c00002 sudo "${GOPATH}/bin/tpm2-ekcert" --output="tpm_ek_enc_cert.crt" --cert-index="${EK_CERT_NV_INDEX}" openssl x509 -inform der -in "tpm_ek_enc_cert.crt" -outform pem -out "tpm_ek_enc_cert.crt.pem"

    # Read AIK cert from NVDATA. # tpm2-ekcert also verifies the certificate matches the public key material. AIK_CERT_NV_INDEX=0x01c10000 AIK_TEMPLATE_INDEX=0x01c10001 sudo "${GOPATH}/bin/tpm2-ekcert" --output="tpm_ek_sign_cert.crt" --cert-index="${AIK_CERT_NV_INDEX}" --template-index="${AIK_TEMPLATE_INDEX}" openssl x509 -inform der -in "tpm_ek_sign_cert.crt" -outform pem -out "tpm_ek_sign_cert.crt.pem"

  6. Open a terminal window and run read_ek_certs.sh. Use an account capable of running sudo.

    ./read_ek_certs.sh

  7. Save the following code as a script called verify_certs.sh. This code downloads and verifies the encryption and signing certificates from the vTPM.

    #!/bin/bash
    set -e

    # Download certificates. for i in tpm_ek_intermediate_h1_2018.crt tpm_ek_root_1.crt; do curl "https://pki.goog/cloud_integrity/${i}" -o "${i}" openssl x509 -inform der -in "${i}" -outform pem -out "${i}.pem" done

    # Download CRLs. for i in tpm_ek_intermediate_h1_2018.crl tpm_ek_root_1.crl; do curl "https://pki.goog/cloud_integrity/${i}" -o "${i}" openssl crl -inform der -in "${i}" -outform pem -out "${i}.pem" done

    # Build certificates chain store. cat tpm_ek_root_1.crt.pem tpm_ek_root_1.crl.pem > tpm_ek_root_store.pem cat tpm_ek_intermediate_h1_2018.crt.pem tpm_ek_intermediate_h1_2018.crl.pem tpm_ek_root_store.pem > tpm_ek_intermediate_store.pem

    # Verify intermediate certificate. openssl verify -verbose -crl_check -CAfile tpm_ek_root_store.pem tpm_ek_intermediate_h1_2018.crt.pem

    # Verify (enc) EK certificate. openssl verify -verbose -crl_check -CAfile tpm_ek_intermediate_store.pem tpm_ek_enc_cert.crt.pem

    # Verify (sign) EK certificate. openssl verify -verbose -crl_check -CAfile tpm_ek_intermediate_store.pem tpm_ek_sign_cert.crt.pem

  8. Run verify_certs.sh.

    ./verify_certs.sh

    You should see results similar to the following. All certificates have a result of OK if verification is successful.

    % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
       100  1480    0  1480    0     0   6055      0 --:--:-- --:--:-- --:--:--  6040
       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
       100  1667    0  1667    0     0   7114      0 --:--:-- --:--:-- --:--:--  7123
       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
       100   569  100   569    0     0   2958      0 --:--:-- --:--:-- --:--:--  2963
       % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
       100   830  100   830    0     0   4247      0 --:--:-- --:--:-- --:--:--  4256
       tpm_ek_intermediate_h1_2018.crt.pem: OK
       tpm_ek_enc_cert.crt.pem: OK
       tpm_ek_sign_cert.crt.pem: OK

Was this page helpful? Let us know how we did:

Send feedback about...

Documentation