[Question] How safe is Virtualbox's TPM implementation?

[jjolidon]

Hi everyone,

With version 7 providing a TPM implementation, I am curious to know how safe the virtualized TPM really is:

- Are secrets encrypted at rest?
- Are they accessible to the host?
- Are the secrets encrypted with a key anchored in the host's TPM?

Thanks for your replies,
Jérôme Jolidon

[scottgus1]

Are the secrets encrypted with a key anchored in the host's TPM?

I may be able to answer this one partially: There is a host or simulated TPM option in https://www.virtualbox.org/manual/ch08. ... e-createvm see:

--tpm-type=none | 1.2 | 2.0 | host | swtpm

[jjolidon]

Yep That's the premise of my question... I am wondering about the safety of the vTPM-encrypted data, though. That the implementation complies with the TCG specification doesn't say much about the safety/integrity of the keys, I think (I may be wrong, I didn't read whole of the spec).

[scottgus1]

The only closed-source part of Virtualbox is the Extension Pack, and the Extension Pack doesn't handle the TPM, as best as I can see.

So it could be possible to peruse the TPM source code to see how secure it is. Source code is way beyond me, unless it's VBscript, which Virtualbox is not.

I could imagine that the simulated TPM allows moving the VM to a different host more easily, because the host TPM is not involved. Or for making TPM VMs on hosts that don't have a TPM.

Determining how secure it is may require a source code deep dive.

[fth0]

I cannot answer your questions myself (without a deep dive into the publicly available source code ), but I can give a few hints:

The TPM implementation of VirtualBox 7.0 is based on libtpms 0.9.6.

I'll make an educated guess that the TPM types 1.2 and 2.0 are meant to be secure from the POV of the guest, but not from the POV of the host. For example, on the host you can always use VirtualBox's built-in VM debugger.

PS: In general, there is no such thing as security, there's only the absence of known insecurities.

[jjolidon]

I could imagine that the simulated TPM allows moving the VM to a different host more easily, because the host TPM is not involved. Or for making TPM VMs on hosts that don't have a TPM.

Good insight, I hadn't thought of VM mobility. I guess that pretty much settles that, then, the only way to secure the TPM access would be to use the host's - which now also explains the existence of the option, so far I hadn't found an explanation on why it would be there.

Thanks all for your help !