HP Secure Platform Management with the HP Client Management Script Library

One of the new features introduced in HP Client Management Script Library is the ability to provision the HP Sure Recover feature on HP commercial systems. If you are not familiar with HP Sure Recover, give it a quick read here (warning, PDF ahead).

If you want to follow along with this post, you will need:

  1. HP Client Management Script Library 1.4
  2. OpenSSL

The OpenSSL on windows is always a daunting proposition, since there is no official Win32 build. The best I can say is check with your security team to find out which Windows build they recommend, or if they possibly make their own builds for internal use. Another option is to use the Windows Subsystem for Linux (WSL) and use the Linux-version of openssl.

In this blog post, we’ll cover the HP Secure Platform Management provisioning and deprovisioning. We’ll follow up with an additional blog post that will cover HP Sure Recover provisioning.

 

Concepts

Before we begin, let’s cover a little architecture here. Many modern HP commercial platforms contain a feature called HP Secure Platform Management (SPM), which uses certificates rather than password to authorize operations. This significantly ratches up security, but it does introduce a little complexity and the need to have a basic understanding of certificate-based security.

The SPM subsystem doesn’t really do anything by itself, for an end user. Rather, it serves as a cryptographic foundation on which other features can be built. One such feature is HP Sure Recover. Other features that you may have heard about that are also built on HP Secure Platform Management and HP Sure Run and HP Sure Admin. Support for these other features will come in a future version of HP CMSL.

For the SPM  feature, there are two key pairs involved, the Endorsement Key (EK)  and the Signing Key (SK). We will generate these in our sandbox using openssl, by creating PKCS#12 certificates (PFX). In production, you may want to get these from your own CA. Again, check with your security guys.

 

Endorsement Key and Signing Key

The Endorsement Key has one major purpose: to protect against unauthorized changes to the Signing Key. The Signing Key on the other hand is used by the platform to authorize commands.


Important: your private keys must never leave your secure PC. Do not distribute them to your clients, and do not depend on the PFX file password. The only part of your certificate that may leave your secure location is the public component of the certificate. The opaque payload created by the New-* functions below contain only public information.


When starting with an un-provisioned platform, the first thing that must be done is to provision the Signing Key’s public key into the SPM. Once the EK is provisioned, the SK public key can now be provisioned, however the SK must be signed by the EK’s private key (that’s how the EK protects against unauthorized changes to the SK, only the person who holds the EK private key can change the SK pubic key on clients)

So to summarize the steps to provision a platform:

  1. Provision the EK public key
  2. Sign the SK public key with the EK private key
  3. Provision the SK public key that is signed by the active EK private key
  4. Reboot the system (a physical presence prompt will be required for the provision to complete. If you do not reboot, the state will remain as ‘provisioning in progress’)

To replace the signing key:

  1. Sign the new SK with the active EK private key
  2. Provision the new signed SK

Incidentally, to deprovision the system, you can just replace the SK with a null key (the library takes care of what that means, so don’t worry about that too much)

 

Anti-Replay protection

Each request to the BIOS has an incremental counter (sometimes refered to as a ‘nonce’) used as anti-replay, which prevents someone getting hold of an older command and replaying it to roll back the state of the system. The library takes care of this automatically by deriving this value from the current system time, but in some cases this model can break down (for example, if clocks of systems in a deployment are out of sync or if multiple payloads are generated within the same second). For more complex scenarios such as these, the library allows for external (user-implemented) counter management, where you are responsible for managing your global counter, and simply tell the library what the current value is.

 

Demo

For our demo, we will first generate the endorsement and signing key pairs. With openSSL, this is fairly easy (though lengthy):

openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com"
openssl pkcs12  -inkey key.pem -in cert.pem -export -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -out kek.pfx -name "HP Secure Platform Key Endorsement Certificate"  -passout pass:test

openssl req -x509 -nodes -newkey rsa:2048 -keyout key.pem -out cert.pem -days 3650 -subj "/C=US/ST=State/L=City/O=Company/OU=Org/CN=www.example.com"
openssl pkcs12 -inkey key.pem -in cert.pem -export -keypbe PBE-SHA1-3DES -certpbe PBE-SHA1-3DES -out sk.pfx -name "HP Secure Platform Signing Key Certificate" -passout pass:test

These commands will create two files of importance here, kek.pfx and sk.pfx. These are the PKCS#12 certificates, protected by the super-secure password "test".

To begin, let's see the status of the platform. Open powershell with admin rights, and run:

PS C:\> Get-HPSecurePlatformState


State             : NotConfigured
Version           : 1.0
Nonce             : 0
FeaturesInUse     : None
EndorsementKeyMod : {0, 0, 0, 0...}
SigningKeyMod     : {0, 0, 0, 0...}

Ok, now, let's apply the SK. We'll use the pipe approach, but as mentioned before, don't do this in production. We first apply the Key Endorsement Key, then we apply the Signing Key. To do this, we use the apropriate New-* function, which generates an opaque payload, then we apply it using the Set-HPSecurePlatformPayload function.

PS C:\>  New-HPSecurePlatformEndorsementKeyProvisioningPayload -EndorsementKeyFile .\kek.pfx -EndorsementKeyPassword test `
             | Set-HPSecurePlatformPayload


PS C:\>  New-HPSecurePlatformSigningKeyProvisioningPayload -EndorsementKeyFile .\kek.pfx -EndorsementKeyPassword test  `
            -SigningKeyFile .\sk.pfx -SigningKeyPassword test  | Set-HPSecurePlatformPayload

What we did here was first provisioned the endorsement key, then the signing key. Note that to provision a signing key, we needed access to the endorsement key.

Okay, checking the status now, we should be nearly provisioned:

PS C:\> Get-HPSecurePlatformState


State             : ProvisioningInProgress
Version           : 1.0
Nonce             : 1581536418
FeaturesInUse     : None
EndorsementKeyMod : {236, 247, 128, 76...}
SigningKeyMod     : {194, 160, 105, 233...}

So what do we have here?

  • The status is ProvisioningInProgress. This will stay like this until the PC is rebooted and the change accepted during POST. At that time, the state will change to Provisioned.
  • Version is 1.0 currently.
  • Nonce is the current nonce, derived from the time the payload was created, since we didn't use our own nonce management
  • FeaturesInUse - there are no features in use currently. We'll talk about HP Sure Recover in a follow up blog post. If Sure Recover was provisioned, it would show up as a feature in use.
  • EndorsementKeyMod - the modulus of the provisioned endorsement key
  • SigningKeyMod - the modulus of the singing key

So this is about it, when working with Secure Platform Management. To view any associated logs, you can use the Get-HPFirmwareAuditLog function. The last thing you may want to do is deprovision. For this, you will need the endorsement key:

PS C:\>  New-HPSecurePlatformDeprovisioningPayload -EndorsementKeyFile .\tests\testdata\nopw\kek.pfx `
-EndorsementKeyPassword test   | Set-HPSecurePlatformPayload

It is good to remember that SPM can also be unprovisioned by accessing BIOS setup (look for the Secure Platform Management option). This is another reason why securing access to your BIOS settings is important.

 

SPM with HPCMSL in the Enterprise

So how would you plug HPCMSL in your enterprise to manage SPM? The solution is meant to be management console agnostic, so whether you use SCCM, Intune, Ivanti, or whatever else, these are the basic steps:

  1.  Install HPCMSL  in a secure location, and place your certificates here.
  2.  Also Install HPCMSL on your managed clients
  3.  In the secure location, use  HPCMSL to generate a secure payload, as described above, using one of the New-* functions.
  4.  Copy this secure payload to your clients via your process of choice. Do not copy your certificates.
  5.  On your clients, apply the payload generated in 3. above, via the Set-HPSecurePlatformPayload function.

 

Where to get more help?

All functions described above are documented on our portal. Additionally, you can get documention "the powershell way" via the "Get-Help <function>" command. If all else fails, feel free to post in our voluneer-supported forums (see the support link at the top of this page).

 

In next installment, we'll talk about HP Sure Recover, which is build on top of HP Secure Platform Management.

 

Image credits Nicholas Githiri, Kiambu, Kenya, via pexels.com

 

Author : txvalp