Question on BitLokcer

ynomura · Aug 1, 2006, 08:50 PM

I have a question on BitLocker encyption process.

tpm_seal function is called inside TPM. It takes hashed value of PCR as an input and returns Blob.

tpm_seal(PCR_value1) => Blob_1
Blob_1 is stored on a hard drive not TPM (*According to “BitLocker drive Encryption-Glossary”)
When Unsealing, tpm_unseal function is called inside TPM. It then takes Blob_1 from the hard drive as an input and returns another PCR value, say, PCR_value2.

tpm_unseal(Blob_1) => PCR_value2.
PCR_value1 and PCR_value2 are compared and if they match, TPM unseal the VMK.
The unsealed VMK is then used to decrypt FVEK.

Here is my question.

First, where is Blob_1 stored on a hard disk? I assume somewhere in a boot volume. What is the file name? It cannot be stored in system volue like C:, because at this stage C: is still encrypted.

Second, VMK is well sealed inside TPM, but FVEK is stored on a hard drive not TPM (according to “BitLocker Drive Encryption Hardware Enhanced Data Protection” in WinHEC2005). Why and where is FVEK stored on a hard drive.
If FVMK is encrypted by VMK and stored in a system volume such as C: drive, how VMK gets an access to the encrypted FVMK. Because FVMK is the one that encrypts C: drive. How can FVMK decrypt C: drive even before being decrypted by VMK?

None of those white papers in Microsoft mentions about the detail on this process.

Does anyone know the answer?

Yoshi

H3X4D3C1M4L · Aug 3, 2006, 10:54 PM

For question 1 I assume blob is stored where the NT password hashes are, in the registry or possibly even somewhere in the file table (not $MFT, perhaps $SecurityDescriptors)

Second question looks like a riddle

ynomura · Aug 4, 2006, 09:02 PM

Thanks. But the blob is used by TPM before unlocking the C: drive or operating sytem volume. It means the blob must be in an unecrypted volume such as boot volume. As you know, we need to create 2 volumes to turn on BitLocker, one is boot volume which contains boot information. The other one is for operating system itself such as C: drive. The first one is not encrypted. It is natural. Because the volume has to store the hashed values such as blobs.

I am very confused right now. Any comment is welcome. Please someone help me!

H3X4D3C1M4L · Aug 6, 2006, 06:39 AM

If the boot volume is NTFS that theory could still hold, if its in the metadata... it could also be a derrived key from something used to temporarily grant access to the blob file... like say a value based on the system timer seed... that way no rogue program can get it but the O/S could.

Aug 1, 2006, 08:50 PM	#1
ynomura DriverHeaven Newbie Join Date: Jul 2006 Posts: 2 Rep Power: 0	Question on BitLokcer I have a question on BitLocker encyption process. tpm_seal function is called inside TPM. It takes hashed value of PCR as an input and returns Blob. tpm_seal(PCR_value1) => Blob_1 Blob_1 is stored on a hard drive not TPM (According to “BitLocker drive Encryption-Glossary”) When Unsealing, tpm_unseal function is called inside TPM. It then takes Blob_1 from the hard drive as an input and returns another PCR value, say, PCR_value2. tpm_unseal(Blob_1) => PCR_value2. PCR_value1 and PCR_value2 are compared and if they match, TPM unseal the VMK. The unsealed VMK is then used to decrypt FVEK. Here is my question. First, where is Blob_1 stored on a hard disk? I assume somewhere in a boot volume. What is the file name? It cannot be stored in system volue like C:, because at this stage C: is still encrypted. Second, VMK is well sealed inside TPM, but FVEK is stored on a hard drive not TPM (according to “BitLocker Drive Encryption Hardware Enhanced Data Protection” in WinHEC2005). Why and where is FVEK stored on a hard drive. If FVMK is encrypted by VMK and stored in a system volume such as C: drive, how VMK gets an access to the encrypted FVMK. Because FVMK is the one that encrypts C: drive. How can FVMK decrypt C: drive even before being decrypted by VMK? None of those white papers in Microsoft mentions about the detail on this process. Does anyone know the answer? Yoshi Last edited by ynomura; Aug 2, 2006 at 06:29 PM.*

Aug 3, 2006, 10:54 PM	#2
H3X4D3C1M4L DriverHeaven Extreme Member Join Date: May 2005 Posts: 6,794 Rep Power: 0	For question 1 I assume blob is stored where the NT password hashes are, in the registry or possibly even somewhere in the file table (not $MFT, perhaps $SecurityDescriptors) Second question looks like a riddle

Aug 4, 2006, 09:02 PM	Thread Starter #3
ynomura DriverHeaven Newbie Join Date: Jul 2006 Posts: 2 Rep Power: 0	Thanks. But the blob is used by TPM before unlocking the C: drive or operating sytem volume. It means the blob must be in an unecrypted volume such as boot volume. As you know, we need to create 2 volumes to turn on BitLocker, one is boot volume which contains boot information. The other one is for operating system itself such as C: drive. The first one is not encrypted. It is natural. Because the volume has to store the hashed values such as blobs. I am very confused right now. Any comment is welcome. Please someone help me!

Aug 6, 2006, 06:39 AM	#4
H3X4D3C1M4L DriverHeaven Extreme Member Join Date: May 2005 Posts: 6,794 Rep Power: 0	If the boot volume is NTFS that theory could still hold, if its in the metadata... it could also be a derrived key from something used to temporarily grant access to the blob file... like say a value based on the system timer seed... that way no rogue program can get it but the O/S could.