diff --git a/Attestation Mode.md b/Attestation Mode.md new file mode 100644 index 0000000..73244da --- /dev/null +++ b/Attestation Mode.md @@ -0,0 +1,82 @@ +# Attestation modes in the Guarded Fabric solution +![image](https://user-images.githubusercontent.com/71546848/220191567-78ab163c-00ae-4fcb-90ff-a61840b8f7d6.png) + +The Attestation Service does two things: +1. The Identity Attestation of the host +The Service makes sure if this is the right host to trust. If the Service is using TPM, then it knows the ekPub it is requesting. If the Service is AD based, then the host needs to be part of a trusted AD Host Group. That is the HOST identity validation. +2. Measurements +The Attestation Service validates how the host is booted, whether the host has the right configuration, and if the configuration is trusted. Once both validations pass, then the Attestation Certificate is signed by the attestation signing key. + +Below are the Modes of attestation available in HGS +1. Admin Trusted attestation +2. TPM-trusted attestation (hardware-based) +3. Host key attestation (based on asymmetric key pairs) + +# Admin Trusted attestation +![image](https://user-images.githubusercontent.com/71546848/220190750-ff95b1c2-7ed8-4787-8bd5-84191b6e893c.png) + +Shielded VMs can only be decrypted and started on hosts that Fabric Admin has designated as guarded hosts. +By adding them to a security group you create in Fabric (not HGS) Active Directory Domain Services, you can identify hosts as guarded (AD DS). The forest of the Host Guardian Service and the fabric AD must establish a trust connection. + +AD based attestation uses the group SID and configure that with Attestation service. +The AD attestation is the way to identify servers that will be able to run the Shielded VMs. The security of these servers will have to be based on external processes and solutions provided by the customer. + +![image](https://user-images.githubusercontent.com/71546848/220192682-b8f3058e-2b68-4e3e-bea9-b790e442c012.png) + +Admin-trusted attestation is deprecated beginning with Windows Server 2019. + + +# TPM-trusted attestation (hardware-based) + +![image](https://user-images.githubusercontent.com/71546848/220192830-5b31ea51-fb33-4148-9405-1692f92fdefc.png) + +Host hardware and firmware must include TPM 2.0 and UEFI 2.3.1 with secure boot enabled +Offers the strongest possible protections + +Only hosts that HGS Admin have designated as guarded hosts, and that are running code they have identified as trusted, can start Shielded VMs. +The technologies that help make sure that the hosts are running trusted code are built into the Windows Server operating system, and include Secure Boot, Measured Boot and Code Integrity policies + +Here are some of the measurements that the Attestation Service validates: +Request coming from the EKPub +This is data signed by the TPM, and used to validate that the TPM chip is trusted. +The TCG Log +A set of events that show how the host was booted; once the TCG log is verified to be valid, then a check is done to see if the content matches any known good policies. + +Code Integrity Policy +There is a hash of the CI that gets placed in the TCG log and the Attestation service checks if the hash matches. The CI Policy ensures that you have the right set of drivers running on the Host OS kernel. It also verifies the UEFI parameters, ensures secure boot is enabled, and that no debuggers are attached. Only then does it issue the attestation certificate once the host passes. +Upon Attestation, the host is granted “Attestation Certificate”. +This certificate is used to unlock the VM’s vTPM. + +The Get-Platformidentifier creates an XML file that contains the EKPub for the TPM chip. You take that and configure the attestation service by letting it know that this is a known good and authorized host that is trusted. + +![image](https://user-images.githubusercontent.com/71546848/220194329-34c5df80-ec46-47c4-8126-fe4f8803e761.png) + + +TPM based Attestation Measurements performed/requested by AS + + Authorized List of TPMs (EKpub) + Request is coming from a known trusted host + + TCG Log Integrity Validation + Replay TCG Log to match TPM PCR measurements + + Code Integrity Policy + Ensure host is not running any unknown code + (e.g. malware or debugger) + + Secure Boot + Make sure Secure Boot is enabled + + Unified Extensible Firmware Interface + Validate UEFI secure boot parameters + + +# Host key attestation (based on asymmetric key pairs) + + Intended to support existing host hardware where TPM 2.0 isn't available. Requires fewer configuration steps and is compatible with commonplace server hardware. + + Guarded hosts are approved based on possession of the key. + + Reference: + https://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-create-host-key + diff --git a/HGS LAB Setup.txt b/HGS LAB Setup.txt deleted file mode 100644 index 433b6bb..0000000 --- a/HGS LAB Setup.txt +++ /dev/null @@ -1,19 +0,0 @@ -Step 1: Components required for setting up a Shielded VM environment - -2 HGS Cluster Nodes – (Hgslab.local) -HGS1 – 192.168.1.50 -HGS2 – 192.168.1.51 - -1 DC – Pikachu.Local –192.168.1.1 - -2 Guarded Hosts Cluster -Compute1 – 192.168.1.2 -Compute2 -192.168.1.3 - - - - - - - - diff --git a/HGS.md b/HGS.md new file mode 100644 index 0000000..eeeb59e --- /dev/null +++ b/HGS.md @@ -0,0 +1,29 @@ +# Host Guardian Service (HGS) + +An external authority in a guarded fabric that verifies the health of guarded hosts, and controls the release of keys required to start or live migrate Shielded VMs. + + A way to verify a host is in a healthy state + A process to securely release keys to healthy hosts + +HGS runs on a separate physical machine, typically in three instances. It runs two services: Attestation and Key Protection Service. The Hyper-V host contacts these services to get Attested, and to ask for the transport key to become unlocked. + +Each HGS instance is a multi-instance web app, therefore you can have multiple instances—up to 64 in a single cluster. + +![image](https://user-images.githubusercontent.com/71546848/220195667-80b590b9-a449-4ac1-b11a-a57b290329f4.png) + +Provides below functionalities + +Guarded Hosts Verification + + The service verifies that only trusted fabric hosts that are pre-registered and identified by TPM hardware ID, will be authorized to run Shielded VMs in the fabric Or in the case of Admin-Attestation, that they are authorized hosts. + +Remote Host Attestation + + The service performs attestation for the Guarded hosts in the fabric, to make sure that these hosts booted with the appropriate binaries, and have the right Hyper-V Code Integrity (HVCI) policy applied, It then provides the attested host with an attestation certificate to be used while requesting the Key Protector (KP) for a Shielded VM that needs to be launched + +Key Protection + + A Shielded VM (when using BitLocker) can only be run by a host that is able to decrypt the vTPM of that VM (where the BitLocker key resides) + A Guarded host should present its attestation certificate to request the decryptable Key Protector (KP) from the Key Protection Service (KPS), so that it can decrypt the vTPM. + + diff --git a/HGS_Deploy_Script.md b/HGS_Deploy_Script.md new file mode 100644 index 0000000..f8bfbb9 --- /dev/null +++ b/HGS_Deploy_Script.md @@ -0,0 +1,215 @@ +# Settings up Variables + + $GHostPlainPassword="Welcome@1234" #password to access Guarded nodes Compute1 and Compute2 + $HGSPlainPassword ="Welcome@1234" #password to access HGS cluster nodes. In production environments it should be different + + $SafeModeAdministratorPlainPassword="Welcome@1234" #SafeModePassword for HGS Domain + $HGSDomainName='Hgslab.local' + $HGSServiceName = 'MyHGS' + +#Create creds + + $GHostPassword = ConvertTo-SecureString $GHostPlainPassword -AsPlainText -Force + $HGSPassword = ConvertTo-SecureString $HGSPlainPassword -AsPlainText -Force + + $GHostCreds = New-Object System.Management.Automation.PSCredential ("Pikachu\Administrator", $GHostPassword) + $HGSCreds = New-Object System.Management.Automation.PSCredential ("Administrator", $HGSPassword) + $HGSDomainCreds = New-Object System.Management.Automation.PSCredential ("$HGSDomainName\Administrator", $HGSPassword) + +#wait until machines are up and grab IPs + + do{ + $HGSServerIPs=Invoke-Command -VMName *HGS1, *HGS2 -Credential $HGSCreds -ScriptBlock {(Get-NetIPAddress -InterfaceAlias Ethernet -AddressFamily IPv4).IPAddress} -ErrorAction SilentlyContinue + Start-Sleep 5 + }until ($HGSServerIPs.count -eq 3) + +# Configuring HGS Server + +#Install required HGS feature on HGS VMs + + Invoke-Command -VMName *HGS1,*HGS2 -Credential $HGSCreds -ScriptBlock { + Install-WindowsFeature -Name HostGuardianServiceRole -IncludeManagementTools + } + +#restart VMs + + Restart-VM -VMName *HGS* -Type Reboot -Force -Wait -For HeartBeat + +#Install HGS on first node + + Invoke-Command -VMName *HGS1 -Credential $HGSCreds -scriptblock { + $SafeModeAdministratorPassword = ConvertTo-SecureString -AsPlainText $using:SafeModeAdministratorPlainPassword -Force + Install-HgsServer -HgsDomainName $using:HGSDomainName -SafeModeAdministratorPassword $SafeModeAdministratorPassword #-Restart + } + +#restart HGS1 + + Restart-VM -VMName *HGS1 -Type Reboot -Force -Wait -For HeartBeat + +# Setting up DNS Forwarder + +#Set the DNS forwarder on the fabric DC so other nodes can find the new domain + + Invoke-Command -VMName *DC -Credential $FabricCreds -ScriptBlock { + Add-DnsServerConditionalForwarderZone -Name $using:HGSDomainName -ReplicationScope Forest -MasterServers $using:HgsServerIPs + } + +#wait for DC to be initialized +#Note: Sometimes DC starts for quite some time (Please wait for the Group Policy Client or Applying Computer settings). + + $Result=$null + do { + $Result=Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock { + Get-ADComputer -Filter * -Server HGS1 -ErrorAction SilentlyContinue + Start-Sleep 5 + } + }until($Result) + +#Wait for HGS2 to finish dcpromo + + $Result=$null + do { + $Result=Invoke-Command -VMName *HGS2 -Credential $HGSDomainCreds -ScriptBlock { + Get-ADComputer -Filter * -Server HGS2 + Start-Sleep 5 + } + }until($Result) + + +# Add HGSServer on HGS2 + + Invoke-Command -VMName *HGS2 -Credential $HGSCreds -ScriptBlock { + $SafeModeAdministratorPassword = ConvertTo-SecureString -AsPlainText $using:SafeModeAdministratorPlainPassword -Force + Install-HgsServer -HgsDomainName $using:HGSDomainName -HgsDomainCredential $using:HGSDomainCreds -SafeModeAdministratorPassword $SafeModeAdministratorPassword #-Restart + } + +#restart HGS2 + + Restart-VM -VMName *HGS2 -Type Reboot -Force -Wait -For HeartBeat + +# Creating Certificates for HGS Server + +#you can create CA in Bastion forest https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-obtain-certs#request-certificates-from-your-certificate-authority + +#or just create self signed cert + + Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock { + $certificatePassword = ConvertTo-SecureString -AsPlainText -String "Welcome@1234" -Force + $signCert = New-SelfSignedCertificate -Subject "CN=HGS Signing Certificate" + Export-PfxCertificate -FilePath $env:temp\signCert.pfx -Password $certificatePassword -Cert $signCert + Remove-Item $signCert.PSPath + $encCert = New-SelfSignedCertificate -Subject "CN=HGS Encryption Certificate" + Export-PfxCertificate -FilePath $env:temp\encCert.pfx -Password $certificatePassword -Cert $encCert + Remove-Item $encCert.PSPath + Initialize-HgsServer -HgsServiceName $using:HGSServiceName -SigningCertificatePath "$env:temp\signCert.pfx" -SigningCertificatePassword $certificatePassword -EncryptionCertificatePath "$env:Temp\encCert.pfx" -EncryptionCertificatePassword $certificatePassword -TrustTpm -hgsversion V1 + } + + +# Join HGS2 to the cluster + + Invoke-Command -VMName *HGS2 -Credential $HGSDomainCreds -ScriptBlock { + Initialize-HgsServer -HgsServerIPAddress $using:HGSServerIPs[0] + } + +# Set HGS configuration to support VMs (disable IOMMU requirement) + + Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock { + Disable-HgsAttestationPolicy Hgs_IommuEnabled + } + +# Install HostGuardian Hyper-V Support on compute nodes + + Invoke-Command -VMName *Compute1,*Compute2 -Credential $FabricCreds -ScriptBlock { + Install-WindowsFeature HostGuardian -IncludeManagementTools + } + +#Restart compute nodes + + Restart-VM -VMName *Compute1,*Compute2 -Type Reboot -Force -Wait -For HeartBeat + +#Wait for installation to complete +#Start-Sleep 60 + +#Set registry key to not require IOMMU for VBS in VMs and apply default CI policy +#Also generate attestation artifacts (CI policy, TPM EK, and TPM baseline) +#You should also include https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules + +# Generating attestation artifacts (CI policy, TPM EK, and TPM baseline) + +#grab recommended xml blocklist from GitHub +#[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 + + $content=Invoke-WebRequest -UseBasicParsing -Uri https://raw.githubusercontent.com/MicrosoftDocs/windows-itpro-docs/master/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md + #find start and end + $XMLStart=$content.Content.IndexOf("")+11 # 11 is lenght of string + #create xml + [xml]$XML=$content.Content.Substring($xmlstart,$XMLEnd-$XMLStart) #find XML part + + Invoke-Command -VMName *Compute1, *Compute2 -Credential $FabricCreds -ScriptBlock { + Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard -Name RequirePlatformSecurityFeatures -Value 0 + md C:\attestationdata + $cipolicy = "C:\attestationdata\CI_POLICY_AUDIT.xml" + Copy-Item "$env:SystemRoot\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml" $cipolicy -Force + #add recommended XML blocklist + ($using:XML).Save("$env:TEMP\blocklist.xml") + #add to MyPolicy.xml + $mergedPolicyRules = Merge-CIPolicy -PolicyPaths "$env:TEMP\blocklist.xml",$cipolicy -OutputFilePath $cipolicy + Write-Host ('Merged policy contains {0} rules' -f $mergedPolicyRules.Count) + # For testing, convert the policy to an audit policy to avoid constrained language mode in PS + Set-RuleOption -FilePath $cipolicy -Option 3 + # Allowing a CI policy to be updated without a reboot can allow someone to pass attestation and replace with a bad policy, so we disallow that + Set-RuleOption -FilePath $cipolicy -Option 16 -Delete + ConvertFrom-CIPolicy -XmlFilePath $cipolicy -BinaryFilePath "C:\attestationdata\CI_POLICY_AUDIT.bin" + Copy-Item "C:\attestationdata\CI_POLICY_AUDIT.bin" "$env:SystemRoot\System32\CodeIntegrity\SIPolicy.p7b" -Force + Initialize-Tpm + (Get-PlatformIdentifier -Name $env:COMPUTERNAME).Save("C:\attestationdata\TPM_EK_$env:COMPUTERNAME.xml") + Get-HgsAttestationBaselinePolicy -Path "C:\attestationdata\TPM_Baseline_$env:COMPUTERNAME.xml" -SkipValidation + } + +#Reboot VMs again for setting to take effect + + Restart-VM -Name *Compute1,*Compute2 -Type Reboot -Force -Wait -For HeartBeat + +# Collect attestation artifacts from hosts + + $HGS1Session = New-PSSession -VMName *HGS1 -Credential $HGSDomainCreds + $Compute1Session = New-PSSession -VMName *Compute1 -Credential $FabricCreds + $Compute2Session = New-PSSession -VMName *Compute2 -Credential $FabricCreds + + #Create folder on HGS1 + Invoke-Command -Session $HGS1Session -ScriptBlock { + New-Item -Name AttestationData -Path c:\ -ItemType Directory + } + +#Copy files + + Copy-Item -Path "C:\attestationdata\TPM_EK_COMPUTE1.xml" -Destination $env:Temp -FromSession $Compute1Session + Copy-Item -Path "$env:temp\TPM_EK_COMPUTE1.xml" -Destination C:\attestationdata\ -ToSession $HGS1Session + Copy-Item -Path "C:\attestationdata\TPM_EK_COMPUTE2.xml" -Destination $env:Temp -FromSession $Compute2Session + Copy-Item -Path "$env:temp\TPM_EK_COMPUTE2.xml" -Destination C:\attestationdata\ -ToSession $HGS1Session + Copy-Item -Path "C:\attestationdata\TPM_Baseline_COMPUTE1.xml" -Destination $env:Temp -FromSession $Compute1Session + Copy-Item -Path "$env:temp\TPM_Baseline_COMPUTE1.xml" -Destination C:\attestationdata\ -ToSession $HGS1Session + Copy-Item -Path "C:\attestationdata\CI_POLICY_AUDIT.bin" -Destination $env:Temp -FromSession $Compute1Session + Copy-Item -Path "$env:temp\CI_POLICY_AUDIT.bin" -Destination C:\attestationdata\ -ToSession $HGS1Session + + +# Import the attestation policies on HGS + + Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock { + # Every individual EK needs to be added + Add-HgsAttestationTpmHost -Path C:\attestationdata\TPM_EK_COMPUTE1.xml -Force + Add-HgsAttestationTpmHost -Path C:\attestationdata\TPM_EK_Compute2.xml -Force + +# But only one copy of the baseline and CI policy, since they should be identical on both hosts + + Add-HgsAttestationTpmPolicy -Path C:\attestationdata\TPM_Baseline_COMPUTE1.xml -Name "Hyper-V TPM Baseline" + Add-HgsAttestationCIPolicy -Path C:\attestationdata\CI_POLICY_AUDIT.bin -Name "AllowMicrosoft-AUDIT-CI" + } + +# Now, have the hosts try to attest + + Invoke-Command -VMName *Compute1, *Compute2 -Credential $GHostCreds -ScriptBlock { + Set-HgsClientConfiguration -AttestationServerUrl "http://$using:HGSServiceName.$using:HGSDomainName/Attestation" -KeyProtectionServerUrl "http://$using:HGSServiceName.$using:HGSDomainName/KeyProtection" + } + diff --git a/Introduction.md b/Introduction.md new file mode 100644 index 0000000..77e0c83 --- /dev/null +++ b/Introduction.md @@ -0,0 +1,24 @@ +# Introduction + +With the evolution of servers to virtual environments, this brings new challenges in trying to protect the datacenter environment. + +The virtualization fabric bring new items to be considered when planning for a security strategy: +1. Administrators have the “keys to the kingdom”, and in the case of sensitive workloads such as Domain Controllers, virtualization admins can access the secrets inside virtual machines. A compromised fabric administrator can be a malicious administrator or an administrative account that was compromised by an attacker. +2. A virtual machine is really just a file and virtual disks, that can be copied to a USB stick or a laptop and then be mounted in another environment. +3. In the past, to protect a server or a sensitive workload, we use to put these servers in a highly secured physical environment that only allowed people would be able to access and have physical access to the assets. In the case of a virtual machine, anyone who have access to the virtualization host will have access to the virtual machine source files, which bring us back to the first statement. +4. In the last few years, great new capabilities came up such as TPM chips, Secure Boot, UEFI 2.0 and others. The problem is that these features are tied to hardware capabilities that are not exposed to virtual machines. + + + +![image](https://user-images.githubusercontent.com/71546848/220169455-70f0eab6-660c-4407-bda6-94d78ab24a59.png) + +What do these attacks have in common? +1. Stolen admin credentials +2. Phishing attacks +3. Pass-the-hash (PtH) attacks +4. Insider attacks +5. Fabric attacks + +![image](https://user-images.githubusercontent.com/71546848/220170897-dbcd87d0-367c-45f9-89ae-3bb5900c8f69.png) + + diff --git a/Key Protection Service.md b/Key Protection Service.md new file mode 100644 index 0000000..a5e905c --- /dev/null +++ b/Key Protection Service.md @@ -0,0 +1,16 @@ +# Key Protection Service + +Validate Host’s “Attestation Certificate” + + Validates and uses attestation health certificate to authorize key release + +Key Protection Service (KPS) + + KPS rolls the transport key in order to provide forward secrecy + +Bring Your Own Key (Optional) + + Enables per Tenant encryption & signing keys, typically backed by HSM (hardware security module) + Tenants work with the Hoster Security Admin(s) to provision HSM with Tenant keys + +![image](https://user-images.githubusercontent.com/71546848/220197247-fd129afa-5262-49fe-a6e0-7b20a6e1adbd.png) diff --git a/README.md b/README.md new file mode 100644 index 0000000..781b5d5 --- /dev/null +++ b/README.md @@ -0,0 +1,39 @@ + +![image](https://user-images.githubusercontent.com/71546848/220188905-94ac29c5-193b-4858-a1eb-72f7330f91cb.png) + + +HGS Setup + +![image](https://user-images.githubusercontent.com/71546848/220174431-a432637c-7733-4fad-82b3-c5a3c59439fe.png) + +LAB requirement for setting up HGS cluster and Shielded VM + +2 HGS Cluster Nodes – (Hgslab.local) + + HGS1 – 192.168.1.50 + HGS2 – 192.168.1.51 + 1 DC – Pikachu.Local –192.168.1.1 + +2 Guarded Hosts Cluster + + Compute1 – 192.168.1.2 + Compute2 -192.168.1.3 + + +# Summary + +Sections are broken out as follows: + + 1. Overview + 2. Threats + 3. Introducing SVMs + 4. Security & Assurance + 5. Security Principles & Roles + +Shielded VM Technologies + + 1. Shielded VM Overview + 2. Host Guardian Service + 3. Attestation Service + 4. Key Protection Service + 5. Guarded Host diff --git a/Shielded VM.md b/Shielded VM.md new file mode 100644 index 0000000..f16c6d8 --- /dev/null +++ b/Shielded VM.md @@ -0,0 +1,29 @@ +# Shielded VMs +The data and state of a shielded VM are protected against inspection, theft and tampering from malware and datacenter administrators both at rest as well as in flight. + + +Encryption and data at-rest/in-flight protection + + a. Virtual TPM (vTPM) enables the use of disk encryption within a VM (e.g. BitLocker). + b. Both Live Migration and VM-state are encrypted. + +Admin-lockout + + a. Host administrators cannot access guest VM secrets (e.g. can’t see disks, video, etc.) + b. Allows you to Block unauthorized applications, malware, and debuggers from running. + c. Host administrators cannot run arbitrary kernel-mode code on host. + +Note: User mode code can be blocked with an appropriately configured CI policy, and we don't want to block all kernel-mode code, just foreign code that isn’t authorized to run there. + +Attestation of health + + a. VM-workloads can only run on “healthy” hosts +![image](https://user-images.githubusercontent.com/71546848/220190199-ea577d5e-774d-4306-a76f-685ec01a65e8.png) + + +Virtual Machine Types + +![image](https://user-images.githubusercontent.com/71546848/220190132-b813879c-b3ed-4b9b-8542-94c530aea6f8.png) + + + diff --git a/Step 1 - HGS Server Deployment/HGS_Server_Deployment.md b/Step 1 - HGS Server Deployment/HGS_Server_Deployment.md new file mode 100644 index 0000000..e15e05d --- /dev/null +++ b/Step 1 - HGS Server Deployment/HGS_Server_Deployment.md @@ -0,0 +1,41 @@ +# HGS_Server_Deployment + +First we will setup the HGS Server + +# Prerequisites + +Hardware: HGS can be run on physical or virtual machines, but physical machines are recommended. + +If you want to run HGS as a three-node physical cluster (for availability), you must have three physical servers. (As a best practice for clustering, the three servers should have very similar hardware.) + +Operating system: Host key attestation requires Windows Server 2019 Standard or Datacenter edition operating with v2 attestation. For TPM-based attestation, HGS can run Windows Server 2019 or Windows Server 2016, Standard or Datacenter edition. + +Server Roles: Host Guardian Service and supporting server roles. + +Configuration permissions/privileges for the fabric (host) domain: You will need to configure DNS forwarding between the fabric (host) domain and the HGS domain. + +# Steps +Enable Host Guardian Service role by opening windows PowerShell in a elevated mode and run the following command. + + Install-WindowsFeature -Name HostGuardianServiceRole -IncludeManagementTools -Restart + +Install HGS Domain in its own forest by running the below command. + + $SafeModeAdministratorPassword= ConvertTo-SecureString -AsPlainText '' -Force + Note : Replace with HGS machine password. + + Install-HgsServer -HgsDomainName ‘HGSLab.Local' -SafeModeAdministratorPassword $SafeModeAdministratorPassword -Restart + + Note : Replace ‘HGSLab.local’ with a FQDN of your choice. + +After machine reboot, log in with the domain account with the same password which you have used for the local account. + +#Installing HGS Server will promote the HGS Server as Domain controller with the domain name provided with HgsDomainName switch. + +# We can install HGS on second node by following below commands. + +$SafeModeAdministratorPassword= ConvertTo-SecureString -AsPlainText '' -Force +Note : Replace with HGS machine password. + + Install-HgsServer -HgsDomainName ‘HGSLab.Local' -SafeModeAdministratorPassword $SafeModeAdministratorPassword -Restart + diff --git a/Step 1 - HGS Server Deployment/Part 1- Install HGS on first Node .rar b/Step 1 - HGS Server Deployment/Part 1- Install HGS on first Node .rar new file mode 100644 index 0000000..a48c143 Binary files /dev/null and b/Step 1 - HGS Server Deployment/Part 1- Install HGS on first Node .rar differ diff --git a/Step 1 - HGS Server Deployment/Part 2- Install HGS on second node.zip b/Step 1 - HGS Server Deployment/Part 2- Install HGS on second node.zip new file mode 100644 index 0000000..d45f8ad Binary files /dev/null and b/Step 1 - HGS Server Deployment/Part 2- Install HGS on second node.zip differ diff --git a/Step 2 - Initialize HGS Node/Initializing HGS Node.md b/Step 2 - Initialize HGS Node/Initializing HGS Node.md new file mode 100644 index 0000000..f0563e5 --- /dev/null +++ b/Step 2 - Initialize HGS Node/Initializing HGS Node.md @@ -0,0 +1,44 @@ +# Initializing HGS Cluster and Generating Certificates + +For initializing HGS Node, administrator need to have a valid SSL certificate. For a lab environment, we can use self-signed certificate. But for production use, has to purchase SSL certificate from digital certificate Vendors. +#you can create CA in Bastion forest https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-obtain-certs#request-certificates-from-your-certificate-authority + +# Generating Self sign Certificates +$CertificatePassword = ConvertTo-SecureString -AsPlainText '' -Force +Note : Replace with HGS machine password. +$certificatePassword = ConvertTo-SecureString -AsPlainText -String "Password@123" -Force + +$signCert = New-SelfSignedCertificate -Subject "CN=HGS Signing Certificate" +Export-PfxCertificate -FilePath $env:temp\signCert.pfx -Password $certificatePassword -Cert $signCert + +Remove-Item $signCert.PSPath + +$encCert = New-SelfSignedCertificate -Subject "CN=HGS Encryption Certificate" +Export-PfxCertificate -FilePath $env:temp\encCert.pfx -Password $certificatePassword -Cert $encCert + +Remove-Item $encCert.PSPath + +# Initializing the HGS Server + +Initialize-HgsServer -HgsServiceName ‘MyHGS’ -SigningCertificatePath "C:\signCert.pfx" -SigningCertificatePassword $certificatePassword -EncryptionCertificatePath " C:\encCert.pfx" -EncryptionCertificatePassword $certificatePassword -TrustTpm -hgsversion V1 + +We can add the second node in + +Initialize-HgsServer -HgsServerIPAddress 192.168.1.50 + + +# Set the DNS forwarder on the Guarded Domain DC so Compute nodes can find the new domain +https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-configuring-fabric-dns + +Add-DnsServerConditionalForwarderZone -Name HGSLab.local -ReplicationScope Forest -MasterServers 192.168.1.50 + +Here Guarded domain fqdn is HGSLab.local with IP 192.168.1.50 + +To add the HGSLab.local to the trusted group, run the below command. + +netdom trust HGSLab.local /domain: Pikachu.local /userD: Pikachu.local\Administrator /passwordD: /add + +Note : Replace “” with appropriate credential details. + +That’s it, you all done with HGS Server configuration. + diff --git a/Step 2 - Initialize HGS Node/Part 3 - Genrating certificates and Initialization of HGS Server.zip b/Step 2 - Initialize HGS Node/Part 3 - Genrating certificates and Initialization of HGS Server.zip new file mode 100644 index 0000000..fbedc61 Binary files /dev/null and b/Step 2 - Initialize HGS Node/Part 3 - Genrating certificates and Initialization of HGS Server.zip differ diff --git a/Step 2 - Initialize HGS Node/Part 4 - Adding Second node to HGS cluster.zip b/Step 2 - Initialize HGS Node/Part 4 - Adding Second node to HGS cluster.zip new file mode 100644 index 0000000..06edc66 Binary files /dev/null and b/Step 2 - Initialize HGS Node/Part 4 - Adding Second node to HGS cluster.zip differ diff --git a/Step 3 - Setting up guarded hosts/Configuring guarded Host .md b/Step 3 - Setting up guarded hosts/Configuring guarded Host .md new file mode 100644 index 0000000..7ba11a9 --- /dev/null +++ b/Step 3 - Setting up guarded hosts/Configuring guarded Host .md @@ -0,0 +1,57 @@ +# Setting up Guarded Host with TPM attestation +Guarded hosts using TPM mode must meet the following prerequisites: + + Hardware: One host is required for initial deployment. To test Hyper-V live migration for shielded VMs, you must have at least two hosts. + Hosts must have: + IOMMU and Second Level Address Translation (SLAT) + TPM 2.0 + UEFI 2.3.1 or later + Configured to boot using UEFI (not BIOS or "legacy" mode) + Secure boot enabled + Operating system: Windows Server 2016 Datacenter edition or later + +Important +Make sure you install the latest cumulative update. +Role and features: Hyper-V role and the Host Guardian Hyper-V Support feature. The Host Guardian Hyper-V Support feature is only available on Datacenter editions of Windows Server. + +* Add the Guarded Host into Pikachu.Local domain. + +Install Host Guardian Feature on Guarded Hosts by using below Powershell. + Install-WindowsFeature HostGuardian -IncludeManagementTools + +* Also generate attestation artifacts (CI policy, TPM EK, and TPM baseline) + +TPM mode uses a TPM identifier (also called a platform identifier or endorsement key [EKpub]) to begin determining whether a particular host is authorized as "guarded." This mode of attestation uses Secure Boot and code integrity measurements to ensure that a given Hyper-V host is in a healthy state and is running only trusted code. In order for attestation to understand what is and is not healthy, you must capture the following artifacts: +* TPM identifier (EKpub) - +This information is unique to each Hyper-V host +* TPM baseline (boot measurements) - +This is applicable to all Hyper-V hosts that run on the same class of hardware +* Code integrity policy (an allowlist of allowed binaries) - +This is applicable to all Hyper-V hosts that share common hardware and software + +It is recommended to capture the baseline and CI policy from a "reference host" that is representative of each unique class of Hyper-V hardware configuration within your datacenter. Beginning with Windows Server version 1709, sample CI policies are included at C:\Windows\schemas\CodeIntegrity\ExamplePolicies. +https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-tpm-trusted-attestation-capturing-hardware + +Endorsement key for each guarded host needs to be added on HGS Sever, But only one copy of the baseline and CI policy, since they should be identical on both hosts + +Add-HgsAttestationTpmHost -Path C:\attestationdata\TPM_EK_COMPUTE1.xml -Force + +Add-HgsAttestationTpmHost -Path C:\attestationdata\TPM_EK_Compute2.xml -Force + +Add TPM Baseline of a Guarded Host on HGS Server + +Add-HgsAttestationTpmPolicy -Path C:\attestationdata\TPM_Baseline_COMPUTE1.xml -Name "Hyper-V TPM Baseline1" + +Add CI Policy of Guarded Host on HGS Server + +Add-HgsAttestationCIPolicy -Path C:\attestationdata\CI_POLICY_AUDIT.bin -Name "AllowMicrosoft-AUDIT-CI1" + +Once added we can check the host configuration by running below command. + +Get-HgsClientConfiguration + +![Hgsclientconfig](https://user-images.githubusercontent.com/71546848/179978085-7fa77b0e-2b68-4d71-99f1-4960b4bb237f.jpg) + + + +Get-HgsTrace -RunDiagnostics -Detailed diff --git a/Step 3 - Setting up guarded hosts/Part 5 - Install Host guardian on Compute nodes.zip b/Step 3 - Setting up guarded hosts/Part 5 - Install Host guardian on Compute nodes.zip new file mode 100644 index 0000000..527eace Binary files /dev/null and b/Step 3 - Setting up guarded hosts/Part 5 - Install Host guardian on Compute nodes.zip differ diff --git a/Step 4 - Configuring a vTPM enabled VM/Configuring a vTPM enabled VM.md b/Step 4 - Configuring a vTPM enabled VM/Configuring a vTPM enabled VM.md new file mode 100644 index 0000000..98922b8 --- /dev/null +++ b/Step 4 - Configuring a vTPM enabled VM/Configuring a vTPM enabled VM.md @@ -0,0 +1,46 @@ +# Configuring a vTPM enabled VM + +A vTPM is a software-based representation of a physical Trusted Platform Module 2.0 chip. A vTPM acts as any other virtual device. You can add a vTPM to a virtual machine in the same way you add virtual CPUs, memory, disk controllers, or network controllers. A vTPM does not require a hardware Trusted Platform Module chip. + +If you have a guarded Host and you don't want to use Shielded VM but you need TPM on Virtual Machine then you need to make sure you are running as Local Mode on Guarded Host. +We can switch the mode to Local by using below command. + +Set-HGSClientConfiguration -EnableLocalMode + +We can check the current client configuration of guarded host by running below command, + +Get-HgsClientConfiguration + +![image](https://user-images.githubusercontent.com/71546848/180092639-7f3538b6-e6e4-4289-99c7-e2c68a4d42f3.png) + + +We can switch from Local mode to HGS mode by running below command, + +Set-HgsClientConfiguration -AttestationServerUrl "http://Myhgs.Hgslab.local/Attestation" -KeyProtectionServerUrl "http://Myhgs.Hgslab.local/keyProtection" + +![image](https://user-images.githubusercontent.com/71546848/180093166-1485c8e3-f6ba-45fd-9bf2-0709911a9de0.png) + + +When we will enable the vTPM on Virtual Machine it will generate two certificates in certificate store under "Shielded VM Local Certificates" + +We can run below commands to enable vTPM on Virtual machine. + + $vm = get-vm -name “VM5" + + Set-VMKeyProtector -VMName “Vm5" -NewLocalKeyProtector + + Enable-VMTPM -VM $vm + + Get-VMSecurity $vm + +Each VM will have its own key protector associated with the Signing and Encryption certificate stored in certificate store. + +![image](https://user-images.githubusercontent.com/71546848/180095327-5ab681cf-8ec1-476c-aa78-abd125629a1c.png) + +After enabling vTPM on Virtual Machine we can check the VM security and find that TPM is enabled. + +![image](https://user-images.githubusercontent.com/71546848/180092150-7a74c27e-a814-4ed6-b7b8-e2bcde009794.png) + +We can check TPM status inside Vm by running Get-TPM command. + +![image](https://user-images.githubusercontent.com/71546848/180091217-944e10ec-3e79-42ee-93d0-94131807acea.png) diff --git a/Step 4 - Configuring a vTPM enabled VM/Enable vTMP GUI.zip b/Step 4 - Configuring a vTPM enabled VM/Enable vTMP GUI.zip new file mode 100644 index 0000000..b9b4e4b Binary files /dev/null and b/Step 4 - Configuring a vTPM enabled VM/Enable vTMP GUI.zip differ diff --git a/Step 5 - Live Migration of vTPM enabled VM/Live Migration of vTPM enabled VM.7z b/Step 5 - Live Migration of vTPM enabled VM/Live Migration of vTPM enabled VM.7z new file mode 100644 index 0000000..b8dfdb6 Binary files /dev/null and b/Step 5 - Live Migration of vTPM enabled VM/Live Migration of vTPM enabled VM.7z differ diff --git a/Step 5 - Live Migration of vTPM enabled VM/Live Migration of vTPM enabled VM.md b/Step 5 - Live Migration of vTPM enabled VM/Live Migration of vTPM enabled VM.md new file mode 100644 index 0000000..1730158 --- /dev/null +++ b/Step 5 - Live Migration of vTPM enabled VM/Live Migration of vTPM enabled VM.md @@ -0,0 +1,38 @@ +# Live Migration of vTPM enabled VM + +When we enable the vTPM on any virtual machine it will create a Key Protector for that VM and that Key protector will be bound with 2 certificates (Signing and Encryption) saved in “Shielded VM Local Certificates”. + +![image](https://user-images.githubusercontent.com/71546848/180096652-946d695f-2a9d-466c-b5ef-7c4963a92671.png) + +If these certificates are missing from the destination Host then VM will fail to Live migrate. + +# We can see below errors + +Live migration of 'Virtual Machine 'VMname**' failed. + +Virtual machine migration operation for ''VMname**'’ failed at migration destination 'HostName-**'. (Virtual machine ID ) +The version of the device 'Microsoft Virtual TPM Device' of the virtual machine 'VMname**' is not compatible with device on physical computer 'HostName-**'. (Virtual machine ID ) +The key protector for the virtual machine '' could not be unwrapped. HostGuardianService returned: One or more arguments are invalid (0x80070057) . Details are included in the HostGuardianService-Client event log. (Virtual machine ID ) +![image](https://user-images.githubusercontent.com/71546848/180097420-a59650bc-22ef-4c74-968a-d831bf523bcb.png) + +![image](https://user-images.githubusercontent.com/71546848/180097457-85a5eea2-0e65-4515-8eb9-1e0b3ad4ad15.png) + +# Resolution + +Export the Signing and Encryption certificate with private Key from “Shielded VM Local Certificates” folder from the Hyper-V host where we have created the VM with vTPM feature on the destination server. + +Command to export Encryption Certificate: +certutil -exportPFX -p "L@m12345" "Shielded VM Local Certificates" 46b405de4ca798804fa40354c6502f1b c:\temp\VMEncryption.pfx + +Command to export Signing Certificate: +certutil -exportPFX -p "L@m12345" "Shielded VM Local Certificates" 268797c8cbc6c49f4ce2a0e5075efacc c:\temp\VMSigning.pfx + +Import both the Signing and Encryption certificate on the Host where you want the VM to be migrated. + +C:\certs>certutil -importPFX "Shielded VM Local Certificates" "C:\Certs\ankit-VMEncryption.pfx" + +It will ask for password, enter L@m12345 and this will import the certificates. + +If the certificates are present on the server, then VM will search for its key protector and VM will find the protector and it will boot up without any issue. + + diff --git a/Troubleshooting Guides/Prerequisites-- Iommu disable.zip b/Troubleshooting Guides/Prerequisites-- Iommu disable.zip new file mode 100644 index 0000000..c518906 Binary files /dev/null and b/Troubleshooting Guides/Prerequisites-- Iommu disable.zip differ diff --git a/Troubleshooting Guides/insecurehost.zip b/Troubleshooting Guides/insecurehost.zip new file mode 100644 index 0000000..cf513e6 Binary files /dev/null and b/Troubleshooting Guides/insecurehost.zip differ