Ankit branch

Attestation Mode.md

@@ -0,0 +1,82 @@
+# Attestation modes in the Guarded Fabric solution
+![image](https://user-images.githubusercontent.com/71546848/220191567-78ab163c-00ae-4fcb-90ff-a61840b8f7d6.png)
+
+The Attestation Service does two things:
+1. The Identity Attestation of the host 
+The Service makes sure if this is the right host to trust. If the Service is using TPM, then it knows the ekPub it is requesting. If the Service is AD based, then the host needs to be part of a trusted AD Host Group. That is the HOST identity validation.
+2. Measurements
+The Attestation Service validates how the host is booted, whether the host has the right configuration, and if the configuration is trusted. Once both validations pass, then the Attestation Certificate is signed by the attestation signing key.
+
+Below are the Modes of attestation available in HGS
+1. Admin Trusted attestation
+2. TPM-trusted attestation (hardware-based)
+3. Host key attestation (based on asymmetric key pairs)
+
+# Admin Trusted attestation
+![image](https://user-images.githubusercontent.com/71546848/220190750-ff95b1c2-7ed8-4787-8bd5-84191b6e893c.png)
+
+Shielded VMs can only be decrypted and started on hosts that Fabric Admin has designated as guarded hosts.
+By adding them to a security group you create in Fabric (not HGS) Active Directory Domain Services, you can identify hosts as guarded (AD DS). The forest of the Host Guardian Service and the fabric AD must establish a trust connection.
+
+AD based attestation uses the group SID and configure that with Attestation service.
+The AD attestation is the way to identify servers that will be able to run the Shielded VMs. The security of these servers will have to be based on external processes and solutions provided by the customer.
+
+![image](https://user-images.githubusercontent.com/71546848/220192682-b8f3058e-2b68-4e3e-bea9-b790e442c012.png)
+
+Admin-trusted attestation is deprecated beginning with Windows Server 2019.
+
+
+# TPM-trusted attestation (hardware-based)
+
+![image](https://user-images.githubusercontent.com/71546848/220192830-5b31ea51-fb33-4148-9405-1692f92fdefc.png)
+
+Host hardware and firmware must include TPM 2.0 and UEFI 2.3.1 with secure boot enabled
+Offers the strongest possible protections 
+
+Only hosts that HGS Admin have designated as guarded hosts, and that are running code they have identified as trusted, can start Shielded VMs.
+The technologies that help make sure that the hosts are running trusted code are built into the Windows Server operating system, and include Secure Boot, Measured Boot and Code Integrity policies
+
+Here are some of the measurements that the Attestation Service validates: 
+Request coming from the EKPub
+This is data signed by the TPM, and used to validate that the TPM chip is trusted.
+The TCG Log 
+A set of events that show how the host was booted; once the TCG log is verified to be valid, then a check is done to see if the content matches any known good policies.
+
+Code Integrity Policy
+There is a hash of the CI that gets placed in the TCG log and the Attestation service checks if the hash matches. The CI Policy ensures that you have the right set of drivers running on the Host OS kernel. It also verifies the UEFI parameters, ensures secure boot is enabled, and that no debuggers are attached. Only then does it issue the attestation certificate once the host passes.
+Upon Attestation, the host is granted “Attestation Certificate”.
+This certificate is used to unlock the VM’s vTPM.
+
+The Get-Platformidentifier creates an XML file that contains the EKPub for the TPM chip. You take that and configure the attestation service by letting it know that this is a known good and authorized host that is trusted.
+
+![image](https://user-images.githubusercontent.com/71546848/220194329-34c5df80-ec46-47c4-8126-fe4f8803e761.png)
+
+
+TPM based Attestation Measurements performed/requested by AS
+
+    Authorized List of TPMs (EKpub)
+    Request is coming from a known trusted host
+
+    TCG Log Integrity Validation
+    Replay TCG Log to match TPM PCR measurements
+
+    Code Integrity Policy
+    Ensure host is not running any unknown code
+    (e.g. malware or debugger)
+
+    Secure Boot
+    Make sure Secure Boot is enabled
+
+    Unified Extensible Firmware Interface
+    Validate UEFI secure boot parameters
+
+
+# Host key attestation (based on asymmetric key pairs)
+
+ Intended to support existing host hardware where TPM 2.0 isn't available. Requires fewer configuration steps and is compatible with commonplace server hardware.
+
+ Guarded hosts are approved based on possession of the key.
+
+ Reference:
+ https://learn.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-create-host-key
+

HGS.md

@@ -0,0 +1,29 @@
+# Host Guardian Service (HGS)
+
+An external authority in a guarded fabric that verifies the health of guarded hosts, and controls the release of keys required to start or live migrate Shielded VMs.
+
+    A way to verify a host is in a healthy state
+    A process to securely release keys to healthy hosts
+
+HGS runs on a separate physical machine, typically in three instances. It runs two services: Attestation and Key Protection Service. The Hyper-V host contacts these services to get Attested, and to ask for the transport key to become unlocked.
+
+Each HGS instance is a multi-instance web app, therefore you can have multiple instances—up to 64 in a single cluster.
+
+![image](https://user-images.githubusercontent.com/71546848/220195667-80b590b9-a449-4ac1-b11a-a57b290329f4.png)
+
+Provides below functionalities
+
+Guarded Hosts Verification
+
+    The service verifies that only trusted fabric hosts that are pre-registered and identified by TPM hardware ID, will be authorized to run Shielded VMs in the fabric Or in the case of Admin-Attestation, that they are authorized hosts.
+
+Remote Host Attestation
+
+    The service performs attestation for the Guarded hosts in the fabric, to make sure that these hosts booted with the appropriate binaries, and have the right Hyper-V Code Integrity (HVCI) policy applied, It then provides the attested host with an attestation certificate to be used while requesting the Key Protector (KP) for a Shielded VM that needs to be launched
+
+Key Protection
+
+    A Shielded VM (when using BitLocker) can only be run by a host that is able to decrypt the vTPM of that VM (where the BitLocker key resides)
+    A Guarded host should present its attestation certificate to request the decryptable Key Protector (KP) from the Key Protection Service (KPS), so that it can decrypt the vTPM.
+
+

HGS_Deploy_Script.md

@@ -0,0 +1,215 @@
+# Settings up Variables    
+
+    $GHostPlainPassword="Welcome@1234" #password to access Guarded nodes Compute1 and Compute2
+    $HGSPlainPassword   ="Welcome@1234" #password to access HGS cluster nodes. In production environments it should be different
+
+    $SafeModeAdministratorPlainPassword="Welcome@1234" #SafeModePassword for HGS Domain
+    $HGSDomainName='Hgslab.local'
+    $HGSServiceName = 'MyHGS'
+
+#Create creds
+
+    $GHostPassword = ConvertTo-SecureString $GHostPlainPassword -AsPlainText -Force
+    $HGSPassword = ConvertTo-SecureString $HGSPlainPassword -AsPlainText -Force
+
+    $GHostCreds = New-Object System.Management.Automation.PSCredential ("Pikachu\Administrator", $GHostPassword)
+    $HGSCreds = New-Object System.Management.Automation.PSCredential ("Administrator", $HGSPassword)
+    $HGSDomainCreds = New-Object System.Management.Automation.PSCredential ("$HGSDomainName\Administrator", $HGSPassword)
+
+#wait until machines are up and grab IPs
+
+    do{
+        $HGSServerIPs=Invoke-Command -VMName *HGS1, *HGS2 -Credential $HGSCreds -ScriptBlock {(Get-NetIPAddress -InterfaceAlias Ethernet -AddressFamily     IPv4).IPAddress} -ErrorAction SilentlyContinue
+        Start-Sleep 5
+    }until ($HGSServerIPs.count -eq 3)
+
+# Configuring HGS Server
+
+#Install required HGS feature on HGS VMs
+
+    Invoke-Command -VMName *HGS1,*HGS2 -Credential $HGSCreds -ScriptBlock {
+        Install-WindowsFeature -Name HostGuardianServiceRole -IncludeManagementTools
+    }
+
+#restart VMs
+
+    Restart-VM -VMName *HGS* -Type Reboot -Force -Wait -For HeartBeat
+
+#Install HGS on first node
+
+    Invoke-Command -VMName *HGS1 -Credential $HGSCreds -scriptblock {
+        $SafeModeAdministratorPassword = ConvertTo-SecureString -AsPlainText $using:SafeModeAdministratorPlainPassword -Force
+        Install-HgsServer -HgsDomainName $using:HGSDomainName -SafeModeAdministratorPassword $SafeModeAdministratorPassword #-Restart
+    }
+
+#restart HGS1
+
+    Restart-VM -VMName *HGS1 -Type Reboot -Force -Wait -For HeartBeat
+
+# Setting up DNS Forwarder
+
+#Set the DNS forwarder on the fabric DC so other nodes can find the new domain
+
+    Invoke-Command -VMName *DC -Credential $FabricCreds -ScriptBlock {
+        Add-DnsServerConditionalForwarderZone -Name $using:HGSDomainName -ReplicationScope Forest -MasterServers $using:HgsServerIPs
+    }
+
+#wait for DC to be initialized
+#Note: Sometimes DC starts for quite some time (Please wait for the Group Policy Client or Applying Computer settings).
+
+    $Result=$null
+    do {
+        $Result=Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock {
+            Get-ADComputer -Filter * -Server HGS1 -ErrorAction SilentlyContinue
+            Start-Sleep 5
+        }
+    }until($Result)
+
+#Wait for HGS2 to finish dcpromo
+
+    $Result=$null
+    do {
+        $Result=Invoke-Command -VMName *HGS2 -Credential $HGSDomainCreds -ScriptBlock {
+            Get-ADComputer -Filter * -Server HGS2
+            Start-Sleep 5
+        }
+    }until($Result)
+
+
+# Add HGSServer on HGS2 
+
+    Invoke-Command -VMName *HGS2 -Credential $HGSCreds -ScriptBlock {
+        $SafeModeAdministratorPassword = ConvertTo-SecureString -AsPlainText $using:SafeModeAdministratorPlainPassword -Force
+        Install-HgsServer -HgsDomainName $using:HGSDomainName -HgsDomainCredential $using:HGSDomainCreds -SafeModeAdministratorPassword $SafeModeAdministratorPassword #-Restart
+    }
+
+#restart HGS2 
+
+    Restart-VM -VMName *HGS2 -Type Reboot -Force -Wait -For HeartBeat
+
+# Creating Certificates for HGS Server
+
+#you can create CA in Bastion forest https://docs.microsoft.com/en-us/windows-server/security/guarded-fabric-shielded-vm/guarded-fabric-obtain-certs#request-certificates-from-your-certificate-authority
+
+#or just create self signed cert
+
+    Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock {
+    $certificatePassword = ConvertTo-SecureString -AsPlainText -String "Welcome@1234" -Force
+    $signCert = New-SelfSignedCertificate -Subject "CN=HGS Signing Certificate"
+    Export-PfxCertificate -FilePath $env:temp\signCert.pfx -Password $certificatePassword -Cert $signCert
+    Remove-Item $signCert.PSPath
+    $encCert = New-SelfSignedCertificate -Subject "CN=HGS Encryption Certificate"
+    Export-PfxCertificate -FilePath $env:temp\encCert.pfx -Password $certificatePassword -Cert $encCert
+    Remove-Item $encCert.PSPath
+    Initialize-HgsServer -HgsServiceName $using:HGSServiceName -SigningCertificatePath "$env:temp\signCert.pfx" -SigningCertificatePassword $certificatePassword -EncryptionCertificatePath "$env:Temp\encCert.pfx" -EncryptionCertificatePassword $certificatePassword -TrustTpm -hgsversion V1
+    }
+
+
+# Join HGS2 to the cluster
+
+    Invoke-Command -VMName *HGS2 -Credential $HGSDomainCreds -ScriptBlock {
+        Initialize-HgsServer -HgsServerIPAddress $using:HGSServerIPs[0]
+    }
+
+# Set HGS configuration to support VMs (disable IOMMU requirement)
+
+    Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock {
+        Disable-HgsAttestationPolicy Hgs_IommuEnabled
+    }
+
+# Install HostGuardian Hyper-V Support on compute nodes
+
+    Invoke-Command -VMName *Compute1,*Compute2 -Credential $FabricCreds -ScriptBlock {
+        Install-WindowsFeature HostGuardian -IncludeManagementTools
+    }
+
+#Restart compute nodes
+
+    Restart-VM -VMName *Compute1,*Compute2 -Type Reboot -Force -Wait -For HeartBeat
+
+#Wait for installation to complete
+#Start-Sleep 60
+
+#Set registry key to not require IOMMU for VBS in VMs and apply default CI policy
+#Also generate attestation artifacts (CI policy, TPM EK, and TPM baseline)
+#You should also include https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules
+
+# Generating attestation artifacts (CI policy, TPM EK, and TPM baseline)
+
+#grab recommended xml blocklist from GitHub
+#[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12
+
+    $content=Invoke-WebRequest -UseBasicParsing -Uri https://raw.githubusercontent.com/MicrosoftDocs/windows-itpro-docs/master/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+    #find start and end
+    $XMLStart=$content.Content.IndexOf("<?xml version=")
+    $XMLEnd=$content.Content.IndexOf("</SiPolicy>")+11 # 11 is lenght of string
+    #create xml
+    [xml]$XML=$content.Content.Substring($xmlstart,$XMLEnd-$XMLStart) #find XML part
+
+    Invoke-Command -VMName *Compute1, *Compute2 -Credential $FabricCreds -ScriptBlock {
+        Set-ItemProperty -Path HKLM:\SYSTEM\CurrentControlSet\Control\DeviceGuard -Name RequirePlatformSecurityFeatures -Value 0
+        md C:\attestationdata
+        $cipolicy = "C:\attestationdata\CI_POLICY_AUDIT.xml"
+        Copy-Item "$env:SystemRoot\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml" $cipolicy -Force
+        #add recommended XML blocklist
+        ($using:XML).Save("$env:TEMP\blocklist.xml")
+        #add to MyPolicy.xml
+        $mergedPolicyRules = Merge-CIPolicy -PolicyPaths "$env:TEMP\blocklist.xml",$cipolicy -OutputFilePath $cipolicy
+        Write-Host ('Merged policy contains {0} rules' -f $mergedPolicyRules.Count)
+        # For testing, convert the policy to an audit policy to avoid constrained language mode in PS
+        Set-RuleOption -FilePath $cipolicy -Option 3
+        # Allowing a CI policy to be updated without a reboot can allow someone to pass attestation and replace with a bad policy, so we disallow that
+        Set-RuleOption -FilePath $cipolicy -Option 16 -Delete
+        ConvertFrom-CIPolicy -XmlFilePath $cipolicy -BinaryFilePath "C:\attestationdata\CI_POLICY_AUDIT.bin"
+        Copy-Item "C:\attestationdata\CI_POLICY_AUDIT.bin" "$env:SystemRoot\System32\CodeIntegrity\SIPolicy.p7b" -Force
+        Initialize-Tpm
+        (Get-PlatformIdentifier -Name $env:COMPUTERNAME).Save("C:\attestationdata\TPM_EK_$env:COMPUTERNAME.xml")
+        Get-HgsAttestationBaselinePolicy -Path "C:\attestationdata\TPM_Baseline_$env:COMPUTERNAME.xml" -SkipValidation
+    }
+
+#Reboot VMs again for setting to take effect
+
+    Restart-VM -Name *Compute1,*Compute2 -Type Reboot -Force -Wait -For HeartBeat
+
+# Collect attestation artifacts from hosts
+
+    $HGS1Session = New-PSSession -VMName *HGS1 -Credential $HGSDomainCreds
+    $Compute1Session = New-PSSession -VMName *Compute1 -Credential $FabricCreds
+    $Compute2Session = New-PSSession -VMName *Compute2 -Credential $FabricCreds
+
+    #Create folder on HGS1
+    Invoke-Command -Session $HGS1Session -ScriptBlock {
+        New-Item -Name AttestationData -Path c:\ -ItemType Directory
+    }
+
+#Copy files
+
+        Copy-Item -Path "C:\attestationdata\TPM_EK_COMPUTE1.xml" -Destination $env:Temp -FromSession $Compute1Session
+        Copy-Item -Path "$env:temp\TPM_EK_COMPUTE1.xml" -Destination C:\attestationdata\ -ToSession $HGS1Session
+        Copy-Item -Path "C:\attestationdata\TPM_EK_COMPUTE2.xml" -Destination $env:Temp -FromSession $Compute2Session
+        Copy-Item -Path "$env:temp\TPM_EK_COMPUTE2.xml" -Destination C:\attestationdata\ -ToSession $HGS1Session
+        Copy-Item -Path "C:\attestationdata\TPM_Baseline_COMPUTE1.xml" -Destination $env:Temp -FromSession $Compute1Session
+        Copy-Item -Path "$env:temp\TPM_Baseline_COMPUTE1.xml" -Destination C:\attestationdata\ -ToSession $HGS1Session
+        Copy-Item -Path "C:\attestationdata\CI_POLICY_AUDIT.bin" -Destination $env:Temp -FromSession $Compute1Session
+        Copy-Item -Path "$env:temp\CI_POLICY_AUDIT.bin" -Destination C:\attestationdata\ -ToSession $HGS1Session
+
+
+# Import the attestation policies on HGS
+
+    Invoke-Command -VMName *HGS1 -Credential $HGSDomainCreds -ScriptBlock {
+        # Every individual EK needs to be added
+        Add-HgsAttestationTpmHost -Path C:\attestationdata\TPM_EK_COMPUTE1.xml -Force
+        Add-HgsAttestationTpmHost -Path C:\attestationdata\TPM_EK_Compute2.xml -Force
+
+# But only one copy of the baseline and CI policy, since they should be identical on both hosts
+
+    Add-HgsAttestationTpmPolicy -Path C:\attestationdata\TPM_Baseline_COMPUTE1.xml -Name "Hyper-V TPM Baseline"
+    Add-HgsAttestationCIPolicy -Path C:\attestationdata\CI_POLICY_AUDIT.bin -Name "AllowMicrosoft-AUDIT-CI"
+    }
+
+# Now, have the hosts try to attest
+
+    Invoke-Command -VMName *Compute1, *Compute2 -Credential $GHostCreds -ScriptBlock {
+    Set-HgsClientConfiguration -AttestationServerUrl "http://$using:HGSServiceName.$using:HGSDomainName/Attestation" -KeyProtectionServerUrl    "http://$using:HGSServiceName.$using:HGSDomainName/KeyProtection"
+    }
+

Introduction.md

@@ -0,0 +1,24 @@
+# Introduction
+
+With the evolution of servers to virtual environments, this brings new challenges in trying to protect the datacenter environment.
+
+The virtualization fabric bring new items to be considered when planning for a security strategy:
+1.  Administrators have the “keys to the kingdom”, and in the case of sensitive workloads such as Domain Controllers, virtualization admins can access the secrets inside virtual machines. A compromised fabric administrator can be a malicious administrator or an administrative account that was compromised by an attacker.
+2.  A virtual machine is really just a file and virtual disks, that can be copied to a USB stick or a laptop and then be mounted in another environment. 
+3.  In the past, to protect a server or a sensitive workload, we use to put these servers in a highly secured physical environment that only allowed people would be able to access and have physical access to the assets. In the case of a virtual machine, anyone who have access to the virtualization host will have access to the virtual machine source files, which bring us back to the first statement.
+4.  In the last few years, great new capabilities came up such as TPM chips, Secure Boot, UEFI 2.0 and others. The problem is that these features are tied to hardware capabilities that are not exposed to virtual machines.
+
+
+
+![image](https://user-images.githubusercontent.com/71546848/220169455-70f0eab6-660c-4407-bda6-94d78ab24a59.png)
+
+What do these attacks have in common?
+1. Stolen admin credentials
+2. Phishing attacks
+3. Pass-the-hash (PtH) attacks
+4. Insider attacks
+5. Fabric attacks
+
+![image](https://user-images.githubusercontent.com/71546848/220170897-dbcd87d0-367c-45f9-89ae-3bb5900c8f69.png)
+
+

Key Protection Service.md

@@ -0,0 +1,16 @@
+# Key Protection Service 
+
+Validate Host’s “Attestation Certificate”
+
+    Validates and uses attestation health certificate to authorize key release
+
+Key Protection Service (KPS)
+
+    KPS rolls the transport key in order to provide forward secrecy
+
+Bring Your Own Key (Optional)
+
+    Enables per Tenant encryption & signing keys, typically backed by HSM (hardware security module)
+    Tenants work with the Hoster Security Admin(s) to provision HSM with Tenant keys
+
+![image](https://user-images.githubusercontent.com/71546848/220197247-fd129afa-5262-49fe-a6e0-7b20a6e1adbd.png)