Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1756096Ab3I3SKQ (ORCPT <rfc822;w@1wt.eu>);
	Mon, 30 Sep 2013 14:10:16 -0400
Received: from quartz.orcorp.ca ([184.70.90.242]:53973 "EHLO quartz.orcorp.ca"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1755761Ab3I3SKO (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
	Mon, 30 Sep 2013 14:10:14 -0400
Date: Mon, 30 Sep 2013 12:10:05 -0600
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: tpmdd-devel@lists.sourceforge.net,
        Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>,
        linux-kernel@vger.kernel.org, Rajiv Andrade <mail@srajiv.net>,
        Sirrix AG <tpmdd@sirrix.com>
Subject: Re: [tpmdd-devel] [PATCH 09/13] tpm: Pull everything related to
 sysfs into tpm-sysfs.c
Message-ID: <20130930181005.GG28898@obsidianresearch.com>
References: <1379960083-8942-1-git-send-email-jgunthorpe@obsidianresearch.com>
 <1379960083-8942-10-git-send-email-jgunthorpe@obsidianresearch.com>
 <52408E5D.4020904@tycho.nsa.gov>
 <20130923193633.GA9194@obsidianresearch.com>
 <5240A2A3.4040102@tycho.nsa.gov>
 <20130923204232.GB16345@obsidianresearch.com>
 <5240BA0E.3000304@tycho.nsa.gov>
 <20130923222324.GA9533@obsidianresearch.com>
 <5241A199.1080505@tycho.nsa.gov>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <5241A199.1080505@tycho.nsa.gov>
User-Agent: Mutt/1.5.21 (2010-09-15)
X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.161
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 4117
Lines: 89

On Tue, Sep 24, 2013 at 10:28:41AM -0400, Daniel De Graaf wrote:
> On 09/23/2013 06:23 PM, Jason Gunthorpe wrote:
> >On Mon, Sep 23, 2013 at 06:00:46PM -0400, Daniel De Graaf wrote:
> >
> >>In a PC client TPM, normal OS code (as opposed to firmware or microcode)
> >>is already restricted to locality 0-2. It may make sense to restrict
> >>locality 2 to the kernel, which would allow an in-kernel TPM seal
> >>command to be able to bind data so that userspace cannot unseal it.
> >>However, only allowing localities 0 and 1 to userspace may be too
> >>restrictive if userspace also wishes to use locality for separation,
> >>since locality 1 does not have the ability to reset any PCRs that
> >>locality 0 cannot also reset.
> >>The kernel could reserve only locality 1 for its own use, giving it the
> >>ability to seal data but not interfering with the ability to reset PCRs.
> >>This would be my preference, although it is less intuitive to allow code
> >>of lower privilege (userspace) to control the higher numbered locality
> >>2.
> >
> >This matches my vague understanding (we don't use localities here)
> >
> >>>Perhaps a .config option would be useful to allow the system designer to
> >>>choose what, if any, locality to reserve for kernel use?
> >
> >A runtime sysfs seems reasonable..
> 
> Allowing a userspace application to change which locality is kernel- and
> userspace-only will eliminate the primary benefit of having a locality
> restricted to the kernel. 

Right, I was sort of thinking these sysfs files would be write-once or
trapped doored to prevent going backwards (like how secure level
worked). Ideally the write would be in the initramfs, which is part of
the PCR computation, so it should have the same properties as CONFIG_?

I think using CONFIG_ options would make this feature unavaiable to
distro kernel users...

> At least "supported_localities" should be generated by the driver if it
> is generated at all. There are a few different proposals for handling
> localities over 4 in virtual TPMs; one is that locality numbers between
> 32-255 would be permitted and 5-31 made non-addressable. While this
> would work with a bitmask, I'm not sure that is the best solution.

Hmm, a 256 bit wide mask isn't impossible, not sure what other
options are good. Do you think userspace needs to know what localities
are valid or is an ioctl scan sufficient?

> Perhaps:
> 	default_locality - default to CONFIG_USER_DEFAULT_LOCALITY
> 		sysfs node permissions 0644
> 	kernel_locality - default to #CONFIG_KERNEL_DEFAULT_LOCALITY
> 		0444 if CONFIG_KERNEL_ONLY_LOCALITY=y
> 		0644 if CONFIG_KERNEL_ONLY_LOCALITY=n
> 	ioctl TPM_{GET,SET}_LOCALITY on an open /dev/tpmX
> 
> If CONFIG_KERNEL_ONLY_LOCALITY=y, the userspace locality is not
> permitted to be equal to kernel_locality (but may take any other valid
> value).  Drivers may reject locality values that they consider invalid
> (the default should be to only allow 0-4, which is all that is defined
> in the spec) or may fail on attempted use of the TPM by passing down an
> error from the hardware - I would expect the latter to be the case on
> attempts to use locality 4 in the tpm_tis driver.

Seems resonable, CONFIG_KERNEL_ONLY_LOCALITY could be
CONFIG_TPM_ONE_TIME_LOCALITY (eg you get to set kernel_locality only
once)

> The only one I see immediately is seal/unseal (security/keys/trusted.c).
> The invocation of the seal command would need to be changed to seal the
> trusted keys to the kernel-only locality in order to take advantage of
> the increased protection provided by a kernel-only locality.

Right

> >Do you know anyone on the userspace SW side who could look at this?

> I should be able to find someone.

Okay, let me know. I'd like to get a few more clean ups done before
mucking with the sysfs, but the way forward for locality looks pretty
clear..

Thanks,
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/