Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3278236imu; Sun, 11 Nov 2018 11:21:57 -0800 (PST) X-Google-Smtp-Source: AJdET5cMmsPAKy9taz1jQwpzcLMkfgPYtkQPDnR2+Ik4mLmIgIWYMf+nb1qwonwULRzXaF9dtk+E X-Received: by 2002:a62:39d2:: with SMTP id u79-v6mr17487055pfj.116.1541964117594; Sun, 11 Nov 2018 11:21:57 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541964117; cv=none; d=google.com; s=arc-20160816; b=bVUqLFF2aCmCvJaQFAUi2UZHdWylnxqg2JsIx4wiy71iksOp2bVMRl3M0MitfsxviR ISvu6Zx5iH3tLhL2IkaV2m6jtUYusYRrwUW/FTgpLFCKck3E3PavbdT8nv9slY8tjxJ7 017OZdeqZU+w1uAm1Uc98UyO/G3mw6dtV1E6LO/AcVQTMywgBmjsFni8HprvmuHdDuJh QkI7g6mEVAiuhY2ei9GTGen6MJW5h7jqv4wz44AO1dRBdbiAYlo7pfsishRIS1qme4ak EPMpBNA8oCAvaD9LrgN0s75+p4hOtoDZgQ70CeLSmYzefruhiTVo+qpa71X3snpm1G+A w61g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=3rRMoyHTQKQ6FulqB4CpUi7FQ/aPUDkmNpVsQxd3Uyc=; b=YtMcakFZf7tLuQNnjJotk+vK0LUl/5cHX6yU0XMcVOHkuFE9Ayx6/hr4ge/tL4B9tJ XAjAtGMLp/53cwJOSmZ2noedQFfl6KR5yWTm57qCJgPxSTtwUvRA5zgdckrvDHkWzgW2 LXmJ3dDN5zXoBEcx3t3LIHDiQQxLyPsm2gbm2VcZI9RHfarJAKm9H8A4Y7WCklKAGTub AH/3nS3MF+XU9BVJ+DzeRJlikjKCu4sDT/7EEWIHJS6iqxPrxCHS3snaaRNV8+97Tue7 TogZMimpKJbJenHjZqSh64iuKnLhC+23XkmGO5rRM98bClMF3/bmQlK1mqjxv0x9sqLw u2gw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=cAv9ybLw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a28si15966402pgl.530.2018.11.11.11.21.43; Sun, 11 Nov 2018 11:21:57 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=cAv9ybLw; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726204AbeKLFKK (ORCPT + 99 others); Mon, 12 Nov 2018 00:10:10 -0500 Received: from mail-oi1-f194.google.com ([209.85.167.194]:38274 "EHLO mail-oi1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725725AbeKLFKJ (ORCPT ); Mon, 12 Nov 2018 00:10:09 -0500 Received: by mail-oi1-f194.google.com with SMTP id v83-v6so5498989oia.5 for ; Sun, 11 Nov 2018 11:20:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=3rRMoyHTQKQ6FulqB4CpUi7FQ/aPUDkmNpVsQxd3Uyc=; b=cAv9ybLw1115nCrneA/GN1e8yDuYWKm0ZGsO8eiNS35b6tA2Q/suLOMPND/g9OOOzt SogV2vIVQ+w+IKXG2nHg7Ej2GwZNDt+11Andv8yXC+PtQkTQYTO1sWfMRUHdiVdv96uO jU/2PHKcIxPbmmthZMrVdqGMWSyMe0aKmkw3RmjsvU8T4Ky1GpErhuU1XxlZlfPEoAMi kv7e/wVKAYe8YiheE9U0XGnVrwgUOJ/LixMRJnk32vcb85qas6PMEahImTdua+pIl6io i4d/DH/ka6YidXA+ar1IFBa+PBERKt0mBJ9+IfgCqT1ilRFMTs1WDIIJJdT7pW+3doPi CfLg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=3rRMoyHTQKQ6FulqB4CpUi7FQ/aPUDkmNpVsQxd3Uyc=; b=sjNVnUGSWeUri2EAX43OHhv/sLwYYjQOpbLuQrP/1DF6tnj4s4DaLtVMf42ODTXIgw wqTVFUFr3sA+defuXeektsmlZLBCCPswsoLjQ0ehGvSLCAxGOJYpaADibGr2oTw4Ljry U7Iqnc/T6n3CEkx1T9ux475VOD4PJvEcqq31n0ytBLrcXTqPydGPt3W1NVzMXfo+HUl7 9h9P27Tt0czG3IT0wOhjrZaRmQmfuOhwAPfqlgERocvx1E2PEgTA/wMpqje6f1YMq4zH hU7gDNhac5e7d/5xVVwqiHIalbuJ4fKFG1Z4+F6fa3s9R++ZNxuvclkIEqb7j2NoDIe5 kgVQ== X-Gm-Message-State: AGRZ1gKublZ99+Y9/VRveT5t/DZpgE8qVOZu+NvV6NoksNX2wjJ4Ohka 87SybWIHeZ7xCa0qjww2UF1gyLJkQnL3mqyiO2Eqhg== X-Received: by 2002:aca:e691:: with SMTP id d139-v6mr9049451oih.232.1541964046479; Sun, 11 Nov 2018 11:20:46 -0800 (PST) MIME-Version: 1.0 References: <154180093865.70506.6858789591063128903.stgit@djiang5-desk3.ch.intel.com> <154180163666.70506.8805433934495072699.stgit@djiang5-desk3.ch.intel.com> <1541957268.3734.53.camel@linux.ibm.com> In-Reply-To: <1541957268.3734.53.camel@linux.ibm.com> From: Dan Williams Date: Sun, 11 Nov 2018 11:20:34 -0800 Message-ID: Subject: Re: [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys to encrypted keys To: zohar@linux.ibm.com Cc: Dave Jiang , Mimi Zohar , linux-nvdimm , Linux Kernel Mailing List , keyrings@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org [ add keyrings and lkml ] On Sun, Nov 11, 2018 at 9:28 AM Mimi Zohar wrote: > > On Fri, 2018-11-09 at 15:13 -0700, Dave Jiang wrote: > > In order to make nvdimm more secure, encrypted keys will be used instead of > > clear text keys. A master key will be created to seal encrypted nvdimm > > keys. The master key can be a trusted key generated from TPM 2.0 or a less > > secure user key. > > Trusted keys also work for TPM 1.2. Are you intentionally limiting > the master key to TPM 2.0? TPM 1.2 is supported from a software perspective, however the intersection of hardware platforms deploying security enabled NVDIMMs and TPM 1.2 might be a null set. > Traditionally there is a single master key for the system, which would > be sealed to a set of boot time PCR values. After decrypting all of > the encrypted keys, the master key would be removed from the keyring > and a PCR extended. Extending a PCR would prevent the master key from > being unsealed again and used to decrypt encrypted keys, without > rebooting the system. Normally this would be done before pivoting > root. > > If you're not referring to the system master key and are intentionally > limiting usage to TPM 2.0, more details on the master key security > requirements should be included. Oh, interesting point. I think we had been assuming a local + unsealed-at-runtime nvdimm master key rather than a system-wide master key. Yes, we need to rethink this in terms of supporting a sealed system-key. This would seem to limit security actions, outside of unlock, to always requiring a reboot. I.e. the nominal case is that we boot up and unlock the DIMMs, but any subsequent security operation like erase, or change-passphrase would require rebooting into an environment where the system-master key is unsealed. I do think re-provisioning keys and erasing DIMM contents are sufficiently exceptional events that a reboot requirement is tolerable. Is there already existing tooling around this to be able to schedule master-key related actions to be deferred to an initrd environment? > Using trusted keys that are encrypted/decrypted using a user key > should really be limited to testing environments. Makes sense. > > > > In the process of this conversion, the kernel cached key will be removed > > in order to simplify the verification process. The hardware will be used to > > verify the decrypted user payload directly. > > Making this sort of change implies there is no concern in breaking > existing userspace. Either the code hasn't yet been upstreamed or > there are not any users. If the code hasn't been upstreamed, it would > make more sense to squash the git history: > > - making code review easier > - making the git history bisect safe Yes, the old scheme is not upstream. I'll do the squash once we've finalized the key-management details. Thanks for the help Mimi.