Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4225993imu; Mon, 12 Nov 2018 07:43:23 -0800 (PST) X-Google-Smtp-Source: AJdET5dp6HbgAR/rSnlv6hRWIS8jNzCJWQr9YssLtDOJA5lMajoeCfrBcOHrZqUFgcBjBt+Dp7GG X-Received: by 2002:a63:2bc9:: with SMTP id r192mr1280390pgr.172.1542037403468; Mon, 12 Nov 2018 07:43:23 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1542037403; cv=none; d=google.com; s=arc-20160816; b=0QT++vU0ii1SiSBd3VUc1COmSbkETJY/4ZM6yRAI9GwskvotWzp9DnMMGNx2ivA8hv 7cZHxDPwEdZHOSvpGUF6Dm2vXrawRMyAXr+ev0HRJwOlGUDdVFGzay3judkxpX67ufYg sgIF1ezHcqrOO8cUeXuo1dTiXFx5GGuPZJ2js4hBH3+tkrfLb3HYMttJ7IZlmu3ppWIF agBS8FEteAd+ICOr+GNG8THK3YsIXP94bOgLMC9ohnO2ZRVnQjFhvZdLB79GVkl3dXL3 JKHI+Zo13V53EnY2N6t8ykbP33JPRC8pBcm9k8CKdcQF5U7qUEGwdrRNhd1aw1bUgDRZ djpA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=KDRT/ST55v1dX79OwSk8VBZA91/pgFk2thqqCflA0uI=; b=C66UVo5KpMj6myxV4HswaiB1oL8C+JDvtCRsKaQ4l2qN6Q9vtV58xjU/Dt7TFOfgiH 9EqN7CgpTLxWTttDH2Q7ucPou2KGAS5irJOPP/jk7qf2H+ewOAgL6q7XbPs+yQhEpFkU 1XPu0N8Z+T7U+N0vYIfqujfr94XC8HMC/W2IurG+LQCv49pThcOX/qKTorAu1E9y5b1H nFa59lgrTxlkWhGK3SOndaewv6PwQQXwxmKbnKcNK9+0TpRc9PUSGs+CXDgZTSem6vM9 dyfk6Gnf0cHB4c/OuuRmHpJfDobpGyhZ8fw0QK5zP59hKII/XEkDEf1rRVvJgKHw0M96 nC4w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g5-v6si16351012pgi.596.2018.11.12.07.43.05; Mon, 12 Nov 2018 07:43:23 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729372AbeKMBgb (ORCPT + 99 others); Mon, 12 Nov 2018 20:36:31 -0500 Received: from mga02.intel.com ([134.134.136.20]:33994 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726981AbeKMBgb (ORCPT ); Mon, 12 Nov 2018 20:36:31 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from fmsmga004.fm.intel.com ([10.253.24.48]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Nov 2018 07:42:44 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.54,495,1534834800"; d="scan'208";a="105573925" Received: from djiang5-mobl2.amr.corp.intel.com (HELO [10.254.53.21]) ([10.254.53.21]) by fmsmga004.fm.intel.com with ESMTP; 12 Nov 2018 07:42:44 -0800 Subject: Re: [PATCH 02/11] libnvdimm/security: change clear text nvdimm keys to encrypted keys To: Mimi Zohar , Dan Williams Cc: Mimi Zohar , linux-nvdimm , Linux Kernel Mailing List , keyrings@vger.kernel.org References: <154180093865.70506.6858789591063128903.stgit@djiang5-desk3.ch.intel.com> <154180163666.70506.8805433934495072699.stgit@djiang5-desk3.ch.intel.com> <1541957268.3734.53.camel@linux.ibm.com> <1541966975.3734.78.camel@linux.ibm.com> From: Dave Jiang Message-ID: Date: Mon, 12 Nov 2018 08:42:43 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.0 MIME-Version: 1.0 In-Reply-To: <1541966975.3734.78.camel@linux.ibm.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 11/11/2018 1:09 PM, Mimi Zohar wrote: >>> Traditionally there is a single master key for the system, which would >>> be sealed to a set of boot time PCR values. After decrypting all of >>> the encrypted keys, the master key would be removed from the keyring >>> and a PCR extended. Extending a PCR would prevent the master key from >>> being unsealed again and used to decrypt encrypted keys, without >>> rebooting the system. Normally this would be done before pivoting >>> root. >>> >>> If you're not referring to the system master key and are intentionally >>> limiting usage to TPM 2.0, more details on the master key security >>> requirements should be included. >> Oh, interesting point. I think we had been assuming a local + >> unsealed-at-runtime nvdimm master key rather than a system-wide master >> key. Yes, we need to rethink this in terms of supporting a sealed >> system-key. This would seem to limit security actions, outside of >> unlock, to always requiring a reboot. I.e. the nominal case is that we >> boot up and unlock the DIMMs, but any subsequent security operation >> like erase, or change-passphrase would require rebooting into an >> environment where the system-master key is unsealed. I do think >> re-provisioning keys and erasing DIMM contents are sufficiently >> exceptional events that a reboot requirement is tolerable. >> Is there already existing tooling around this to be able to schedule >> master-key related actions to be deferred to an initrd environment? > There's the original dracut support for loading a masterkey, which is > used by the EVM and ecryptfs dracut modules.  After the last usage, > the masterkey needs to be removed from the keyring. How does one generate new encrypted keys with the system masterkey removed from the keyring? > > Different people over the years have wanted to add support for > calculating the boot time expected PCRs values in order to reseal keys > (trusted key update), but I haven't looked to see if there are any > open source tools available. > > Mimi >