Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp991830imu; Fri, 11 Jan 2019 12:52:27 -0800 (PST) X-Google-Smtp-Source: ALg8bN48H7LDsQ1N4zQTKu4rIIZq4rL5RZ1FvJ+OdXFVbw3OaGfvc/59lPF81NYpiQ6TIiMTBIGe X-Received: by 2002:a17:902:7e0d:: with SMTP id b13mr16340339plm.154.1547239947463; Fri, 11 Jan 2019 12:52:27 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547239947; cv=none; d=google.com; s=arc-20160816; b=iSsqT41FrMpaFO8ncC+YcsPkc3GtziBKtU/XZZPqJvG9cIkW8xid9Zuoma58YIm/DB ItXQicmzjyShg2Iq9iuDDRvk4H1LPdGf05spAYb9xbk6J4IjCoyLTosGmTM7RG+fzs/j TV3UjPdSsRcXF8U9L0kjwPZJsIs2Q3jOjlPArrbvQpQdwteoL3f3aCEyvmPajemq8hHC HB0YIZnbj5DVB24yiVTWdf45GaSkriT7qvBuZjl9Z2PDgmR5emghbcOfAcM6zP5faja4 NhkcrWtVzpfThdjLfXW5fk1Uxmn4eUuMj4Aok4AFpRlsrp0a7x9hToUEItJKEpT6rYrp /+2Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=dJeXOifjCFvAvoPZ0RwBgYFikzSVtGWCEyo1/7wQdt8=; b=H2i1g1gzt7gf5tIWm2RJwJy9Cp0kBK9MAH56tVFz0Z9WiKvcqR04GgP9WsJuF34Pst iftzOt5JtvXHa548HMTq64tflZNK6tXpaVqAZdYjoBZKx74lOYE++TY9RykBfCzHvpg4 YY1RUzBudnbzQaXdHJa291brzuEOtO29B2uarFpBruy1Kl7lnCnxiXvYVVex78C88UJM dM55bh/MzsIId+bSw5sppmkt05CNvlE5umwbbruUOfWA2t1Jjee35qKDxMMXmjQLLvJG zTeACw9djogbCfjg1eOBjUMbRFmA8PPguDc2hjlM2If/oQdhWPOSnF46SsI6qqz9X/cD LmOg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k6si20861085pgr.500.2019.01.11.12.52.12; Fri, 11 Jan 2019 12:52:27 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732994AbfAKQEX (ORCPT + 99 others); Fri, 11 Jan 2019 11:04:23 -0500 Received: from mga02.intel.com ([134.134.136.20]:24559 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729359AbfAKQEX (ORCPT ); Fri, 11 Jan 2019 11:04:23 -0500 X-Amp-Result: UNSCANNABLE X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by orsmga101.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 11 Jan 2019 08:04:22 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,466,1539673200"; d="scan'208";a="125175893" Received: from gandrejc-mobl1.ger.corp.intel.com (HELO localhost) ([10.249.254.144]) by FMSMGA003.fm.intel.com with ESMTP; 11 Jan 2019 08:04:14 -0800 Date: Fri, 11 Jan 2019 18:04:13 +0200 From: Jarkko Sakkinen To: Andy Lutomirski Cc: James Bottomley , Stephan Mueller , Herbert Xu , "Lee, Chun-Yi" , "Rafael J . Wysocki" , Pavel Machek , LKML , linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Message-ID: <20190111160413.GB12093@linux.intel.com> References: <20190103143227.9138-1-jlee@suse.com> <4499700.LRS4F2YjjC@tauon.chronox.de> <20190108050358.llsox32hggn2jioe@gondor.apana.org.au> <1565399.7ulKdI1fm5@tauon.chronox.de> <1546994671.6077.10.camel@HansenPartnership.com> <1547016579.2789.17.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 09, 2019 at 10:34:42AM -0800, Andy Lutomirski wrote: > I suppose I should go read the 2.0 spec. I’ve read the 1.2 spec, but I > always assumed that 2.0 was essentially a superset of 1.2 > functionality. They are essentially different protocols. No real compatibility. > Can the kernel filter TPM 2.0 operations? If so, then a signature > that the kernel would have prevented user code from generating is de > facto an attestation that the kernel generated it (or that the kernel > was compromised, which is sort of equivalent). You shoud look into TPM resource manager that I implemented with great work from James on session swapping and see how far it scales what you have in mind. It is currently exposed only to the user space but could be easily made an in-kernel API. Side-topic: right now the TPM driver can be compiled as a module when its APIs are not used by the kernel (namely IMA and trusted keys) with some Kconfig magic. Since it looks like that there will be even more customers, I think it would make sense to make the TPM driver core as part of the core kernel (device drivers for different types of chips could still be modules). I've proposed this before maybe two times, but it has always been rejected. /Jarkko