Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3205633imu; Fri, 18 Jan 2019 06:36:49 -0800 (PST) X-Google-Smtp-Source: ALg8bN4fFhO7EN2fhnAnHYP/BTnHHEoq5Vfx4UMX1UKpPEZ9bqC5kX2cEjRGmLmXrVir29otzVSP X-Received: by 2002:a63:5964:: with SMTP id j36mr17930295pgm.210.1547822209692; Fri, 18 Jan 2019 06:36:49 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1547822209; cv=none; d=google.com; s=arc-20160816; b=HwPsI7/ZJdY9wtzt5JiYeKQ5F46XNcCkrIipb8h7qb/5KIcudN3sWYmj3udPG4q34h EBWbJ0St8SGcHTEmbmR3fcU2WLXqOxGBUzhH4RwslqDCE/doFwKJOmdqbYQZgKlb5s08 WyrFK+Lv044XbVoqEhNDr7BWxAzeLLl6RaCE1iu0GKIMNy3qdRr8z/RU3ZNfa+IcTpMO 1Pc227WJLXUMN9Rne/KiLJls7G3WDESaorg050GQxfFci5IH5jBpNIkj3SUL4Pi54GlT Yp4toarRpspA3+OFRotOkKEousHjY5rBW1BXVovgK7V10rVUan+NkMwjPfW/481reP1+ ohgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=rKQcPbMSxAtUDREK12a3/3zogz+DqCflSIs2MQBlkm8=; b=yhmwrcYh03bUnJT9JTynDOO53M67QFG5Db2PO/2C1yi3AiY57JpeXNpnhFTS+9w2ek 2ExqBFwtMFaO8lq8M06Jh5lsJmIr4WYSMPq3jEllH7/Zz03jMw5LmOd1cEKEXcIu2ufh ZkWMHMa+zjy5uIujNubklvq/o/EkxN3DEeUemjfDBgatJ7MJaNw3Y3hRDzBxvFQVls/C JnjipkxSNhd705MpJ17R+1Z4UK9n5uWrtlOa/qVD3d8y3FAant21qgU+MwnwwaS43cpA niGGdVL3EpmL8E4cTnGZnynpvYb1ih9dP6LZNPDIWHHvyTXR5IFxuat/azyIskT3oCNZ ZPeA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r39si4712728pld.434.2019.01.18.06.36.34; Fri, 18 Jan 2019 06:36:49 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727633AbfAROfD (ORCPT + 99 others); Fri, 18 Jan 2019 09:35:03 -0500 Received: from mga05.intel.com ([192.55.52.43]:10620 "EHLO mga05.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727020AbfAROfD (ORCPT ); Fri, 18 Jan 2019 09:35:03 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga006.fm.intel.com ([10.253.24.20]) by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 18 Jan 2019 06:33:59 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,491,1539673200"; d="scan'208";a="311541178" Received: from unknown (HELO localhost) ([10.249.254.249]) by fmsmga006.fm.intel.com with ESMTP; 18 Jan 2019 06:33:51 -0800 Date: Fri, 18 Jan 2019 16:33:48 +0200 From: Jarkko Sakkinen To: James Bottomley Cc: Andy Lutomirski , Stephan Mueller , Herbert Xu , "Lee, Chun-Yi" , "Rafael J . Wysocki" , Pavel Machek , LKML , linux-pm@vger.kernel.org, keyrings@vger.kernel.org, "Rafael J. Wysocki" , Chen Yu , Oliver Neukum , Ryan Chen , David Howells , Giovanni Gherdovich , Randy Dunlap , Jann Horn Subject: Re: [PATCH 1/5 v2] PM / hibernate: Create snapshot keys handler Message-ID: <20190118143348.GB4080@linux.intel.com> References: <20190103143227.9138-1-jlee@suse.com> <4499700.LRS4F2YjjC@tauon.chronox.de> <20190108050358.llsox32hggn2jioe@gondor.apana.org.au> <1565399.7ulKdI1fm5@tauon.chronox.de> <1546994671.6077.10.camel@HansenPartnership.com> <20190111140226.GA6448@linux.intel.com> <1547220538.2793.6.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1547220538.2793.6.camel@HansenPartnership.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Jan 11, 2019 at 07:28:58AM -0800, James Bottomley wrote: > On Fri, 2019-01-11 at 16:02 +0200, Jarkko Sakkinen wrote: > > On Tue, Jan 08, 2019 at 05:43:53PM -0800, Andy Lutomirski wrote: > > > (Also, do we have a sensible story of how the TPM interacts with > > > hibernation at all? Presumably we should at least try to replay > > > the PCR operations that have occurred so that we can massage the > > > PCRs into the same state post-hibernation. Also, do we have any > > > way for the kernel to sign something with the TPM along with an > > > attestation that the signature was requested *by the > > > kernel*? Something like a sub-hierarchy of keys that the kernel > > > explicitly prevents userspace from accessing?) > > > > Kernel can keep it is own key hierarchy in memory as TPM2 chips allow > > to offload data in encrypted form and load it to TPM when it needs to > > use it. > > > > The in-kernel resource manager that I initiated couple years ago > > provides this type of functionality. > > Actually, the resource manager only keeps volatile objects separated > when in use not when offloaded. The problem here is that the object > needs to be persisted across reboots, so either it gets written to the > NV area, bypassing the resource manager and making it globally visible > or it has to get stored in TPM form in the hibernation image, meaning > anyone with access to the TPM who can read the image can extract and > load it. Further: anyone with access to the TPM can create a bogus > sealed key and encrypt a malicious hibernation image with it. So there > are two additional problems > > 1. Given that the attacker may have access to the binary form of the > key, can we make sure only the kernel can get it released? > 2. How do we prevent an attacker with access to the TPM from creating a > bogus sealed key? > > This is why I was thinking localities. Why you would want to go for localities and not seal to PCRs? /Jarkko