Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp1183257ybh;
        Sat, 3 Aug 2019 20:01:32 -0700 (PDT)
X-Google-Smtp-Source: APXvYqw/EjczgCQ6qUJCCyHRteGQ+ndSfecafx2vKI8vWe69s9jH32cZpH5J3/CD9Scr2/Qc4A9i
X-Received: by 2002:a63:b10f:: with SMTP id r15mr60676763pgf.230.1564887692172;
        Sat, 03 Aug 2019 20:01:32 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1564887692; cv=none;
        d=google.com; s=arc-20160816;
        b=JE+W/DwbByF3ZjGizk9yItsrK3cChj3MbGO7yhWA1GQueH9PAlcipFk15OjIhiYWL5
         f6R4lRS20mUiXnDv6ih3zluWTcnWTal8r56UOVH7Y8xWCMPrQp+a8nRkjIkLdB07wc7R
         geHgTcgJeCjTNiugzP27ZqE3de1G0pEHVJOYUZmu4ZN0u57w9JxB3j1M+GN6Lc9MaIOQ
         h68JC9DH8I4VoKjR3RCB5UGTKj6Ipm8kVmqm38x0eGwm9atRQh5EU5AERUD6nSQJnkzT
         tRrXHiVo7OQV6FPJg9ZCQ5hBBjebNg521VYrChmfEmvWJKvBnpZ1TV3MYwC0S4Zkj2DG
         Rtag==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=0GbKZjlk58/1/gEAb8rLFjzGCzfWMJnAF2vx5gOck10=;
        b=BhC+VAtpJOD1jp+F553A+lA6YZMeqCrzxQeJGtxpsFNOPIvRPXRe97ZCJgK6hPHzlH
         xWRXKnzJOr8FRUDYzq0aw735TLmANRzBiBh2OY4KxVGvNYy8+bTx+xbg5hcSABtjgbpH
         USbg08iRtF8oMtMKikcSil8RZ3gTnWwhbQNP8otTxvJg2hrfKADniC1+9ZVbNKQFKxKf
         r2L5yDfMDyYOrzrkQ/74cnm1wJe6oATVrR8PovLwwKmS+nvw1DyZay5Jvg8K210CHz2i
         LqbIPiCwtFSGXZ2b5+C3I5XmvlEjmy6zwMUOv2hhPL3V9hA+lTYxZ0gI3S6NXgNY949t
         TSoA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q11si4487175pls.424.2019.08.03.20.01.17;
        Sat, 03 Aug 2019 20:01:32 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2405325AbfHBVS4 (ORCPT <rfc822;patchstalker@gmail.com>
        + 99 others); Fri, 2 Aug 2019 17:18:56 -0400
Received: from youngberry.canonical.com ([91.189.89.112]:36541 "EHLO
        youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1732537AbfHBVSz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 2 Aug 2019 17:18:55 -0400
Received: from 162-237-133-238.lightspeed.rcsntx.sbcglobal.net ([162.237.133.238] helo=elm)
        by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32)
        (Exim 4.76)
        (envelope-from <tyhicks@canonical.com>)
        id 1htewq-0000uT-Kv; Fri, 02 Aug 2019 21:18:49 +0000
Date:   Fri, 2 Aug 2019 16:18:43 -0500
From:   Tyler Hicks <tyhicks@canonical.com>
To:     Mimi Zohar <zohar@linux.ibm.com>,
        Roberto Sassu <roberto.sassu@huawei.com>
Cc:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        James Bottomley <jejb@linux.ibm.com>, jgg@ziepe.ca,
        linux-integrity@vger.kernel.org,
        linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
        linux-kernel@vger.kernel.org, crazyt2019+lml@gmail.com,
        nayna@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com
Subject: Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or
 deactivated
Message-ID: <20190802211843.GH26616@elm>
References: <20190705163735.11539-1-roberto.sassu@huawei.com>
 <1562618099.20748.13.camel@linux.ibm.com>
 <20190709162458.f4fjteokcmidv7w6@linux.intel.com>
 <1562689905.28089.52.camel@linux.ibm.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1562689905.28089.52.camel@linux.ibm.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 2019-07-09 12:31:45, Mimi Zohar wrote:
> On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote:
> > On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> > > Not a criticism of your patch, but can we please stop doing this. 
> > > Single random number sources are horrendously bad practice because it
> > > gives an attacker a single target to subvert.  We should ensure the TPM
> > > is plugged into the kernel RNG as a source and then take randomness
> > > from the mixed pool so it's harder for an attacker because they have to
> > > subvert all our sources to predict what came out.
> > 
> > It is and I agree.
> 
> I still haven't quite figured out why the digests need to be
> initialized to anything other than 0.

After looking into 0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400, I have to
agree. I don't see the purpose of using tpm_get_random() in
init_digests().

Roberto, why can't we just initialize the digests with zeroes? It would
fix the bug for eCryptfs and NVDIMM and address the concern that James
had regarding the single random number source.

Tyler