Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp1183257ybh; Sat, 3 Aug 2019 20:01:32 -0700 (PDT) X-Google-Smtp-Source: APXvYqw/EjczgCQ6qUJCCyHRteGQ+ndSfecafx2vKI8vWe69s9jH32cZpH5J3/CD9Scr2/Qc4A9i X-Received: by 2002:a63:b10f:: with SMTP id r15mr60676763pgf.230.1564887692172; Sat, 03 Aug 2019 20:01:32 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1564887692; cv=none; d=google.com; s=arc-20160816; b=JE+W/DwbByF3ZjGizk9yItsrK3cChj3MbGO7yhWA1GQueH9PAlcipFk15OjIhiYWL5 f6R4lRS20mUiXnDv6ih3zluWTcnWTal8r56UOVH7Y8xWCMPrQp+a8nRkjIkLdB07wc7R geHgTcgJeCjTNiugzP27ZqE3de1G0pEHVJOYUZmu4ZN0u57w9JxB3j1M+GN6Lc9MaIOQ h68JC9DH8I4VoKjR3RCB5UGTKj6Ipm8kVmqm38x0eGwm9atRQh5EU5AERUD6nSQJnkzT tRrXHiVo7OQV6FPJg9ZCQ5hBBjebNg521VYrChmfEmvWJKvBnpZ1TV3MYwC0S4Zkj2DG Rtag== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:in-reply-to :content-disposition:mime-version:references:message-id:subject:cc :to:from:date; bh=0GbKZjlk58/1/gEAb8rLFjzGCzfWMJnAF2vx5gOck10=; b=BhC+VAtpJOD1jp+F553A+lA6YZMeqCrzxQeJGtxpsFNOPIvRPXRe97ZCJgK6hPHzlH xWRXKnzJOr8FRUDYzq0aw735TLmANRzBiBh2OY4KxVGvNYy8+bTx+xbg5hcSABtjgbpH USbg08iRtF8oMtMKikcSil8RZ3gTnWwhbQNP8otTxvJg2hrfKADniC1+9ZVbNKQFKxKf r2L5yDfMDyYOrzrkQ/74cnm1wJe6oATVrR8PovLwwKmS+nvw1DyZay5Jvg8K210CHz2i LqbIPiCwtFSGXZ2b5+C3I5XmvlEjmy6zwMUOv2hhPL3V9hA+lTYxZ0gI3S6NXgNY949t TSoA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q11si4487175pls.424.2019.08.03.20.01.17; Sat, 03 Aug 2019 20:01:32 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2405325AbfHBVS4 (ORCPT + 99 others); Fri, 2 Aug 2019 17:18:56 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:36541 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1732537AbfHBVSz (ORCPT ); Fri, 2 Aug 2019 17:18:55 -0400 Received: from 162-237-133-238.lightspeed.rcsntx.sbcglobal.net ([162.237.133.238] helo=elm) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1htewq-0000uT-Kv; Fri, 02 Aug 2019 21:18:49 +0000 Date: Fri, 2 Aug 2019 16:18:43 -0500 From: Tyler Hicks To: Mimi Zohar , Roberto Sassu Cc: Jarkko Sakkinen , James Bottomley , jgg@ziepe.ca, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, crazyt2019+lml@gmail.com, nayna@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com Subject: Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated Message-ID: <20190802211843.GH26616@elm> References: <20190705163735.11539-1-roberto.sassu@huawei.com> <1562618099.20748.13.camel@linux.ibm.com> <20190709162458.f4fjteokcmidv7w6@linux.intel.com> <1562689905.28089.52.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1562689905.28089.52.camel@linux.ibm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-07-09 12:31:45, Mimi Zohar wrote: > On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote: > > On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote: > > > Not a criticism of your patch, but can we please stop doing this. > > > Single random number sources are horrendously bad practice because it > > > gives an attacker a single target to subvert. We should ensure the TPM > > > is plugged into the kernel RNG as a source and then take randomness > > > from the mixed pool so it's harder for an attacker because they have to > > > subvert all our sources to predict what came out. > > > > It is and I agree. > > I still haven't quite figured out why the digests need to be > initialized to anything other than 0. After looking into 0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400, I have to agree. I don't see the purpose of using tpm_get_random() in init_digests(). Roberto, why can't we just initialize the digests with zeroes? It would fix the bug for eCryptfs and NVDIMM and address the concern that James had regarding the single random number source. Tyler