Received: by 2002:a25:b794:0:0:0:0:0 with SMTP id n20csp2916334ybh; Mon, 5 Aug 2019 08:55:40 -0700 (PDT) X-Google-Smtp-Source: APXvYqx7UfqwPlfqMNwkZO0kQEP+tUsR8wxpIduiuXjdp43b6qLY76bEvCJPMk0PccvaCM/zEFgF X-Received: by 2002:a17:902:e306:: with SMTP id cg6mr1613416plb.263.1565020540247; Mon, 05 Aug 2019 08:55:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1565020540; cv=none; d=google.com; s=arc-20160816; b=ufbKUJbUwsL5No0rXgfnXfY/KWt33Xf7+Mzt5OdbYFLKez2jd60C1G8xQVHPz0X9tw TqSTdeCRDUVifpw0lfyIxMe3Vy/1BepvAVH2PL95vR8DiKRLrYpZgNmQFFv4cGBg/4Dx cmSI2m5v/om/rQjROXIaUQ+BF1gwe3yJdy9wqoeGjdPTn94a/ER6tej5HSagwtLQLLMs WxOvqx2CKAOxbrIGEOAoQEPnzFOkI4v3vsbFC/WVDGOAoDT8peAfexnnBrC8ZN2UnpqM Mby/1+w2gbxeH5i79uuQ8u62+Kenc1FYWNVqdHpoAC/l7JVWWlBv2n4/9wICeyZspNzS TM1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:content-transfer-encoding :mime-version:references:in-reply-to:date:cc:to:from:subject; bh=oS8NQmWhhtMedcsyd+HGR6EEOtlV6amPdqIkypGO4eE=; b=L7uMZzuYpULP35PoTtP51eUzTYuJrZwffs3JWTKLfKTMc3IzPXBVgU5Ft5zSU+BwaM l2I7P7KIidukFXn8BvFWGY0RiPg5Q8nDR6qq8zvRTgu/tXbvI1ajtUdgLjhTp+p3seKW Dz7rhG/KAKHjooN0P18eyX8O8/zGsIedlpD4v4gs/cQxY0HeYxbN6o9OPtMnaO3G8/Wq 8y9YnT9C8T7wBN78bYHufM8aFw7KAERNNjCAmnveGE/YVsFkSHy6GirTqcUXrNKVkKmn 9Gy1ubkOTp3+78WIzKWRM8Cpwh1Zign1caiyPJgtTDaI9lWeEVxc9IrZUfX8F1ZxjsQ1 KRDQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g1si45080304pfh.47.2019.08.05.08.55.24; Mon, 05 Aug 2019 08:55:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729160AbfHEPya (ORCPT + 99 others); Mon, 5 Aug 2019 11:54:30 -0400 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37010 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728824AbfHEPya (ORCPT ); Mon, 5 Aug 2019 11:54:30 -0400 Received: from pps.filterd (m0098420.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.27/8.16.0.27) with SMTP id x75FlISn142786 for ; Mon, 5 Aug 2019 11:54:28 -0400 Received: from e06smtp05.uk.ibm.com (e06smtp05.uk.ibm.com [195.75.94.101]) by mx0b-001b2d01.pphosted.com with ESMTP id 2u6pek3va7-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Mon, 05 Aug 2019 11:54:28 -0400 Received: from localhost by e06smtp05.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Mon, 5 Aug 2019 16:54:26 +0100 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp05.uk.ibm.com (192.168.101.135) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Mon, 5 Aug 2019 16:54:21 +0100 Received: from d06av26.portsmouth.uk.ibm.com (d06av26.portsmouth.uk.ibm.com [9.149.105.62]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id x75FsLlx59637940 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 5 Aug 2019 15:54:21 GMT Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0A1B9AE051; Mon, 5 Aug 2019 15:54:21 +0000 (GMT) Received: from d06av26.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BA8C7AE04D; Mon, 5 Aug 2019 15:54:19 +0000 (GMT) Received: from dhcp-9-31-103-47.watson.ibm.com (unknown [9.31.103.47]) by d06av26.portsmouth.uk.ibm.com (Postfix) with ESMTP; Mon, 5 Aug 2019 15:54:19 +0000 (GMT) Subject: Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated From: Mimi Zohar To: Roberto Sassu , Tyler Hicks , Jarkko Sakkinen Cc: jejb@linux.ibm.com, jgg@ziepe.ca, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, crazyt2019+lml@gmail.com, nayna@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com Date: Mon, 05 Aug 2019 11:54:19 -0400 In-Reply-To: References: <20190705163735.11539-1-roberto.sassu@huawei.com> <20190711194811.rfsohbfc3a7carpa@linux.intel.com> <20190801163215.mfkagoafkxscesne@linux.intel.com> <20190802142721.GA26616@elm> <20190802194226.oiztvme5klkmw6fh@linux.intel.com> <20190802202343.GE26616@elm> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 19080515-0020-0000-0000-0000035B3673 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 19080515-0021-0000-0000-000021AF51D8 Message-Id: <1565020459.11223.179.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2019-08-05_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1906280000 definitions=main-1908050175 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote: > Regarding Mimi's proposal to avoid the issue by extending the PCR with > zeros, I think it also achieve the goal. Roberto, removing the following code from init_digests() would be the equivalent to the prior code, without needing to make any other changes.  Let's keep it simple.  Do you want to post the patch with the change, or should I? ret = tpm_get_random(chip, digest, TPM_MAX_DIGEST_SIZE); if (ret < 0) return ret; if (ret < TPM_MAX_DIGEST_SIZE) return -EFAULT; As I can't duplicate the problem, it would need to be tested by others experiencing the problem. thanks, Mimi