Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp1294482ybl; Thu, 12 Dec 2019 12:50:46 -0800 (PST) X-Google-Smtp-Source: APXvYqwDr28fi/710t9YCJvo3x0JJ2wD/zt7/ha3DIog3rN20TVQCzlqHK8XwQBHjDeTvQoRyqAW X-Received: by 2002:a9d:7a4d:: with SMTP id z13mr10306297otm.148.1576183846587; Thu, 12 Dec 2019 12:50:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576183846; cv=none; d=google.com; s=arc-20160816; b=W2UKhvrhX211neh7FcrnbCls5cO+XC8lHv4ctfiw9aZM2+6XfTG6vHilioO7ZRMqO3 J2iHtZqGAkP26LJ5DjEFndWZicklu2OK3xOypCHUXQMJC6xi0T6vLLDJ3d12V7EA0NXP WKo7lsDdfWW13SNtCJbHjPq2UzfZw1MceX05hb4V1cn52DR5HTEVN6tvIomYJvdYz27g FgvV9d5kTI5qbty3AEnG5DWPhng8ZqxNenkdxNd3/mbDil5QkQx+v4nMqH4MRlgyzJKE 5MPjGceWBea19MsIk6c0+oPwhsNX71a9PVbFhewpIsE6V9U/9/E/WrY8aZ3lqdNaCE33 LxmA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:autocrypt:from:references:cc:to:subject; bh=VCXKlrPrOcwPBbgojrzeo4yPxxYObErqznQhAU2MR6s=; b=HzdEa3VzPpnZHSeHDAgzBU9sovx3TfCjGV20NPvlCKtEGQNd3GL+G/r/bMp+FgASfS I9daiM6viIPtgYbT5OFa7fq0G9JSDQfFx8Oj3Xc0Y6VTg3rCmQIuA85G4byzgIYgQabd EjH7oKacHxbbEu0BHx4tzxKEqhZmMJsob4tKMOAQoGRjMe/nAfo02RsqwRtm9bi1u8cV MZGJRcPxnT5MtwzLd++Dfhyj9k3aphWOwouvvDwVnRjW6l+GrMRhjpPBv9JA3eBjehr4 w8mW0jtHPTWCmMshfFB67mZtLhK8qaxLRqByrYAmUvc1ynX+A+1ZQxuG6TRwI8IebeJ1 t7aw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o67si3939137oig.49.2019.12.12.12.50.34; Thu, 12 Dec 2019 12:50:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730915AbfLLUs7 (ORCPT + 99 others); Thu, 12 Dec 2019 15:48:59 -0500 Received: from mga18.intel.com ([134.134.136.126]:45665 "EHLO mga18.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730908AbfLLUs7 (ORCPT ); Thu, 12 Dec 2019 15:48:59 -0500 X-Amp-Result: SKIPPED(no attachment in message) X-Amp-File-Uploaded: False Received: from orsmga004.jf.intel.com ([10.7.209.38]) by orsmga106.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 12 Dec 2019 12:48:58 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.69,307,1571727600"; d="scan'208";a="364093630" Received: from tstruk-mobl1.jf.intel.com (HELO [10.7.196.67]) ([10.7.196.67]) by orsmga004.jf.intel.com with ESMTP; 12 Dec 2019 12:48:58 -0800 Subject: Re: [PATCH =v2 3/3] tpm: selftest: cleanup after unseal with wrong auth/policy test To: James Bottomley , jarkko.sakkinen@linux.intel.com Cc: peterz@infradead.org, linux-kernel@vger.kernel.org, jgg@ziepe.ca, mingo@redhat.com, jeffrin@rajagiritech.edu.in, linux-integrity@vger.kernel.org, will@kernel.org, peterhuewe@gmx.de References: <157617292787.8172.9586296287013438621.stgit@tstruk-mobl1> <157617293957.8172.1404790695313599409.stgit@tstruk-mobl1> <1576180263.10287.4.camel@HansenPartnership.com> From: Tadeusz Struk Autocrypt: addr=tadeusz.struk@intel.com; keydata= mQGNBF2okUMBDADGYZuwqK87k717uEyQ5hqo9X9ICnzpPt38ekB634MdtBwdK8KAFRWIpnT9 fb5bt/AFgGc1gke/Nr8PFsFcRiNTDuWpwO/zJdWWp+fdnB9dKI0usYY9+Y5Q3lhBeiBN7mDK fAoFjyeufKzY3pOM9Gy6FvGQjDyLm2H5siW0IKAsMjAiQ35qI7hednM2XECHqewt4yzxvPZr LpgpFvR43nJBUGULGPWqv0usVircd1bBJ4D24j/kaYmuDeyex/HdqTV8sWBx3NFFKtyZB7FV EPekbHIxaRxg3kgZzCKXrwoufLR5ErGO/oqJmGjuCMWp14iZ0mtN4BzYdhzqHmtJhc8/nSwV NIZUF+JpMk/KpYcPlpmMzBcLKHkAhEvIEoynKCcFHqNUjeu+tqL4Nc6Wl36T2EQw3u9hDk4Y uX4ZGe6BzADl8Sphgyld99I4jAeoEzSCbWnqS411iVPXyxfe+46zuW3ORncxNoyy3EqGu8m5 347fgFADQpc9+jdc1qFcxncAEQEAAbQnVGFkZXVzeiBTdHJ1ayA8dGFkZXVzei5zdHJ1a0Bp bnRlbC5jb20+iQHUBBMBCAA+FiEE91vcGmaCEzGCRUztOkAW4c1UqhwFAl2okUcCGwMFCQHh M4AFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQOkAW4c1UqhwVZQv/dTaTLe1s6xFyAkYJ aK8IqKOYo2s29bTDoeul7U2WFivgryGRX3mNblMfV6lwwRcNfjSF+gOVrT6+N1l2vrDmqtPG ywKjrL18C7TssAxj7oIDSdRCHbIRjHs6N2jmeg4MPOfBHI3saeatBlDJAVfDMLIey412agTV kuVOGkPvMaqB9vh9dZhLXdiRy8Hb4mHvEDR3w5YOGHz0dPkH97WS3y28b9OOLcXShieCW/cJ vRpWVI5qod6oEqJIx7AKh8Albmj6U5wyOHWl/ZnmPgacVzrYTF/po/mSL6cIR5p2gnaINnkf h9fHkmhZgwwuw5Ua4DmAyWw9bmF7VYcAdnSbyLwl7WF9Nb7Lg1e4R1eG6JW88xEEOVonn9ML GUQ+ts5i1L3SwwL9R5WCmRhfVcTNERu2BWbuHjoVEccxhSG2ESKqqbPlnL7zVwcMYz4aIO7S XJUQAxAVz4pHkuQQg2+XjVuxG/IB4PEhTfeyIZ/OWmN+m+qTYbu1ebNeLXaG3lu2uQGNBF2o kUcBDACtgd7j0GWo05BN68gCC10t3PIEhQCAQhOKIFBpfv8yGvrvw9bnAN6FeU86CDERBhQS KlthNlynuJGa+ws2LtGidUDTw2W/Pi7vhV/45bVh5ldK/CNioI7I9Kcof5e2ooxmjOV+znst rc4zu4YYAChdRArXBVw6TyTucuNdctgHfAC5RJXcq7qtnbBarp3yKZdMwIwKlNTCFl8kbsBD 2uHI2xcVWQ2iF51s1wzsaJa3jK8Chkld/uVgqdo86zgFcl8DQFgytXz+q/eFsca3Ca95fNWc bDeOtCjfNloeuYCiEAK0KrwAG16qkeoBvmG0AHrOIwAdCJgE2cDsBfhMmSy3qiQ6E0+STqw9 OwYo9k+fZwfoxOnAIRD3T0SaTwc8GGf8fJRtL+oiGUzXVU+FsKFgL0xdMUdCioLFOjWyChXm W9LbLHWe0+yJSKs+qsMgObAGPEUszx4/fckYrQ3TzbvosQyQLpOxRDMAZOmxsqk8qxNvtwkq 2dk1/u9px+syaxMAEQEAAYkBvAQYAQgAJhYhBPdb3BpmghMxgkVM7TpAFuHNVKocBQJdqJFH AhsMBQkB4TOAAAoJEDpAFuHNVKocGYML/37TFWRz/VbhazKlMxEX+JI76q9cQ2KWcBEn/OYY PLHXFzYEKrBMUxzpUaxRLeHadIeGI+4c2EDfFRigzY4GiseN8HNhl5t2jEb5FX/M6WHVCfNt vGz6dVAaES6z4UqWW8cP1insosSFi5slHjoUNk9Sx9FQ/oIX9FemLxxH4HcFlxGmUrVUiiof en/LmOP4UBVPxRJ20UeFOD3XcwQerS0r4LEK2Zpl/lB7WbGSCZjoVq9xhv5i+9Z04KvVkTCY T/vfPu+7KPf+gxGMZZqi+mILWBzCbhOa25HOjeJ780zGDQa05DF6WWepIlNYoiaYeqwhcmWP gwizcH5TjTP7SF96/2USKmZCsgKKiVy4a9yHyafeDxCa6NwL1wVRaCqJhdtjgfGrcSx0u++F H5Vo0zSBk5Nx0fx2HT16roAnfoOj4wLa/0xVtt+9XXdcoueQwO4imuUeR1Spm1Yni1oBuaR3 yvcQkH/25MiQZ3/8hU+0Tpfy9SPQyBxrtguvPBPfRg== Message-ID: Date: Thu, 12 Dec 2019 12:49:01 -0800 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.2.1 MIME-Version: 1.0 In-Reply-To: <1576180263.10287.4.camel@HansenPartnership.com> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 12/12/19 11:51 AM, James Bottomley wrote: > TPM2_Clear reprovisions the SPS ... that would make all currently > exported TPM keys go invalid. I know these tests should be connected > to a vTPM, so doing this should be safe, but if this accidentally got > executed on your laptop all TPM relying functions would be disrupted, > which doesn't seem to be the best thing to hard wire into a test. That is true, but it will need to be executed as root, and root should know what she/he is doing ;) > > What about doing a TPM2_DictionaryAttackLockReset instead, which is the > least invasive route to fixing the problem ... provided you know what > the lockout authorization is. I can change tpm2_clear to tpm2_dictionarylockout -c if we want to make it foolproof. In this case we can assume that the lockout auth is empty. -- Tadeusz