Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp53018ybl;
        Thu, 12 Dec 2019 13:56:13 -0800 (PST)
X-Google-Smtp-Source: APXvYqyU7ga9lSaBhVGIJ1cvzOGyuOcL1GttS3Tx45N30485AaZHzObEi7K92+DCtIODoHl2bj6c
X-Received: by 2002:a9d:6395:: with SMTP id w21mr10816297otk.3.1576187773790;
        Thu, 12 Dec 2019 13:56:13 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1576187773; cv=none;
        d=google.com; s=arc-20160816;
        b=oewIih35PLzchnkxZF6n1SkXFjXMhVCheu5Re25gMoU11WpDUT260cW2Nit9En9cLe
         RKTr5CRnkwsi3ZbRqGir2lViwy2AZCoMo24+V+oS/jvCdJ7uRmf1WDlIvfKOoMx48jz6
         n/UeY/vPpzF3GcYss3e+j1MeOzqmCZLAGg2C3zpF8cflRNP11fWFafZ+fUG9rJlr0nVp
         wvFAvKOE9jQwVQFPmeFOgg8jL2VFEwuT3L8K0ElXIOk1+icp3y0zT02wbv+eng7YO/EG
         T73hH5VCj3R8k+9RYytgiM6WkFyhysifP5zvQmLpi7ajvok491VbgKfSQOy2YhRg/mSp
         XFgg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:date:cc:to:from:subject:message-id
         :dkim-signature:dkim-signature;
        bh=tN29eq8xRZ5c+YQqcRa8fkpPdpPhtdQzfvliE2ySD+4=;
        b=un1yqXcxp3l2gCyDx8SAD3FrVLb5mHsBAzC2/Ciu7jfeSBSqwfdq4293yu5SXCuUtY
         +fYFtybEPrvO5gZ4n2dDrmxbYgd3b7oWcS4PvJfvYZ76fnmYfA7pvcvsR4aTcYUE2rK5
         Wv28aykEn4A90tm2KpqDoab48UEHDJw+I8SAldhf1wzcq8M+Fx55BOEBV17G9tW8aPak
         /l0AmPCgDsvKA1LOKVX4ADGSaWAwjQf2y58ggreYCMaNFN0XiV2P7Q+OqA64amFby4+B
         M/c3KcVpzGcd3iX4nGI6CrtjpjAk8sSy/CPdiP5upRCySyDhvCkco4HQsIZbN1llDxbE
         GiLw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id a9si4056891oib.59.2019.12.12.13.56.01;
        Thu, 12 Dec 2019 13:56:13 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip;
       dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730948AbfLLUyt (ORCPT <rfc822;dafubiji@gmail.com> + 99 others);
        Thu, 12 Dec 2019 15:54:49 -0500
Received: from bedivere.hansenpartnership.com ([66.63.167.143]:52324 "EHLO
        bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1730864AbfLLUyt (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 12 Dec 2019 15:54:49 -0500
Received: from localhost (localhost [127.0.0.1])
        by bedivere.hansenpartnership.com (Postfix) with ESMTP id 796758EE18E;
        Thu, 12 Dec 2019 12:54:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1576184088;
        bh=YU6QhrxSndpTBGBIa+4RwktoTUzIONHARFx7ySfhOjc=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=wH4NqBipmvzod84QBeGHgRbHIz4DkFcarkwsYQQj8Npq1ZfLhIDxbiHLWSf1ubN0L
         X3HhN14GEwfkjTJP7zPZN75Xn8KRS06NMiNER0JCI/5lw0EW6/2HNeDckqJI8uHXre
         9Zf7hLn87CieqGDvl+9CP8IaWYeMhB40boYNfvqE=
Received: from bedivere.hansenpartnership.com ([127.0.0.1])
        by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024)
        with ESMTP id Bv6xuswA6MId; Thu, 12 Dec 2019 12:54:48 -0800 (PST)
Received: from [9.232.197.95] (unknown [129.33.253.145])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 5CDA18EE0C7;
        Thu, 12 Dec 2019 12:54:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com;
        s=20151216; t=1576184088;
        bh=YU6QhrxSndpTBGBIa+4RwktoTUzIONHARFx7ySfhOjc=;
        h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
        b=wH4NqBipmvzod84QBeGHgRbHIz4DkFcarkwsYQQj8Npq1ZfLhIDxbiHLWSf1ubN0L
         X3HhN14GEwfkjTJP7zPZN75Xn8KRS06NMiNER0JCI/5lw0EW6/2HNeDckqJI8uHXre
         9Zf7hLn87CieqGDvl+9CP8IaWYeMhB40boYNfvqE=
Message-ID: <1576184085.10287.13.camel@HansenPartnership.com>
Subject: Re: [PATCH =v2 3/3] tpm: selftest: cleanup after unseal with wrong
 auth/policy test
From:   James Bottomley <James.Bottomley@HansenPartnership.com>
To:     Tadeusz Struk <tadeusz.struk@intel.com>,
        jarkko.sakkinen@linux.intel.com
Cc:     peterz@infradead.org, linux-kernel@vger.kernel.org, jgg@ziepe.ca,
        mingo@redhat.com, jeffrin@rajagiritech.edu.in,
        linux-integrity@vger.kernel.org, will@kernel.org, peterhuewe@gmx.de
Date:   Thu, 12 Dec 2019 15:54:45 -0500
In-Reply-To: <c3bffb8c-d454-1f53-7f7e-8b65884ffaf6@intel.com>
References: <157617292787.8172.9586296287013438621.stgit@tstruk-mobl1>
         <157617293957.8172.1404790695313599409.stgit@tstruk-mobl1>
         <1576180263.10287.4.camel@HansenPartnership.com>
         <c3bffb8c-d454-1f53-7f7e-8b65884ffaf6@intel.com>
Content-Type: text/plain; charset="UTF-8"
X-Mailer: Evolution 3.26.6 
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, 2019-12-12 at 12:49 -0800, Tadeusz Struk wrote:
> On 12/12/19 11:51 AM, James Bottomley wrote:
> > TPM2_Clear reprovisions the SPS ... that would make all currently
> > exported TPM keys go invalid.  I know these tests should be
> > connected to a vTPM, so doing this should be safe, but if this
> > accidentally got executed on your laptop all TPM relying functions
> > would be disrupted, which doesn't seem to be the best thing to hard
> > wire into a test.
> 
> That is true, but it will need to be executed as root, and root
> should know what she/he is doing ;)

Not in the modern kernel resource manager world: anyone who is in the
tpm group can access the tpmrm device and we haven't added a dangerous
command filter like we promised we would, so unless they have actually
set lockout or platform authorization, they'll find they can execute it


> > What about doing a TPM2_DictionaryAttackLockReset instead, which is
> > the least invasive route to fixing the problem ... provided you
> > know what the lockout authorization is.
> 
> I can change tpm2_clear to tpm2_dictionarylockout -c if we want to
> make it foolproof. In this case we can assume that the lockout auth
> is empty.

Well, if it isn't TPM2_Clear would refuse to execute as well since that
requires either lockout auth or platform + physical presence.

James