Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp53018ybl; Thu, 12 Dec 2019 13:56:13 -0800 (PST) X-Google-Smtp-Source: APXvYqyU7ga9lSaBhVGIJ1cvzOGyuOcL1GttS3Tx45N30485AaZHzObEi7K92+DCtIODoHl2bj6c X-Received: by 2002:a9d:6395:: with SMTP id w21mr10816297otk.3.1576187773790; Thu, 12 Dec 2019 13:56:13 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1576187773; cv=none; d=google.com; s=arc-20160816; b=oewIih35PLzchnkxZF6n1SkXFjXMhVCheu5Re25gMoU11WpDUT260cW2Nit9En9cLe RKTr5CRnkwsi3ZbRqGir2lViwy2AZCoMo24+V+oS/jvCdJ7uRmf1WDlIvfKOoMx48jz6 n/UeY/vPpzF3GcYss3e+j1MeOzqmCZLAGg2C3zpF8cflRNP11fWFafZ+fUG9rJlr0nVp wvFAvKOE9jQwVQFPmeFOgg8jL2VFEwuT3L8K0ElXIOk1+icp3y0zT02wbv+eng7YO/EG T73hH5VCj3R8k+9RYytgiM6WkFyhysifP5zvQmLpi7ajvok491VbgKfSQOy2YhRg/mSp XFgg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:date:cc:to:from:subject:message-id :dkim-signature:dkim-signature; bh=tN29eq8xRZ5c+YQqcRa8fkpPdpPhtdQzfvliE2ySD+4=; b=un1yqXcxp3l2gCyDx8SAD3FrVLb5mHsBAzC2/Ciu7jfeSBSqwfdq4293yu5SXCuUtY +fYFtybEPrvO5gZ4n2dDrmxbYgd3b7oWcS4PvJfvYZ76fnmYfA7pvcvsR4aTcYUE2rK5 Wv28aykEn4A90tm2KpqDoab48UEHDJw+I8SAldhf1wzcq8M+Fx55BOEBV17G9tW8aPak /l0AmPCgDsvKA1LOKVX4ADGSaWAwjQf2y58ggreYCMaNFN0XiV2P7Q+OqA64amFby4+B M/c3KcVpzGcd3iX4nGI6CrtjpjAk8sSy/CPdiP5upRCySyDhvCkco4HQsIZbN1llDxbE GiLw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a9si4056891oib.59.2019.12.12.13.56.01; Thu, 12 Dec 2019 13:56:13 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip; dkim=fail header.i=@hansenpartnership.com header.s=20151216 header.b=wH4NqBip; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730948AbfLLUyt (ORCPT + 99 others); Thu, 12 Dec 2019 15:54:49 -0500 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:52324 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730864AbfLLUyt (ORCPT ); Thu, 12 Dec 2019 15:54:49 -0500 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 796758EE18E; Thu, 12 Dec 2019 12:54:48 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1576184088; bh=YU6QhrxSndpTBGBIa+4RwktoTUzIONHARFx7ySfhOjc=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=wH4NqBipmvzod84QBeGHgRbHIz4DkFcarkwsYQQj8Npq1ZfLhIDxbiHLWSf1ubN0L X3HhN14GEwfkjTJP7zPZN75Xn8KRS06NMiNER0JCI/5lw0EW6/2HNeDckqJI8uHXre 9Zf7hLn87CieqGDvl+9CP8IaWYeMhB40boYNfvqE= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Bv6xuswA6MId; Thu, 12 Dec 2019 12:54:48 -0800 (PST) Received: from [9.232.197.95] (unknown [129.33.253.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 5CDA18EE0C7; Thu, 12 Dec 2019 12:54:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1576184088; bh=YU6QhrxSndpTBGBIa+4RwktoTUzIONHARFx7ySfhOjc=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=wH4NqBipmvzod84QBeGHgRbHIz4DkFcarkwsYQQj8Npq1ZfLhIDxbiHLWSf1ubN0L X3HhN14GEwfkjTJP7zPZN75Xn8KRS06NMiNER0JCI/5lw0EW6/2HNeDckqJI8uHXre 9Zf7hLn87CieqGDvl+9CP8IaWYeMhB40boYNfvqE= Message-ID: <1576184085.10287.13.camel@HansenPartnership.com> Subject: Re: [PATCH =v2 3/3] tpm: selftest: cleanup after unseal with wrong auth/policy test From: James Bottomley To: Tadeusz Struk , jarkko.sakkinen@linux.intel.com Cc: peterz@infradead.org, linux-kernel@vger.kernel.org, jgg@ziepe.ca, mingo@redhat.com, jeffrin@rajagiritech.edu.in, linux-integrity@vger.kernel.org, will@kernel.org, peterhuewe@gmx.de Date: Thu, 12 Dec 2019 15:54:45 -0500 In-Reply-To: References: <157617292787.8172.9586296287013438621.stgit@tstruk-mobl1> <157617293957.8172.1404790695313599409.stgit@tstruk-mobl1> <1576180263.10287.4.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.26.6 Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, 2019-12-12 at 12:49 -0800, Tadeusz Struk wrote: > On 12/12/19 11:51 AM, James Bottomley wrote: > > TPM2_Clear reprovisions the SPS ... that would make all currently > > exported TPM keys go invalid. I know these tests should be > > connected to a vTPM, so doing this should be safe, but if this > > accidentally got executed on your laptop all TPM relying functions > > would be disrupted, which doesn't seem to be the best thing to hard > > wire into a test. > > That is true, but it will need to be executed as root, and root > should know what she/he is doing ;) Not in the modern kernel resource manager world: anyone who is in the tpm group can access the tpmrm device and we haven't added a dangerous command filter like we promised we would, so unless they have actually set lockout or platform authorization, they'll find they can execute it > > What about doing a TPM2_DictionaryAttackLockReset instead, which is > > the least invasive route to fixing the problem ... provided you > > know what the lockout authorization is. > > I can change tpm2_clear to tpm2_dictionarylockout -c if we want to > make it foolproof. In this case we can assume that the lockout auth > is empty. Well, if it isn't TPM2_Clear would refuse to execute as well since that requires either lockout auth or platform + physical presence. James