Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp139260pxf;
        Wed, 10 Mar 2021 02:33:24 -0800 (PST)
X-Google-Smtp-Source: ABdhPJwqWvwDGdBC+iv2RYoOKrXqEYVVSknCv8ExmPf/tWk3SOPJzU/bY/I0/CcNa1wagY4VMPv2
X-Received: by 2002:a05:6402:1853:: with SMTP id v19mr2467230edy.179.1615372404619;
        Wed, 10 Mar 2021 02:33:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1615372404; cv=none;
        d=google.com; s=arc-20160816;
        b=QjTbl7e3r49Y1sI0BKC6Oljj22leg+uHIjuM5zHAoNKZ4iN8UGohUQCttEakmBVJyl
         9X4X4OlytXeKORrp8J+/XBePfpuSDK2f2tKdcmi5pVxy1ii3lMG7nChrqzH2mxxsTJ6j
         0QLY9mvIxBp5Lv1/Z0YeFf5+Z/XCvaVXHNsQAUSIKtgAwvRCms6kJCYVcecoOKLfycbv
         XPLGJM6542L25HSNTZUEFT+91IwAIsq6oQS3DECXcJS/xHob2PDJlI7hBwhCh6bGgNxL
         2nXbNfe4qwowqEQYz8B36uYI52TETkd+l+bcVSg9a2G3IPZ/dEOmTZWQTBg3z56/bkpU
         wu6A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to
         :references:mime-version:dkim-signature;
        bh=hZu8kYWcUsjJZQZLgu1XKiWKVJDy+c+Bw7NCUyMv0Bc=;
        b=PmAKq73zd8UtMvcQrOAu2sTXGHDbNXDoJrHsU7vCHBi39eSPc0EogWRHl2ZfBeZuf3
         AiApgjzO1cEJzNsEI9DYEjy3AwLgt+F2pY9QK26uRtLscLTqBLj+qsg1U1c53B+Fg3cr
         gT20Ae6or217N1/do7l14qG6TNFZZk/U7K8M18NWhtDXR7C+IMMzUMjg1mUwyJKYvoDN
         X4ZK4Ne1Er1eBMK5/adYUwdY8vD26oqrF8gNxq0A8tOS3LzqLJ6NYSJzm97oAfX6yH/O
         jJoEgYDYzgG62PWoVSRpyspw8QR4rU8C0f60nBgHc2Y+F+/M6sdsgSz0U26jIDjqaUuI
         UEUg==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=RJH9YJ4c;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id y9si11966139edp.151.2021.03.10.02.33.01;
        Wed, 10 Mar 2021 02:33:24 -0800 (PST)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linaro.org header.s=google header.b=RJH9YJ4c;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S231828AbhCJK35 (ORCPT <rfc822;m15259695263@gmail.com>
        + 99 others); Wed, 10 Mar 2021 05:29:57 -0500
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35928 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232479AbhCJK3j (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 10 Mar 2021 05:29:39 -0500
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id BD80DC061760
        for <linux-kernel@vger.kernel.org>; Wed, 10 Mar 2021 02:29:38 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id m22so32555144lfg.5
        for <linux-kernel@vger.kernel.org>; Wed, 10 Mar 2021 02:29:38 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=linaro.org; s=google;
        h=mime-version:references:in-reply-to:from:date:message-id:subject:to
         :cc;
        bh=hZu8kYWcUsjJZQZLgu1XKiWKVJDy+c+Bw7NCUyMv0Bc=;
        b=RJH9YJ4ctf1i7yh5gwJmVZ6iIZEtaOi4hcZsPJS+3fHl6JJRW9vQcHUJuIbxI7ELPW
         4WWZ7RYqXaZCBUAmpCBQibq4rGpusj9qpj7lq4rIsorl11VcXQWfGJ/1U8KC/nXVH0lC
         X5enEIdvBbbV7lC+KCEhzTEZxen86rsiL5tYoCOGGj56VETxgkV3iU/jxhh+EA3a9RPu
         3rzJnssS2eVBVNTlQRd/h34engsUMq7A63Zn5Va3+VeF/B5tGfVPWLfn5WR4G2Mtxn0I
         9Ry+cNgqM6c5mrkJFQS4CxtCLc91eV+wfOLKMTeAdLbtGmTT4WDXeKYQ2R9eZ1bsyD1g
         Y35A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:references:in-reply-to:from:date
         :message-id:subject:to:cc;
        bh=hZu8kYWcUsjJZQZLgu1XKiWKVJDy+c+Bw7NCUyMv0Bc=;
        b=adFt2C/OrzM2YDPUhlylg51rm7hV2yIK+LmonKmS7WQUvS9e0kExBcGAwJXC2+HLWt
         YmCuZzv6ZZ2QvtofwVQrZ10ojFHr8p9SlbA2U3dHgQewub9l434g5AoRBUo8nemC+i7p
         BRzmjLpQMa4hhNL7H5IAi4y+vbj3zaKsIMsmmuaJ8cP4f+9ev5uPN8n1LwX3fcRJew5V
         v/yA9w7jMEnN3sl0LdFS7KbeuV6Ti/NiCfA4+uYUQDjcWCGR8SPOdetzEyfrrW2STJ9n
         dqxfUIB3/RtUm3JCIZBP5xEcYC8oLZHrY97+toxwdnDefoXe/SkVKWRrbyMugz7bpRGy
         CLAw==
X-Gm-Message-State: AOAM5319u7CSF4BBrwKZmuZmcsX9OFQHD4wAnkoLm6WUIdzrMUlnF3Q7
        t2SByN59IAEapLU5INYHgnJWJIkDxQVC+13cwh/B4A==
X-Received: by 2002:ac2:46db:: with SMTP id p27mr1639785lfo.396.1615372177245;
 Wed, 10 Mar 2021 02:29:37 -0800 (PST)
MIME-Version: 1.0
References: <20210303135500.24673-1-alex.bennee@linaro.org>
 <20210303135500.24673-2-alex.bennee@linaro.org> <CAK8P3a0W5X8Mvq0tDrz7d67SfQA=PqthpnGDhn8w1Xhwa030-A@mail.gmail.com>
 <20210305075131.GA15940@goby> <CAK8P3a0qtByN4Fnutr1yetdVZkPJn87yK+w+_DAUXOMif-13aA@mail.gmail.com>
 <CACRpkdb4RkQvDBgTMW_+7yYBsHNRyJZiT5bn04uQJgk7tKGDOA@mail.gmail.com>
 <6c542548-cc16-af68-c755-df52bd13b209@marcan.st> <CAFA6WYOYmTgguVDwpyjnt3gLssqW48qzAkRD_nyPYg0nNhxT2A@mail.gmail.com>
 <beca6bc8-8970-bd01-8de0-6ded1fb69be2@marcan.st>
In-Reply-To: <beca6bc8-8970-bd01-8de0-6ded1fb69be2@marcan.st>
From:   Sumit Garg <sumit.garg@linaro.org>
Date:   Wed, 10 Mar 2021 15:59:25 +0530
Message-ID: <CAFA6WYMSJxK2CjmoLJ6mdNNEfOQOMVXZPbbFRfah7KLeZNfguw@mail.gmail.com>
Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem
To:     Hector Martin <marcan@marcan.st>
Cc:     Linus Walleij <linus.walleij@linaro.org>,
        Arnd Bergmann <arnd@linaro.org>,
        "open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
        David Howells <dhowells@redhat.com>,
        Jarkko Sakkinen <jarkko@kernel.org>,
        Joakim Bech <joakim.bech@linaro.org>,
        =?UTF-8?B?QWxleCBCZW5uw6ll?= <alex.bennee@linaro.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Maxim Uvarov <maxim.uvarov@linaro.org>,
        Ilias Apalodimas <ilias.apalodimas@linaro.org>,
        Ruchika Gupta <ruchika.gupta@linaro.org>,
        "Winkler, Tomas" <tomas.winkler@intel.com>, yang.huang@intel.com,
        bing.zhu@intel.com, Matti.Moell@opensynergy.com,
        hmo@opensynergy.com, linux-mmc <linux-mmc@vger.kernel.org>,
        linux-scsi <linux-scsi@vger.kernel.org>,
        linux-nvme@vger.kernel.org, Ulf Hansson <ulf.hansson@linaro.org>,
        Arnd Bergmann <arnd.bergmann@linaro.org>
Content-Type: text/plain; charset="UTF-8"
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, 10 Mar 2021 at 14:17, Hector Martin <marcan@marcan.st> wrote:
>
> On 10/03/2021 14.14, Sumit Garg wrote:
> > On Wed, 10 Mar 2021 at 02:47, Hector Martin <marcan@marcan.st> wrote:
> >>
> >> On 09/03/2021 01.20, Linus Walleij wrote:
> >>> I suppose it would be a bit brutal if the kernel would just go in and
> >>> appropriate any empty RPMB it finds, but I suspect it is the right way
> >>> to make use of this facility given that so many of them are just sitting
> >>> there unused. Noone will run $CUSTOM_UTILITY any more than they
> >>> run the current RPMB tools in mmc-tools.
> >>
> >> AIUI the entire thing relies on a shared key that is programmed once
> >> into the RPMB device, which is a permanent operation. This key has to be
> >> secure, usually stored on CPU fuses or derived based on such a root of
> >> trust. To me it would seem ill-advised to attempt to automate this
> >> process and have the kernel do a permanent take-over of any RPMBs it
> >> finds (with what key, for one?) :)
> >>
> >
> > Wouldn't it be a good idea to use DT here to represent whether a
> > particular RPMB is used as a TEE backup or is available for normal
> > kernel usage?
> >
> > In case of normal kernel usage, I think the RPMB key can come from
> > trusted and encrypted keys subsystem.
>
> Remember that if the key is ever lost, the RPMB is now completely
> useless forever.
>
> This is why, as far as I know, most sane platforms will use hard fused
> values to derive this kind of thing, not any kind of key stored in
> erasable storage.

AFAIK, trusted and encrypted keys are generally loaded from initramfs
(as an encrypted blob) which happens during boot and if an attacker is
able to erase initramfs then it's already able to make the device
non-bootable (DoS attack which is hard to prevent against).

Although, I agree with you that fuses are the preferred way to store
RPMB key but not every platform may possess it and vendors may decide
to re-flash a bricked device via recovery image.

>
> Also, newly provisioned keys are sent in plain text, which means that
> any kind of "if the RPMB is blank, take it over" automation equates to
> handing over your key who an attacker who removes the RPMB and replaces
> it with a blank one, and then they can go access anything they want on
> the old RPMB device (assuming the key hasn't changed; and if it has
> changed that's conversely a recipe for data loss if something goes wrong).
>
> I really think trying to automate any kind of "default" usage of an RPMB
> is a terrible idea. It needs to be a conscious decision on a
> per-platform basis.
>

Agree and via DT method I only meant to assign already provisioned
RPMB device/s either to TEE or Linux kernel. And RPMB key provisioning
being a one time process should be carried out carefully during device
manufacturing only.

-Sumit

> --
> Hector Martin (marcan@marcan.st)
> Public Key: https://mrcn.st/pub