Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp821093pxp; Wed, 9 Mar 2022 13:26:09 -0800 (PST) X-Google-Smtp-Source: ABdhPJyjam5g9PJ8GsTb2cWQ9sRKRl6IFl0Pt9+clqKFInESCTedW566Bn2Vks3Z1tGQH5V6JDsM X-Received: by 2002:a17:902:7287:b0:153:ce9:d629 with SMTP id d7-20020a170902728700b001530ce9d629mr1679187pll.25.1646861169692; Wed, 09 Mar 2022 13:26:09 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1646861169; cv=pass; d=google.com; s=arc-20160816; b=UjLC8fYq6nYFd/al3DzOzABbjUfwEwoerBvavLIgKjozr7JuqUa/q3/yT0oT587LdX KYnc+J83fBtmTxSuiRzTDZjEwxFyeHF0q6qVadebV9f98yiw4hPYrYutMua7sjilTqL3 UHI9iNeodHWMbSVjbqeBLbMqIfSedF/eDLI5TsmXt+G4uQZIzu3P38NQ6QsfPc6ZZE95 LIQh6x//K9m4eaGdgUOrgrQr2mHl7pUy9JFSFgWL49r3l9h4oPPo3C5z8CianTpCvL66 TVnUeOrq14YFgfEWXN8p2ie07woeXFy8/rbVhiT6meA00ByAczy8vDOL11ql54SEugbH dRCg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-id:content-language :accept-language:in-reply-to:references:message-id:date:thread-index :thread-topic:subject:cc:to:from:dkim-signature; bh=CaO3rycb2hQFNcTYCKw8XzBrhdmzulJeQJCErwlPENw=; b=pdqJVeTYrNHrnty5k0oK0hM4Jp1+FhTOeFuojJbqLiUBx4cGBvAEpgDue1jIjvXUT6 3KoIuf1XRMg6PNNoqXSN9S6lTXlkwtIgbogSK6fsiR9MTVZW63XyiIqhyvIJED0w6Gl5 PyS+oO233KkiVMneuBVGmLGtFtUbqCnXTo7etVOAeds98YFue39RUaB4AczY8wOt4Io3 OgCFjyVhcLRArz1W7uBneLTyc+JFdFUtH3xnlq3iu/H4n450+0pkEc8D689SHwPlbhZW DP+ddNLp+FM76d7h/1fRTOA0PAhTIBS+jwiCVpIrrD/bYX6O66rjkb++trirGzoCshcX h8Jg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=GKaE1QiO; arc=pass (i=1 spf=pass spfdomain=fb.com dkim=pass dkdomain=fb.com dmarc=pass fromdomain=fb.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id q4-20020a17090311c400b0014f8edcf835si3167782plh.547.2022.03.09.13.25.53; Wed, 09 Mar 2022 13:26:09 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@fb.com header.s=facebook header.b=GKaE1QiO; arc=pass (i=1 spf=pass spfdomain=fb.com dkim=pass dkdomain=fb.com dmarc=pass fromdomain=fb.com); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fb.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234510AbiCIR4Z (ORCPT + 99 others); Wed, 9 Mar 2022 12:56:25 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:54252 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235389AbiCIR4Q (ORCPT ); Wed, 9 Mar 2022 12:56:16 -0500 Received: from mx0b-00082601.pphosted.com (mx0b-00082601.pphosted.com [67.231.153.30]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EF313E38B3; Wed, 9 Mar 2022 09:55:14 -0800 (PST) Received: from pps.filterd (m0109332.ppops.net [127.0.0.1]) by mx0a-00082601.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22961Ncg005807; Wed, 9 Mar 2022 09:55:14 -0800 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fb.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : mime-version; s=facebook; bh=CaO3rycb2hQFNcTYCKw8XzBrhdmzulJeQJCErwlPENw=; b=GKaE1QiOZUWwkU7WcMlChaOQYMFkvholxOcfQGPq/wDgXy1kxEeGkhg+V0LaMHjSv0+F LJiT7OHyeiZ2G51h4JL2biF93pa3yjJKTPQUIdjYryd1ovi/M3sl2raA0FBM5aaRifSv 9uqmsbz1afhUpggIHNxTlCpCUEiAgO55vmY= Received: from nam10-bn7-obe.outbound.protection.outlook.com (mail-bn7nam10lp2103.outbound.protection.outlook.com [104.47.70.103]) by mx0a-00082601.pphosted.com (PPS) with ESMTPS id 3eppkk3ybp-2 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 09 Mar 2022 09:55:13 -0800 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OhR9dwxhWqnp5oDCyLcY7Ko67uCeTEbp0CUQ+5tqz1F5xzLQHwYr5gVEx9cVjO/vHeGFRWvuiKTkXxagD5bta1UdleJrssCyUCSAenxATPExulaS0AmIBAA9TWXRL0zHw3SjvTv5o1zcyICWSlbqTaut4xdGOeyjrBo/Wl4L6yqhipVvdyN1F3wRXNmK/y+VHOcPhehzpiEm1UfyZGWZ3hZzjan8mFAmiR7XrbV0g/4ahuY8AuVTPwRktFnAzeY7Csbb/1XhdANWy+akPxLLCtkHARJoiKRH5xhmrccA4uGgIrXulelAqr9GkZalUC9wj7C5oZ5j9eulF7hvZTfmJg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=CaO3rycb2hQFNcTYCKw8XzBrhdmzulJeQJCErwlPENw=; b=od4rCD0BffehJWy9Ez4l74/doB4qKnJYiUzF4Ncrbh8AWRJoBqOv5KEaKlQBFBMCIUBvY5zeVK/8pJ9whz15wIoxORaoH4Axh2f9UOiAp96HlS8YzolobwKbnHnjpVaLbkb9Bet0TuM5xzGfenM7JatJBIluJNUe5JN/ZOh/2uZsHf5dXeeL9z95eSZyHFSHd1CnxkvpkUAEQHEjwi7HgR6yt93ZLHwHsn7udpk3iQuwlZnwWSGVRi4Xmn4Nlfc1GQK6ArwVVulHuY0o2VbHHErZJk1ILQELvnSVhTdZg8PNQcRkCkSQSBM5iZ8om8TJokL7Z+tXTgXIjb20SriXGA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=fb.com; dmarc=pass action=none header.from=fb.com; dkim=pass header.d=fb.com; arc=none Received: from SJ0PR15MB4552.namprd15.prod.outlook.com (2603:10b6:a03:379::12) by MN2PR15MB2878.namprd15.prod.outlook.com (2603:10b6:208:e9::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5061.21; Wed, 9 Mar 2022 17:55:11 +0000 Received: from SJ0PR15MB4552.namprd15.prod.outlook.com ([fe80::7cbb:e9df:5833:370e]) by SJ0PR15MB4552.namprd15.prod.outlook.com ([fe80::7cbb:e9df:5833:370e%8]) with mapi id 15.20.5038.027; Wed, 9 Mar 2022 17:55:10 +0000 From: Jonathan McDowell To: Matthew Garrett CC: Dmitrii Okunev , Hans de Goede , Mark Gross , Qiaowei Ren , Xiaoyan Zhang , Pavel Machek , Greg Kroah-Hartman , "x86@kernel.org" , "linux-kernel@vger.kernel.org" , "platform-driver-x86@vger.kernel.org" Subject: Re: [RFC PATCH] platform/x86: Add sysfs interface for Intel TXT status Thread-Topic: [RFC PATCH] platform/x86: Add sysfs interface for Intel TXT status Thread-Index: AQHYM6IJ2oHmymlKRU22/keFD+BGbqy24J6AgAB0YAA= Date: Wed, 9 Mar 2022 17:55:10 +0000 Message-ID: References: <1368465884-14779-1-git-send-email-qiaowei.ren@intel.com> <1368465884-14779-3-git-send-email-qiaowei.ren@intel.com> <20130516160311.GA12299@amd.pavel.ucw.cz> <4febd50da7e5007a2797e0f4c969fa5edd0bf725.camel@fb.com> <20220217123753.GA21849@duo.ucw.cz> <0cf678e0b01bf421f3db6693a15ac4060501a80a.camel@fb.com> <20220222093101.GA23654@amd> <20220309105343.GA14476@srcf.ucam.org> In-Reply-To: <20220309105343.GA14476@srcf.ucam.org> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 9a1897f4-ff79-4c5c-7128-08da01f5f460 x-ms-traffictypediagnostic: MN2PR15MB2878:EE_ x-microsoft-antispam-prvs: x-fb-source: Internal x-ms-exchange-senderadcheck: 1 x-ms-exchange-antispam-relay: 0 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: O5b2qXsMmL6JB/g4Zy36m2V1kapJDQ+zqpQmYHRwXyQTBMhGzRIPkLOvsiFj8e0RbOH5FnmIgqLercU+4VBc9q1P5SP5PZwDeC1o1aACeqIfZMTzUKjQleUXxx8VFF1ms768P25FrLvl1kjYO9ija53dEEepqYJVywiDYJ89/CHxUKQJYpqE2q4ddBQpUwI8KuXPvOXA8rL1SMNlY0kZAIXlcmxz9gA39KLbcxFAydcSbLPg1p9bbiJGAATjS8gKht4qBybvDJu2pHL8grsk/f8f/lkHme/FxgS4ucuIjEVYJloJEfZ2Ukqom0eg/4QTKFK2vI2KxuCFnN4quqnjlJiN17FKr6MmOgkeXudMraOuZqqO5ZCuC26AXEQvnLma9eTstdghss/sjXyVhBnfDF6YpsGMEmN6TcHQuocCBT8Mvvf5BPJEM0zsLEF7B+0QI8T3VUSW/qrLmPqHwKvsTW58wyd0nSSBJYUhO5fBuO02ClM+aGv4fjaa2uoDJuDMuh/sDjkTk+iM9nobxz9so3FzXRnsnHvxHK2Eu/ERlsWw6ckV4dlEfvngibjo/ha61fTB/cCCPT+ZY1qodgDdTQEvND5RSHb4XCasF8q1aHILr9jZymuY6/0iwco/pghiniZwGEjVWNP5t49zPqqztnxi7g0x0NdDp7+Lw8i4orfYNdhk+TRA9awDTpr9e9FbYVlPgvWQ/sa/2MSp++I+Eg== x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:SJ0PR15MB4552.namprd15.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230001)(366004)(5660300002)(83380400001)(8936002)(7416002)(26005)(508600001)(54906003)(91956017)(76116006)(71200400001)(4326008)(66946007)(66446008)(66556008)(66476007)(86362001)(6506007)(6512007)(9686003)(2906002)(8676002)(6486002)(186003)(122000001)(38100700002)(38070700005)(316002)(6916009)(64756008);DIR:OUT;SFP:1102; x-ms-exchange-antispam-messagedata-chunkcount: 1 x-ms-exchange-antispam-messagedata-0: =?us-ascii?Q?+m5ncWm6Q9Dfw5VDvl0ygROpWDCkld0a9yaj/KTfCrFoVLhCF8oXf8QkXs7H?= =?us-ascii?Q?SdfE+7TUFL072wkpRj9CEa4FjqvE2VIWo7jrVTyUIF5m0TulQVvXWul9bDj+?= =?us-ascii?Q?ZBLR7hZxMh2OzVzKrTvIl+yJ8X8oO9X9xXIZ2MNdNHayztYv8Ydn5RX4QeKd?= =?us-ascii?Q?+0pwSG3Tw1HS4WQvbYJQ026h4tbW1TFPyR8ErGjH2JCaiWep9zbGvdLJe21P?= =?us-ascii?Q?vy7Sin2/B//SuAfSq2HWWy0+lEnKaVya81F1zfrTMX/wh1qAboB9moJm/Czz?= =?us-ascii?Q?HdgYTK72V6i/YvXQ3KGuHynAqjWzv35GvuZGLw0AHtZ1lMr82za6fVMUvEFL?= =?us-ascii?Q?dksOQ8a/ekmFbs1T4ObxUWostmJ5jkVIBaDPbZYQ45I5rKWvn/FdEnVqjHQ/?= =?us-ascii?Q?3yndT/dF1QGSfjarH+yt1hEQYso/szCURhl7lJcP2786prGtOOLpIghjlcUx?= =?us-ascii?Q?OYjwsk/xDp4Ig3IAFI4GAaKDprHS5JJjYmaf7N0jBNKiKRn5g//OEOK1tkr2?= =?us-ascii?Q?Th8r8SpEnhufSDqPTkzWjjg32Ut7ZX+41STfvsMuEbDfFaBgpyT1kD9VF6h8?= =?us-ascii?Q?ejA1mZGB4Ltpz4RKx3aFyFIxQ2Ver1GMMaNyaXUMdMptSDSPk/e3+r1KUMBd?= =?us-ascii?Q?nxlGvf0iZgOusF9IfkCS+vUQK09mArzE1PWLSbPWL2JggxJ3vbBFkg9v0y8q?= =?us-ascii?Q?fz4ksq8EDphQUMuOO3FhA2zfZEmZkaOiKAPX83zzM5mV5Db9ONry0uvVK9up?= =?us-ascii?Q?JQp3yOSsa6WF7hMoIW+ZbssdpW1uqu7W1La4X7zfIwU9pRfjeJFEDA9dekXa?= =?us-ascii?Q?9r1R9cAMLANFCilKu0rlfYlN9eYnX6bgtzf48AkKAZ3gL9J02ge8xK9aYso1?= =?us-ascii?Q?eDWP2ZGWvHUUfWJzqwcssc5zIcnOJ82ykbLdl9u/2wCH2OfjL3Z0BasuAcd7?= =?us-ascii?Q?f0mQcAAl1hbRrTPWWPXNhACloqTnt+PimFu+Ibe6r58ulkDkfsGotmKTQwcK?= =?us-ascii?Q?YjN7H7BD0YHgFQcf5NVu6JBql0LPF57sj9aDQ2B8g9zMYbnjEaSBMkowoCje?= =?us-ascii?Q?T2cqJ+4ymsmP8VJIsQXEuynJPvILeFusBuXcr9gPdn3iE9ioeNI2Fco5FHOa?= =?us-ascii?Q?hk1ze7SrBTP+KjjREPBYVgh9layj29R7niBXWHuv+gtHEPrIEhlNuRHrtfqe?= =?us-ascii?Q?320w37CjUGB7Ujxozfi7tG+IsTIDVsFTGw1vE3J9vvIQr3MvHXLicjkjPVZM?= =?us-ascii?Q?u+UjICfTSU+xPFrixwkqCx2ELhQHhee+gUnke557HlyS3i4DNxxJwKLH/vx0?= =?us-ascii?Q?pigF85CK8De0UbEUjsNMbACPPtoIMF6rLaoQ7m825FKO5b/eMSLi+fdkD1u+?= =?us-ascii?Q?sfGZ4J6h63DgmozoCxnq3fpXLJlI+JitQkgrvhLqcoa1xmEdSsHigOuBvhjq?= =?us-ascii?Q?qn5gyz75KVgpcUkq5/gwNVQ+/olKqcMy?= Content-Type: text/plain; charset="us-ascii" Content-ID: <95FBBE519844CF46B5283C91411AFD97@namprd15.prod.outlook.com> MIME-Version: 1.0 X-OriginatorOrg: fb.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-AuthSource: SJ0PR15MB4552.namprd15.prod.outlook.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a1897f4-ff79-4c5c-7128-08da01f5f460 X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Mar 2022 17:55:10.2735 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 8ae927fe-1255-47a7-a2af-5f3a069daaa2 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: +ht1zI705tHMD8qLFQVDQBNUyzuORnyL+K7BsQNWWGWQSm7OJwLHA7qr10UO+huz X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR15MB2878 X-Proofpoint-ORIG-GUID: FNk62J3Usc3oenJTUapHTd-hyUABQ9PC X-Proofpoint-GUID: FNk62J3Usc3oenJTUapHTd-hyUABQ9PC X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.816,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-09_07,2022-03-09_01,2022-02-23_01 X-Spam-Status: No, score=-3.3 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Mar 09, 2022 at 10:53:43AM +0000, Matthew Garrett wrote: > On Wed, Mar 09, 2022 at 10:40:03AM +0000, Jonathan McDowell wrote: > > > This module provides read-only access to the Intel TXT (Trusted > > Execution Technology) status registers, allowing userspace to determine > > the status of measured boot and whether the dynamic root of trust for > > measurement (DRTM) has been fully enabled. > > So there's the obvious issue that in the event that the system has been > compromised this information is no longer trustworthy - is this expected > to just be informative for diagnostic purposes rather than forming any > part of security policy? This is purely for diagnostic purposes when the system ends up in an unexpected state, to aid automated remediation. In particular dealing with unexpected PCR0 values that have failed attestation; the state of TXT helps with trying to diagnose how we got to the unexpected value. > > + These registers provide details about the status of the platform's > > + measured launch and execution environment, allowing userspace to > > + make trust based decisions. See tboot > > Mm. This makes it sound like it's expected that userspace make decisions > based on this, which sounds like a bad plan? I should clean up the description to be clearer for v2. > > +/* Shows if TXT has been enabled */ > > +static int txt_enabled_show(struct seq_file *m, void *v) > > +{ > > + /* If the BIOS has enabled TXT then the heap base will be set */ > > Sorry it's not that I want to say "Wait are you trusting that the BIOS > will do the right thing here" but wait are you trusting that the BIOS > will do the right thing here? Does setting the heap base guarantee that > TXT was enabled (and, conversely, are there any scenarios where TXT was > enabled and the BIOS could have cleared the heap base after a > measurement event?) If the BIOS hasn't enabled the heap then it won't have been able to pass any data to the system for a managed launch environment, so I think it's fairly safe to assume if it's never been set we're not in a situation where anything has tried to initialise TXT. If we're in a situation where we've tried to initialise it and then something has gone wrong and the BIOS has managed to clear it that's probably a firmware bug and I'd expect to see some status register oddities too. We're not trusting the BIOS here, we're just using the fact the heap is actually setup to indicate that we've tried to do TXT in terms of diagnosis. (And, in fact, one of the failure modes we've seen is where TXT is supposed to be configured in the BIOS but it doesn't actually get setup at all and we correctly see a 0 entry here.) > > +/* Shows the 256 bit hash of the public key */ > > +static int txt_key_show(struct seq_file *m, void *v) > > +{ > > + seq_printf(m, "%016llx%016llx%016llx%016llx\n", > > + cpu_to_be64(*(u64 *)(txt_pub_regs + TXT_CR_PUBLIC_KEY)), > > + cpu_to_be64(*(u64 *)(txt_pub_regs + TXT_CR_PUBLIC_KEY + 8)), > > + cpu_to_be64(*(u64 *)(txt_pub_regs + TXT_CR_PUBLIC_KEY + 16)), > > + cpu_to_be64(*(u64 *)(txt_pub_regs + TXT_CR_PUBLIC_KEY + 24))); > > What's the expected consumer of this, and what are they expected to do > with it? I added it purely because txt-stat is already showing it, and it differs between platforms. I note 315168-017 says newer platforms use CPU MSRs 0x20::0x23 instead. So it's informational at this point for older platforms. J.