Received: by 2002:a05:6358:d09b:b0:dc:cd0c:909e with SMTP id jc27csp13646260rwb; Sun, 27 Nov 2022 08:58:56 -0800 (PST) X-Google-Smtp-Source: AA0mqf6SV4A/1O7g5zY/XgDARzBBenYRCYHLrhg6VXqvzSDAKkU1O3Alrdsh1Ko+GY/905HcEgpi X-Received: by 2002:a17:902:b286:b0:17f:8514:cf33 with SMTP id u6-20020a170902b28600b0017f8514cf33mr29070131plr.101.1669568336601; Sun, 27 Nov 2022 08:58:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1669568336; cv=none; d=google.com; s=arc-20160816; b=BR66rCXkxe9mk2UsJXaITQz2ECNmzzn2+tKSaL89sgfmZZwqDywTZDeILChDF8Lm3K I7jznBrtGR+brTGZw+Lgizasam8g+a7nxgpkdWnKB5tzFTSh7DvYA593qdh4owXElSyd tjFBMud+imh+uOXp7e9avyKhzVG8jMh9tG5hv35vxmXucGAT/wUwkCIGwq0pJ+Hvn3SE WjTfkXtdrqPSiGp4tshT1cigLjl8cL8hGgrVTzOGZ0O3YqAocYfsu4+aSmXc/BOe+IOu gZssyf/WzKtP4LWYfBHDbaRBfSJCUH7qiWGs/crs78EYUJl0r7QdGsEjhFpCu2iYLaOA Tktg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:mime-version:content-transfer-encoding :user-agent:references:in-reply-to:date:cc:to:reply-to:from:subject :message-id:dkim-signature; bh=k6hjmKrYDOyQ1On21ylkpvTYpuTpRppN+bfdSxZ3qw8=; b=yumcERf15KVU2GD8ss4Y1Y4K4Tg9Eul9F2edt++CUjh5GRKq/ShPOUv2Z8WqrAsNP3 tVO/OA/xJTOQ5BEP7H1uQD4MQEpwfvnjClMvP+3FPaiL7q2mKY483P0QGOu2UDo6bsj+ xwjSFVQLJrHGYJse3fo4FHRGyWK+5uQs31yH3uWnWgdhCamTBAwgAw+J/wdQLYVEOc+w xE8q0gUW6JMQ1nqhr5sGSkvt4x+7J//JZnWz+cOUcFDXrmBq6PYs8uFA1typuep7RUFm ikOaRb3hVV7lp4zAu6NgHFpMPH+EGyatIRXBine5Z/v4/1H47XuRfvVBSlW4/MEGGPmQ DpSA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=sAZIOq6a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id pw6-20020a17090b278600b00218ee363d60si10729202pjb.139.2022.11.27.08.58.45; Sun, 27 Nov 2022 08:58:56 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=sAZIOq6a; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229582AbiK0Ql7 (ORCPT + 84 others); Sun, 27 Nov 2022 11:41:59 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39140 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229581AbiK0Ql6 (ORCPT ); Sun, 27 Nov 2022 11:41:58 -0500 Received: from mx0a-001b2d01.pphosted.com (mx0b-001b2d01.pphosted.com [148.163.158.5]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A348964CF; Sun, 27 Nov 2022 08:41:56 -0800 (PST) Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 2ARDsK1B009989; Sun, 27 Nov 2022 16:41:34 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : subject : from : reply-to : to : cc : date : in-reply-to : references : content-type : content-transfer-encoding : mime-version; s=pp1; bh=k6hjmKrYDOyQ1On21ylkpvTYpuTpRppN+bfdSxZ3qw8=; b=sAZIOq6aXYKMDJezR4tbMr12JlY7xhtHu7XrfS20W4eq6xcismuv/mLt8zmg46HTmLhP FHcq+6oC8OQVZ5hQoMowPTEY30a0xEGjrCzsIfXWQZ0gKR7KO8t33AlX68EG0WInnLqR JCAHxOEZ/2kbDNTMnK/KT85PC7OuNUskj7gGpBQkgydxj1iqwP0vjqBKogco6qYMCb/k cwINmMtM1j8tdIBpA3BsRiMQvIuy/Dc10ocUFVVqSET0AudfriojmtB0KLNkziml5jwg S70kW0/QbkxV4ofj6qQtA50KpwpriAVEixHvONbdAG76eZIvntxtvoKTqCju40agsh1C EA== Received: from pps.reinject (localhost [127.0.0.1]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3m3vy1kkxq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Nov 2022 16:41:34 +0000 Received: from m0098416.ppops.net (m0098416.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 2ARGY1Jp003773; Sun, 27 Nov 2022 16:41:33 GMT Received: from ppma03dal.us.ibm.com (b.bd.3ea9.ip4.static.sl-reverse.com [169.62.189.11]) by mx0b-001b2d01.pphosted.com (PPS) with ESMTPS id 3m3vy1kkxd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Nov 2022 16:41:33 +0000 Received: from pps.filterd (ppma03dal.us.ibm.com [127.0.0.1]) by ppma03dal.us.ibm.com (8.16.1.2/8.16.1.2) with SMTP id 2ARGZrUL005409; Sun, 27 Nov 2022 16:41:32 GMT Received: from b03cxnp08026.gho.boulder.ibm.com (b03cxnp08026.gho.boulder.ibm.com [9.17.130.18]) by ppma03dal.us.ibm.com with ESMTP id 3m3ae92hka-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sun, 27 Nov 2022 16:41:32 +0000 Received: from b03ledav004.gho.boulder.ibm.com (b03ledav004.gho.boulder.ibm.com [9.17.130.235]) by b03cxnp08026.gho.boulder.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 2ARGfawB66060702 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Sun, 27 Nov 2022 16:41:36 GMT Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id AA6B67805E; Sun, 27 Nov 2022 17:48:01 +0000 (GMT) Received: from b03ledav004.gho.boulder.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BE4AB7805C; Sun, 27 Nov 2022 17:47:58 +0000 (GMT) Received: from lingrow.int.hansenpartnership.com (unknown [9.211.83.181]) by b03ledav004.gho.boulder.ibm.com (Postfix) with ESMTP; Sun, 27 Nov 2022 17:47:58 +0000 (GMT) Message-ID: <53e3d7f9cc50e1fe9cf67e7889c6b5498580e5d9.camel@linux.ibm.com> Subject: Re: [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use From: James Bottomley Reply-To: jejb@linux.ibm.com To: Jarkko Sakkinen Cc: Evan Green , linux-kernel@vger.kernel.org, corbet@lwn.net, linux-integrity@vger.kernel.org, Eric Biggers , gwendal@chromium.org, dianders@chromium.org, apronin@chromium.org, Pavel Machek , Ben Boeckel , rjw@rjwysocki.net, Kees Cook , dlunev@google.com, zohar@linux.ibm.com, Matthew Garrett , linux-pm@vger.kernel.org, Matthew Garrett , Jason Gunthorpe , Peter Huewe Date: Sun, 27 Nov 2022 11:41:26 -0500 In-Reply-To: References: <20221111231636.3748636-1-evgreen@chromium.org> <20221111151451.v5.3.I9ded8c8caad27403e9284dfc78ad6cbd845bc98d@changeid> <8ae56656a461d7b957b93778d716c6161070383a.camel@linux.ibm.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 X-TM-AS-GCONF: 00 X-Proofpoint-GUID: cEa4o1PP5XpzkFbD6hFuYeIpEmegleO2 X-Proofpoint-ORIG-GUID: bvbRP1YdK5h8wgSgpkrgDUZ_F5ZAInju Content-Transfer-Encoding: 8bit X-Proofpoint-UnRewURL: 0 URL was un-rewritten MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.895,Hydra:6.0.545,FMLib:17.11.122.1 definitions=2022-11-27_08,2022-11-25_01,2022-06-22_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 malwarescore=0 lowpriorityscore=0 bulkscore=0 impostorscore=0 phishscore=0 mlxlogscore=917 clxscore=1011 mlxscore=0 priorityscore=1501 adultscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2210170000 definitions=main-2211270139 X-Spam-Status: No, score=-2.0 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sun, 2022-11-27 at 18:33 +0200, Jarkko Sakkinen wrote: > On Mon, Nov 14, 2022 at 12:11:20PM -0500, James Bottomley wrote: > > On Fri, 2022-11-11 at 15:16 -0800, Evan Green wrote: > > > Introduce a new Kconfig, TCG_TPM_RESTRICT_PCR, which if enabled > > > restricts usermode's ability to extend or reset PCR 23. > > > > Could I re ask the question here that I asked of Matthew's patch > > set: > > > > https://lore.kernel.org/all/b0c4980c8fad14115daa3040979c52f07f7fbe2c.camel@linux.ibm.com/ > > > > Which was could we use an NVRAM index in the TPM instead of a PCR?  > > The reason for asking was that PCRs are rather precious and might > > get more so now that Lennart has some grand scheme for using more > > of them in his unified boot project.  Matthew promised to play with > > the idea but never got back to the patch set to say whether he > > investigated this or not. > > Even for PCR case it would be better to have it configurable through > kernel command-line, including a disabled state, which would the > default. > > This would be backwards compatible, and if designed properly, could > more easily extended for NV index later on. Um how? The observation is in the above referenced email is that PCR23 is reserved in the TCG literature for application usage. If any application is actually using PCR23 based on that spec then revoking access to user space will cause it to break. This is an ABI change which is not backwards compatible. You can call it a distro problem if it's command line configurable, but the default would be what most distros take, so it's rather throwing them under the bus if there is an application using it. Of course, if no application is actually using PCR23, then it's probably OK to use it in the kernel and make it invisible to user space, but no evidence about this has actually been presented. James