Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp735732rwb; Sat, 14 Jan 2023 07:37:19 -0800 (PST) X-Google-Smtp-Source: AMrXdXvmYNnUV2IFCY0eoTobTBSI44g/4/vdXFJTBcNei4bB2KwjF8PeHqD/R0g2+nAg8+Q+1Yaw X-Received: by 2002:a05:6a20:c196:b0:b2:36a6:d7b4 with SMTP id bg22-20020a056a20c19600b000b236a6d7b4mr106597595pzb.27.1673710639671; Sat, 14 Jan 2023 07:37:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673710639; cv=none; d=google.com; s=arc-20160816; b=PoPpOaNgm+R9wGiPUp4mIOztgL1kFE0ETBeip0b2OwCGSpp6l1yc5YB5uWgal6y4YZ 29rf53pC8dbpjNaTdEjhGqp7HKvQct6eVXszNX2QDtiG4D4FNLwyFskAr1w5Of3UfXvN lwva/+kZs6gsblMvKv1OXAUOplAZ0Atb5u02rbpZ/bC5TwTmwFE0VQBZ30rxWFwYlCiy AYvpw8+G5s8/vxnqe+ajgCd5dz85E0FtU399ELwpMPccjMRSl+vJs3xmNedpuqjHHT+3 y1VmQFj8UQE/fSt6SDqe+qedMWi20Za9yFvuTLrliHcG9RBwc4HaN943nJsiBVmGNu1m S8NA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=c3c8jaUlVE8BMYQeENjQTv3B3uo18OX21UOmGaxlhMQ=; b=wujurvwwI8epBlf9iqN/cOmQKs+5Bpa0qhi9zhuiPP/iV7Y1iVmcj7uLE5nX/8M1Ax fWf6wgXZZ6dMsStiyJ4jtqGtS2pW0WtCHTJ6pGIQ9yO+nRYlSuE77/4fDbS1lEh20VQg 0fStuzWwvRSv24fNH6wptCcEZqJ/GrNNEMRUD3BsYv1Gh1MhNvUmVc8mUQqxachAqXmU RjOjr9jTqYBrqs0j+trFHR7iwTexlBBVi8SRKSW9thvFcLweF/Nq2PnOb00p/vW4fKs6 3Bl3QGdqTsP8DGM1rYGXUBdRN3hM+jrKwnAszcwIHbIYbIS0XyanzY8p8yJMfnSsfFOM EBmw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=EvnliFJW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r20-20020a6560d4000000b0045c88c3b799si20970433pgv.709.2023.01.14.07.37.13; Sat, 14 Jan 2023 07:37:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20210112 header.b=EvnliFJW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229550AbjANPML (ORCPT + 52 others); Sat, 14 Jan 2023 10:12:11 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:39486 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229566AbjANPMJ (ORCPT ); Sat, 14 Jan 2023 10:12:09 -0500 Received: from mail-vk1-xa35.google.com (mail-vk1-xa35.google.com [IPv6:2607:f8b0:4864:20::a35]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DEE4A7ED9; Sat, 14 Jan 2023 07:12:08 -0800 (PST) Received: by mail-vk1-xa35.google.com with SMTP id t2so11501284vkk.9; Sat, 14 Jan 2023 07:12:08 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=c3c8jaUlVE8BMYQeENjQTv3B3uo18OX21UOmGaxlhMQ=; b=EvnliFJWEZs0lZwDnnXBFsDDFEQE8V/IsI3mi7QxRAiz0nEEC+bN+v8A4J8F5PzabA 7zrE82jDkkdVEd7/bkB4E4eAI+SIaRgEtWzpEJ6jOCxu8kze5TxoI2UDKjzI7Rfe9Ltx 87XYsiNYYh8NChEGH+FU9bGC1MkRaxTUVTc5f6PCVciAt4xXXEEQdXO1apJnX3gqheIT tCGs/zmTrNxJjnxnL/SWFrTbCLvtgxAlLvlzGUvDaRzzZ4EYUCT0xtHrKCGghQJ3HB1U 3RSiY5jzFI2hb6z9fC6FBQlW7OdizBhQ3O1ClhxQoRPQ8NiNqmsBamevFD6wdL4vI9Y4 HCaA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=c3c8jaUlVE8BMYQeENjQTv3B3uo18OX21UOmGaxlhMQ=; b=k2m9JsTqAjByF9zMlNaYYG0wsP/XkWr1H+kKuBfI5mPEDE4wieDpfjOF3/b3IGkNbj /4qOyrkrhFYUd60d8ixSu6WLSJk+t3VSM92a/H559jgwc9v9pxKdTqxclE/OtxMwmbPD bWjxZbaQcRdJ8uRD0OHVUCs7IzUX4yY/MWhG0l1L0lDX2EzasLowBOvRqX1lHs/WvfkY b2OC0X/nCTWPyOOr9ZPNeDDZo+FSrM8W6OHDs5btgPnZVVwdDGX29zahyzSMBFfcytVW mpQ6VRd6PGGOiVWCgdwwJmmpqGyDghvGv0nMAuwD+5lsKcTuFvd4yFDlbOJeOUDR9JyC ah0A== X-Gm-Message-State: AFqh2kqCOr1cwKEDItyTDlmA58GelGUHtJyVLzfRNEzyGNM3wSVHhMLz j/eIXhV9wJyJByuEYOe/+bySzY8EC1+ct/jf6EA= X-Received: by 2002:a1f:4547:0:b0:3db:953:b832 with SMTP id s68-20020a1f4547000000b003db0953b832mr1139154vka.0.1673709127810; Sat, 14 Jan 2023 07:12:07 -0800 (PST) MIME-Version: 1.0 References: <20221111231636.3748636-1-evgreen@chromium.org> <20221111151451.v5.3.I9ded8c8caad27403e9284dfc78ad6cbd845bc98d@changeid> <8ae56656a461d7b957b93778d716c6161070383a.camel@linux.ibm.com> <08302ed1c056da86a71aa2e6ca19111075383e75.camel@linux.ibm.com> In-Reply-To: <08302ed1c056da86a71aa2e6ca19111075383e75.camel@linux.ibm.com> From: William Roberts Date: Sat, 14 Jan 2023 09:11:56 -0600 Message-ID: Subject: Re: [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use To: jejb@linux.ibm.com Cc: Matthew Garrett , Evan Green , linux-kernel@vger.kernel.org, corbet@lwn.net, linux-integrity@vger.kernel.org, Eric Biggers , gwendal@chromium.org, dianders@chromium.org, apronin@chromium.org, Pavel Machek , Ben Boeckel , rjw@rjwysocki.net, Kees Cook , dlunev@google.com, zohar@linux.ibm.com, jarkko@kernel.org, linux-pm@vger.kernel.org, Matthew Garrett , Jason Gunthorpe , Peter Huewe Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM, RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 14, 2023 at 8:55 AM James Bottomley wrote: > > On Tue, 2023-01-03 at 13:10 -0800, Matthew Garrett wrote: > > On Tue, Jan 3, 2023 at 1:05 PM William Roberts > > wrote: > > > > > What's the use case of using the creation data and ticket in this > > > context? Who gets the creationData and the ticket? > > > Could a user supplied outsideInfo work? IIRC I saw some patches > > > flying around where the sessions will get encrypted and presumably > > > correctly as well. This would allow the transfer of that > > > outsideInfo, like the NV Index PCR value to be included and > > > integrity protected by the session HMAC. > > > > The goal is to ensure that the key was generated by the kernel. In > > the absence of the creation data, an attacker could generate a > > hibernation image using their own key and trick the kernel into > > resuming arbitrary code. We don't have any way to pass secret data > > from the hibernate kernel to the resume kernel, so I don't think > > there's any easy way to do it with outsideinfo. > > Can we go back again to why you can't use locality? It's exactly > designed for this since locality is part of creation data. Currently > everything only uses locality 0, so it's impossible for anyone on Linux > to produce a key with anything other than 0 in the creation data for > locality. However, the dynamic launch people are proposing that the > Kernel should use Locality 2 for all its operations, which would allow > you to distinguish a key created by the kernel from one created by a > user by locality. > > I think the previous objection was that not all TPMs implement > locality, but then not all laptops have TPMs either, so if you ever > come across one which has a TPM but no locality, it's in a very similar > security boat to one which has no TPM. > I also usually stick to features within the PTP spec[1], which includes the locality support. +2 for locality, I responded somewhere that I also support locality. I was thinking more of TPM2_PolicyLocality I didn't realize that's within the creationData. I was thinking more along the lines of, can I wield the key over "did my locality create it". I'm not sure what other protections are on the key,are there any protections preventing them from wielding it and using it to sign something nefarious? 1. https://trustedcomputinggroup.org/wp-content/uploads/TCG_PC_Client_Platform_TPM_Profile_PTP_Specification_Family_2.0_Revision_1.3v22.pdf > James >