Received: by 2002:a05:6358:a55:b0:ec:fcf4:3ecf with SMTP id 21csp1348223rwb; Sat, 14 Jan 2023 19:15:46 -0800 (PST) X-Google-Smtp-Source: AMrXdXtvarxA0yEIkPY9BTxj2ac9kVW2yQSUl3MqBTid83ac+yKQnYsRDbIrIdbrVTfhmUk2fiXY X-Received: by 2002:a17:906:f193:b0:84d:3403:f4f4 with SMTP id gs19-20020a170906f19300b0084d3403f4f4mr24017812ejb.64.1673752546448; Sat, 14 Jan 2023 19:15:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1673752546; cv=none; d=google.com; s=arc-20160816; b=szyY3Fph7QYUR4vothhFasI1lV39AO6alaoqwV34DPsjWxjbXty+RVSHwanTAgbaBl drrsxjqb9/ODyPLLP6qrd/KSwnytnOpqGCTQp0rGqVNTwiJTxrZSGGmHO6ooM1qN2cbR tA5YGTSwDO0F0uWeRRO1s/AwBkSQ3l2ise0BEoXhjhAtMr1ZBMKLfpqCuMJ16bGCL95C hzDdncXH6GKyBPOgRhj5x6N0Qp+xmzOXs75k76wMzWpVwNV3/bPmaAnQfoXqGTROvHll Mh3sg1FxziXkawGURV6YFs94gyPCcKnYUCwZKy2ypfMbD+fifDo7R7O29HZfkElUfnKw +N1g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=EH090np8Bxqv0c4tiln2a2Jkj01lR68xoqEAzkjHOQs=; b=VSzGaDR6gue6O8wq/ZqIo3N+mQf3xQOOKGR3evVE1urGrxLszTh4sT1zdUA1U/9WkY PIz0rnkUzIGE5BYeSLRIkQiFzm3V1JfpnC9JW0DBwITvWA/ZeXfEhEgDjdcQ6NU6Q+pR z2jPmjNL7scnW0h1Yw8q2a0FOxWh8ZQwlEjSIotyOyosyQc8shtctkg7l2uhnvAs1vPV LX40MYWPVV4NIUVCUfvqiOw16MviVS2m6st0L6KiKo6bq1aOpAVST+FFBBTmGb0tGx8H sm4GM0AlWRAQ5ovhSFPCvgouDaMmbDXQPgDmR3Lf1ROsphonK0suSVjg/S+gYGllOSjT fn7A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@aurora.tech header.s=google header.b=ADqrq2bR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=aurora.tech Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id go44-20020a1709070dac00b0084d45631a5dsi3656758ejc.587.2023.01.14.19.15.31; Sat, 14 Jan 2023 19:15:46 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@aurora.tech header.s=google header.b=ADqrq2bR; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=aurora.tech Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230344AbjAODFU (ORCPT + 52 others); Sat, 14 Jan 2023 22:05:20 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:32816 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229906AbjAODFR (ORCPT ); Sat, 14 Jan 2023 22:05:17 -0500 Received: from mail-ed1-x52f.google.com (mail-ed1-x52f.google.com [IPv6:2a00:1450:4864:20::52f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 655D6A260 for ; Sat, 14 Jan 2023 19:05:16 -0800 (PST) Received: by mail-ed1-x52f.google.com with SMTP id w14so19089982edi.5 for ; Sat, 14 Jan 2023 19:05:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=aurora.tech; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=EH090np8Bxqv0c4tiln2a2Jkj01lR68xoqEAzkjHOQs=; b=ADqrq2bRHD6bWqlePVTckbpGSwn1Q/L9k+JpMyRf7MJmd9aqHCPYFvAewGitMOfTMS jMrmVjmTDrObohAP2QJP2ISuLbcMJpir7gLp5tI9dxFSydo4Nx/sBbGJYMKOwyZWDGaP /OOjUjSAfOwZhlfclxO9MjB33uTEZx9Iv07HoSDn0qP6FlSxYsN5E+M+dM5N+389NAC5 9V11RsxEuqBMDrIaIZgcS5NDk8uz6Vp85KzrffjjtTUszeWrCz9KE8v+/i9WlIyCzy6T m/gfPEaTjq2u9GmIexjSWI7mldtYbP13kWwpGFjqND+VkCxbltXTxPRDlIG51uIp7uDw fQNg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=EH090np8Bxqv0c4tiln2a2Jkj01lR68xoqEAzkjHOQs=; b=Ct23DUoKsOF7tJXRJs9ZhDz7Nylvq/T3ECjJ7PPVUWlqTTzr3zs4zHg3nUSoQOkG7W YvMbYRlIx/sRLChCeKnOdO/UgfO5+6O5y5eNIwHocfBp97+fkVc6VlwqDUYGaYtvwEV5 oSFtEirUFJF5cfGOJSawxKoA584ezVcFD0uUtKVLmnT3HI7WceQS5ZVdrAcYuSbIvH1/ pZFZSqvD97oG0tiRWS4eZfgrq+0UhH/eCwC5lHNHpXXwRbrgZHt6T4kXKhnAbYbu92/h yPCKGJjdDvEGPU45zO6scgaJqO8suz9spj6DC40ORaF7TCz4i4DT67qjEUUeQ3v2oovd spsA== X-Gm-Message-State: AFqh2krYduNy+BOf0ivyJzn+sdNzI/3rnRuOIJ9GL3WF/ILTPEMAlrUA zR9V+X0AhG/zfFA4e4yQax9YHjHCVnf2WtlfhEhpiQ== X-Received: by 2002:a05:6402:6d9:b0:499:7efc:1d78 with SMTP id n25-20020a05640206d900b004997efc1d78mr2170774edy.81.1673751914709; Sat, 14 Jan 2023 19:05:14 -0800 (PST) MIME-Version: 1.0 References: <20221111231636.3748636-1-evgreen@chromium.org> <20221111151451.v5.3.I9ded8c8caad27403e9284dfc78ad6cbd845bc98d@changeid> <8ae56656a461d7b957b93778d716c6161070383a.camel@linux.ibm.com> <08302ed1c056da86a71aa2e6ca19111075383e75.camel@linux.ibm.com> In-Reply-To: <08302ed1c056da86a71aa2e6ca19111075383e75.camel@linux.ibm.com> From: Matthew Garrett Date: Sat, 14 Jan 2023 19:05:03 -0800 Message-ID: Subject: Re: [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use To: jejb@linux.ibm.com Cc: William Roberts , Evan Green , linux-kernel@vger.kernel.org, corbet@lwn.net, linux-integrity@vger.kernel.org, Eric Biggers , gwendal@chromium.org, dianders@chromium.org, apronin@chromium.org, Pavel Machek , Ben Boeckel , rjw@rjwysocki.net, Kees Cook , dlunev@google.com, zohar@linux.ibm.com, jarkko@kernel.org, linux-pm@vger.kernel.org, Matthew Garrett , Jason Gunthorpe , Peter Huewe Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jan 14, 2023 at 6:55 AM James Bottomley wrote: > Can we go back again to why you can't use locality? It's exactly > designed for this since locality is part of creation data. Currently > everything only uses locality 0, so it's impossible for anyone on Linux > to produce a key with anything other than 0 in the creation data for > locality. However, the dynamic launch people are proposing that the > Kernel should use Locality 2 for all its operations, which would allow > you to distinguish a key created by the kernel from one created by a > user by locality. > > I think the previous objection was that not all TPMs implement > locality, but then not all laptops have TPMs either, so if you ever > come across one which has a TPM but no locality, it's in a very similar > security boat to one which has no TPM. It's not a question of TPM support, it's a question of platform support. Intel chipsets that don't support TXT simply don't forward requests with non-0 locality. Every Windows-sticker laptop since 2014 has shipped with a TPM, but the number that ship with TXT support is a very small percentage of that. I agree that locality is the obvious solution for a whole bunch of problems, but it's just not usable in the generic case.