Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp4828644rwb; Tue, 8 Aug 2023 14:48:24 -0700 (PDT) X-Google-Smtp-Source: AGHT+IFrGAuwK/LwRfpjySot7l708Z8lNw8zCKOhlNYLaIEBZnlL8dUOc4TN2Hg4MmbmidtuB/S0 X-Received: by 2002:a17:90b:4c03:b0:262:ee7d:2d20 with SMTP id na3-20020a17090b4c0300b00262ee7d2d20mr788280pjb.12.1691531304131; Tue, 08 Aug 2023 14:48:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691531304; cv=none; d=google.com; s=arc-20160816; b=gBdrS3u1TFG+n+F+J90Qv2juVPAR5SMI3vDU3aO64BC68Kf2UfDdTOWp+QF8vpsQFZ HdK0/UKZxMfMSELBkjV9gGhdMX2/CsQGQ3TLUD9XEzS1KdZsI7mvCZq9JVGfsaQEJ8yA PpLyXWRjJgMCon014gM7PqnRQkoObKPDS+Mv/GLUNSzp1XOGAq25mYEJgqeNEG2Vz5IO vyQnYR/jaPjMOWqgziyoG94fGsoXwwkuSSbpkPXZS2IW++YJ8JkUcdy7TwWur0xPLfuR 5CK4FbaozyuEcMFJOTPN85y+v6cHGlU8y85t2IsbazS7yXYtGT8X+OdIUJssGS0VjWqZ EANQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:cc:to:subject:message-id:date:from:in-reply-to :references:mime-version:dkim-signature; bh=A3Gse/n1KcESVWhM7B7IDywbevkkJ8BX6XkqzvAh2wo=; fh=V3DSKRRqqVh1vkP7KYzFJ77Dyhibr7D2rNC0G7dvqOY=; b=HDRr2DhGbli4wA+JDaft8jodfyYD+Qe4bauWOMPDMd4RYCX/KxA7uz2Wd32aLNW/nD iF5f/7vdwouUaJrJUO/RE/H9N+39JDCvzWXGyFCQE0QoDb/UmGkk4NTrlGCPHG17AjVN 3YtJ3UuRS4inx+BHkTGB5V4QoWWROMH213OqO3A+AR46YadG1QTeCgEUOvX0Q3Gd6l7k XSLzRbB8Sfso+Nt81eQix2OUC9nY5mFvdjPPdNv+HRev7F9BatNO3aBV59eyuv3vT+m5 lkv9Z5nNEa+Caq1i+tpekI4YZr8V9ceL1HyMPQsyT1UffHtnIMWGhMV5aZ/+KsKhXyki fS5Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=h8CiTiA6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id x20-20020a17090abc9400b00267fe4a44b7si16484pjr.176.2023.08.08.14.48.11; Tue, 08 Aug 2023 14:48:24 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20221208 header.b=h8CiTiA6; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235361AbjHHUhf (ORCPT + 99 others); Tue, 8 Aug 2023 16:37:35 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:48410 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S235235AbjHHUhU (ORCPT ); Tue, 8 Aug 2023 16:37:20 -0400 Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 686437EFD for ; Tue, 8 Aug 2023 13:05:05 -0700 (PDT) Received: by mail-qt1-x82a.google.com with SMTP id d75a77b69052e-40a47e8e38dso11791cf.1 for ; Tue, 08 Aug 2023 13:05:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20221208; t=1691525104; x=1692129904; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=A3Gse/n1KcESVWhM7B7IDywbevkkJ8BX6XkqzvAh2wo=; b=h8CiTiA6oKfcPqnb/eqNMeSqNLiCOaqNFez8+Yi+QiIgsfxaNoRzSX2cNlNFaBDTTe tzcRf8KweTwO0zkVmd/rgBAGEbu2QxslkUsoI3YKuQ6IqWcdhjcM1Ij9vyiToE4x9VfT WjgWRuvhRH5cmPucD+OlPbphWq27dCD4iHPYn024y85zR35FKQiCWbu4mc6zz3AJ9a57 qIS7cMPDA3DxGRdBE7eeNwlJDeMPV1+k7IIiAM8cUuXFEjbsC8SWoJtzt8wYoBrUtmdg fVXf0+JpGrdKfe+NYxVBSFh8EjYp3eF+uYe+9nkdPwAYuwg7YXNlCBbEFxeZzAlmkBSQ l5hQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691525104; x=1692129904; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=A3Gse/n1KcESVWhM7B7IDywbevkkJ8BX6XkqzvAh2wo=; b=YkTZEMObtUT8l7gXosNJvzANQWqJb80/PDJVScheBK01hZvZpFfBe7l30UrzhLG14n Vj/0e9TIDza8tCVoh1x3jGBSuXkvK7Sbyo3IdOP3NOL4mJgeWcG16tqppHPUjB3mBZvT 3wff5UJEZGMRho7f3CTuDe+wJ72BSm25OQbyrLgIFfcuDtyLfr3KnM1tpAlLOsH0zAkP xyWllYioVbEUX5tLC0uj4DjbzeJz81IasI3FjFrAq/8AqF75FE+XQF0zngV6pFZsE1fw voy+PGDrDFMiVt/O9V6pxYSpVjuzIaqHzKYqD0MaIhUW2T1J314lviBMNozMMksPUK2C vjYg== X-Gm-Message-State: AOJu0YznLMnGHBUWi2y2MnQ1fQITMdDNzeOCQkmfWMUcaHGOG0T3VbYB ae97S5plAdzV9D+thPnBie38XPB9jvyopNXinobbvA== X-Received: by 2002:ac8:5b85:0:b0:40f:d387:65d0 with SMTP id a5-20020ac85b85000000b0040fd38765d0mr82670qta.16.1691525104516; Tue, 08 Aug 2023 13:05:04 -0700 (PDT) MIME-Version: 1.0 References: <169057265210.180586.7950140104251236598.stgit@dwillia2-xfh.jf.intel.com> <64c5ed6eb4ca1_a88b2942a@dwillia2-xfh.jf.intel.com.notmuch> <64cdb5f25c56_2138e294f1@dwillia2-xfh.jf.intel.com.notmuch> <1180481830431165d49c5e64b92b81c396ebc9b1.camel@HansenPartnership.com> <64d17f5728fbc_5ea6e2943f@dwillia2-xfh.jf.intel.com.notmuch> <2425e00b-defb-c12b-03e5-c3d23b30be01@linux.intel.com> <64d263e44e401_2138e29486@dwillia2-xfh.jf.intel.com.notmuch> <9c9c62f9243595a1faa3b0745fa8a1f8f018d9b8.camel@HansenPartnership.com> In-Reply-To: <9c9c62f9243595a1faa3b0745fa8a1f8f018d9b8.camel@HansenPartnership.com> From: Dionna Amalie Glaze Date: Tue, 8 Aug 2023 13:04:53 -0700 Message-ID: Subject: Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports To: James Bottomley Cc: Dan Williams , Sathyanarayanan Kuppuswamy , dhowells@redhat.com, Brijesh Singh , Peter Zijlstra , Tom Lendacky , Borislav Petkov , Jarkko Sakkinen , Samuel Ortiz , Greg Kroah-Hartman , Andrew Morton , linux-coco@lists.linux.dev, keyrings@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset="UTF-8" X-Spam-Status: No, score=-17.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS, USER_IN_DEF_DKIM_WL,USER_IN_DEF_SPF_WL autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > Trusting the vTPM is a one time thing. Once trust in the TPM is > established, you don't need to be worried about replay and you can just > use standard TPM primitives for everything onward, even when doing > point in time runtime attestation. > It's a one time thing for who? It seems like you're still only looking at the 1. use case and not the 2. use case. Every different person establishing a connection with the service will need to independently establish trust in the TPM. -- -Dionna Glaze, PhD (she/her)