Received: by 2002:a05:6359:6284:b0:131:369:b2a3 with SMTP id se4csp4882948rwb; Tue, 8 Aug 2023 15:54:31 -0700 (PDT) X-Google-Smtp-Source: AGHT+IH4W/kJLgY/R382gLhkga7fQDUHlK2/S9t5Uyaihts2vxzJpB5qBTcmXaWwRKRykdi+lxNm X-Received: by 2002:a17:90a:4ecd:b0:267:eefe:d0b5 with SMTP id v13-20020a17090a4ecd00b00267eefed0b5mr831149pjl.46.1691535270917; Tue, 08 Aug 2023 15:54:30 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691535270; cv=none; d=google.com; s=arc-20160816; b=XbfQ/RrGJyrN+6oMkCzmfyI755Rm0k5cUyenb24SaN2MYcZUmwm5iQd9+l8DwXirkz haju+/Q/C/ExTvKJ/ggbujlGfuIvxi3uoch9hhXTUXrCLVY2gtAbCMqXYgDZFdsND/xZ EwzSH5C8aJROBCAIjZoZ/HG1bk+GZU6ZZNLav6pTBY/ZIs6k6MBc83kkzm4g58lfV1+E 5LGqVqzdwKgWMIHsiXrDfp+VEPCqNDCitTzw6Yg8S2Fy1nB4/Vc7AjA69SLZlAOVuWhU sYs4uVHx/wmuty4JgILkPuvvyYwBoRv8voxJdvI2v5B0pKDKWJxZUwSFO/XZIXi33kqw UH2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:date:cc:to:from:subject :message-id:dkim-signature:dkim-signature; bh=fzanKCCRzTwF1me5OBH5qDVKAjZ7UuQ13/SXaaEfH60=; fh=pMkSZqaJr1tqkX2FaWkFTOFGByYSXg0SivNPwRCWhWY=; b=HvMEUI6l9vqT+JJbXrvSvMVhOsqszVSqTgyC0/WcNPbDiVBJdbJ0Zsl7NS2jPFcUBj i8JbPfcsnQQ+4iS7Fhy2WODblXQCzCzUapFB3nEm7oRgcuY8L1oGzZ4NomxS3v5U0KVp Uy2Iu5YZP5QkJiPPWo1r4X6wU7Y5zhUgz1YNAFFv3xy5dls9NnyNQLjTwPSV6MPZq+qf gNDfk0mZoP/fNTax0EIHguzbamQa+J+8ITjH4uJ389cVQXXnIRX4bM0cOYsTAl6AaIhX NdEg62Y29CdeWRFPm6ns3TznXKRafQLO/YzZ50EV6GRUD9lORlt3wQpzymQ3bnbx4tHo Z6Og== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=elFwTApf; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=elFwTApf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id nl7-20020a17090b384700b002682dc64492si111635pjb.185.2023.08.08.15.54.19; Tue, 08 Aug 2023 15:54:30 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=elFwTApf; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=elFwTApf; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230052AbjHHVqJ (ORCPT + 99 others); Tue, 8 Aug 2023 17:46:09 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38408 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229928AbjHHVqI (ORCPT ); Tue, 8 Aug 2023 17:46:08 -0400 Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E536310D1; Tue, 8 Aug 2023 14:46:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1691531167; bh=gt/XLLttdSccDuzrhBiSfOpn3inR4DFSTkwIZfiJOzM=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=elFwTApfQl5Hz+Qi4iIgrBfy+8K06zHvLBhoOSxTa3q5biqcLR6/Yax59vRXymYPe aecrlWRMxPHQXFysnBL4Ky+jvOxWnO15e5h0Eu+3eVSZS1TMu0NDuqJ1tVkOH5znnu YgEQDCbVecEEXLFECnelZKimtp6qFkqs6ER8MYP4= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 7872D12811F6; Tue, 8 Aug 2023 17:46:07 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id np-Ge4hFaRbN; Tue, 8 Aug 2023 17:46:07 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1691531167; bh=gt/XLLttdSccDuzrhBiSfOpn3inR4DFSTkwIZfiJOzM=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=elFwTApfQl5Hz+Qi4iIgrBfy+8K06zHvLBhoOSxTa3q5biqcLR6/Yax59vRXymYPe aecrlWRMxPHQXFysnBL4Ky+jvOxWnO15e5h0Eu+3eVSZS1TMu0NDuqJ1tVkOH5znnu YgEQDCbVecEEXLFECnelZKimtp6qFkqs6ER8MYP4= Received: from lingrow.int.hansenpartnership.com (unknown [IPv6:2601:5c4:4302:c21::c14]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits)) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id E20761280F38; Tue, 8 Aug 2023 17:46:05 -0400 (EDT) Message-ID: <3ff1bee6d121ce76fd78217dbe3e5ab2f0134f54.camel@HansenPartnership.com> Subject: Re: [PATCH 0/4] keys: Introduce a keys frontend for attestation reports From: James Bottomley To: Dionna Amalie Glaze Cc: Dan Williams , Sathyanarayanan Kuppuswamy , dhowells@redhat.com, Brijesh Singh , Peter Zijlstra , Tom Lendacky , Borislav Petkov , Jarkko Sakkinen , Samuel Ortiz , Greg Kroah-Hartman , Andrew Morton , linux-coco@lists.linux.dev, keyrings@vger.kernel.org, x86@kernel.org, linux-kernel@vger.kernel.org Date: Tue, 08 Aug 2023 17:46:04 -0400 In-Reply-To: References: <169057265210.180586.7950140104251236598.stgit@dwillia2-xfh.jf.intel.com> <64c5ed6eb4ca1_a88b2942a@dwillia2-xfh.jf.intel.com.notmuch> <64cdb5f25c56_2138e294f1@dwillia2-xfh.jf.intel.com.notmuch> <1180481830431165d49c5e64b92b81c396ebc9b1.camel@HansenPartnership.com> <64d17f5728fbc_5ea6e2943f@dwillia2-xfh.jf.intel.com.notmuch> <2425e00b-defb-c12b-03e5-c3d23b30be01@linux.intel.com> <64d263e44e401_2138e29486@dwillia2-xfh.jf.intel.com.notmuch> <9c9c62f9243595a1faa3b0745fa8a1f8f018d9b8.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_BLOCKED, SPF_HELO_PASS,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2023-08-08 at 13:04 -0700, Dionna Amalie Glaze wrote: > > Trusting the vTPM is a one time thing.  Once trust in the TPM is > > established, you don't need to be worried about replay and you can > > just use standard TPM primitives for everything onward, even when > > doing point in time runtime attestation. > > > > It's a one time thing for who? Well, in TLS-TPM it tends to be a one time thing per endpoint regardless of number of connections. > It seems like you're still only looking at the 1. use case and not > the 2. use case. Every different person establishing a connection > with the service will need to independently establish trust in the > TPM. For an ephemeral TPM, the EK should be guaranteed to be random and therefore non repeating, so there's not much need for the nonce to add non-repeatability. So, in theory, the vTPM/EK binding can be published once and relied on even for multiple different tenant endpoints, sort of like the EK cert for a physical TPM. James