Received: by 2002:a05:7412:b995:b0:f9:9502:5bb8 with SMTP id it21csp7792788rdb; Thu, 4 Jan 2024 07:55:14 -0800 (PST) X-Google-Smtp-Source: AGHT+IFuclIVtL0M5K5uYxiZrmBg2f81G1R413oEeG6wMISbnmbnaiVBuwwjZs9RQZ1Hb7ve8IAC X-Received: by 2002:a17:90a:5403:b0:28c:1a80:a8cf with SMTP id z3-20020a17090a540300b0028c1a80a8cfmr635157pjh.35.1704383714275; Thu, 04 Jan 2024 07:55:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1704383714; cv=none; d=google.com; s=arc-20160816; b=tlWVsGuZ5VsVh8yJjG2Bke8bKikJnLBUs592IiSB+mjDyzVgNotutQPLBODM6Toqca Ze/PtTdowUV6dqegAOfuBuD2RaiKNoC0rNtSFyYlysFXsHcGDSJJC6zeSmIdzVV+a4t0 cHFf3arSQ5z7BRmWdMMt4q+ogJcru9y2jOCHuIFOTm0B4cE0heF5myAwzaDW5rPKynHM QbgjFMqlQ241rApJY4RtJ0D3EDVd14luCqJnsl2bfE27klRvHvK+QCmNYooY9amMzzVV 2WHS4QyWbP4zN/gIiwFH30vLteqDk7XaDJPt3+EY9Y4yU7YVgGSA6U/XBobxn1JdFJLm DiXA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:list-unsubscribe:list-subscribe :list-id:precedence:dkim-signature; bh=ZLqJo44VuyUw8MJch6t3PsF5TyAUQI8Tm5Zx7iuRPos=; fh=cTzCkbdFXEVnt6PQodKm49FKQ9tmAXTsrG7vP6YuGAw=; b=O+IGNutr8OMFoYujq1rN0EJMXwmQ9Jqq8uZ54x3cfPVHZCn/gUswnhPKgAi9JmIKPs 9nIUDJ4z1n49Is5MGM/y21n4iqvdXsX3Y2n/Tp0sbslxvgpkEaN91m6deLSEplsz2YgB cvqzHTferzTL90soX5gPJ5S3+mAiKok1CDakw6YnnZgCGAupGGVXQ2165C652iHNMk7E 5/lZSQBk+rmgMpqxztxAShvPG6nA+NM1RUWUCfPyjP7TkSrp9reo7s2+O5fgmkf4cShp jbyFGV+AkvAmOTdLEiMetPBZBuQoxSGAJWBjgYsHPrU48xBxqUI2UDdGvUZMMjnKQ08V AmQQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=P2WvEIgS; spf=pass (google.com: domain of linux-kernel+bounces-16889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16889-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id d6-20020a17090ab30600b0028cf47fdfdcsi1586933pjr.47.2024.01.04.07.55.13 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 04 Jan 2024 07:55:14 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-16889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@paul-moore.com header.s=google header.b=P2WvEIgS; spf=pass (google.com: domain of linux-kernel+bounces-16889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-16889-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=paul-moore.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id B71A1B22BCF for ; Thu, 4 Jan 2024 15:55:10 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4F83D249E0; Thu, 4 Jan 2024 15:55:02 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=paul-moore.com header.i=@paul-moore.com header.b="P2WvEIgS" X-Original-To: linux-kernel@vger.kernel.org Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AE2C1249EC for ; Thu, 4 Jan 2024 15:54:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=paul-moore.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=paul-moore.com Received: by mail-yb1-f179.google.com with SMTP id 3f1490d57ef6-dbd715ed145so548398276.1 for ; Thu, 04 Jan 2024 07:54:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paul-moore.com; s=google; t=1704383698; x=1704988498; darn=vger.kernel.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ZLqJo44VuyUw8MJch6t3PsF5TyAUQI8Tm5Zx7iuRPos=; b=P2WvEIgS5ZYA51KjWYF1mXbpummCO3ePiPEFnrNdmKgkHCN2jcbD76LAgEVU5hJthj 7A6HXmfgldVZBV8eK61IhrD6FiSOL09UPBmRwIzQyguLrsIzjisttxRx6m5S/faDQE4U aLR5qHW3U0l2lyHRDqf25DoU04EIBQKljU8516m2Ll0j8dS+i0txZIs8cJjUdOAJvqJc mTsyEr1znIlM1zNiYpxv5e8bV7s9H3WkkeY3zYlYn+b0eC1jmix5VoqIU6gt/F+do0LF /uv7Lw5iw7nzIQya54ca9ggRBA7a+h2NgbKPiY2Ct8mXC2LY5EOqjIwHCjqTEpJcYCog BMIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704383698; x=1704988498; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ZLqJo44VuyUw8MJch6t3PsF5TyAUQI8Tm5Zx7iuRPos=; b=RNM/GHWCUzsqdr608itjb9O9xuo6Vvvqo3Al1BbkkAqUqjhtuxwwBxYyMieFM/0CVe fX0sXD3MI7Whfxzo5blXc38+PB5zO1AB6n5/7ZDt+9T66Iz6nnmYHUw59YSREqgdxS0A xmDvPrPt7eyWbWKEepqAh/9Nhjc73TruULdzqkXnmzRf22cG491nYpg054Jwy6g3kC6u kKHG3zFe5tJJD36qDozjXz0ca59WIRMXTdLblez4G0jPFYO4WdhL07G8sNZBJ2yUipkr 3sjbOSkguT544IQSvBaN9BVKjwSczOe+4vHTHme0pB7aNEXosurV49ioxbMDt08vhwvs 80ug== X-Gm-Message-State: AOJu0YwXfg1TxbdbsQWODDckMXb6B3df/4ZW0flcpxuM0x9aGZoeATOw 6YT2Y6ZEvyndFan626yJHfBiu1vXKtGrhqYrnBUIhzZKBEGj X-Received: by 2002:a25:ad95:0:b0:d9a:4b0f:402b with SMTP id z21-20020a25ad95000000b00d9a4b0f402bmr741926ybi.38.1704383698532; Thu, 04 Jan 2024 07:54:58 -0800 (PST) Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 References: <20230710102319.19716-1-greg@enjellic.com> <20230710102319.19716-3-greg@enjellic.com> <20230811202254.GA9401@wind.enjellic.com> In-Reply-To: <20230811202254.GA9401@wind.enjellic.com> From: Paul Moore Date: Thu, 4 Jan 2024 10:54:47 -0500 Message-ID: Subject: Re: [PATCH 02/13] Add TSEM specific documentation. To: "Dr. Greg" Cc: Serge Hallyn , linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, corbet@lwn.net Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Aug 11, 2023 at 4:24=E2=80=AFPM Dr. Greg wrote: > On Tue, Aug 08, 2023 at 01:48:25PM -0500, Serge Hallyn wrote: > > On Mon, Jul 10, 2023 at 05:23:08AM -0500, Dr. Greg wrote: ... > > > +of a model. This allows a TMA to attest to the trust/security statu= s > > > +of a platform or workload by signing this singular value and > > > +presenting it to a verifying party. > > > + > > > +In TSEM nomenclature, this singular value is referred to as the > > > +'state' of the model. The attestation model is to use trust > > > +orchestrators to generate the state value of a workload by unit > > > +testing. This state value can be packaged with a utility or contain= er > > > +to represent a summary trust characteristic that can be attested by = a > > > +TMA, eliminating the need for a verifying partner to review and veri= fy > > > +an event log. > > > + > > > +TMA's implement this architecture by maintaining a single instance > > > +vector of the set of security state coefficients that have been > > > +generated. A state measurement is generated by sorting the vector i= n > > > +big-endian hash format and then generating a standard measurement > > > +digest over this new vector. > > > Are you saying the TMA will keep every meaningful measurement for > > the duration of the workload, so that it can always sort them? > > Correct, every unique security state coefficient. > > The approach isn't unique and without precedent. Roberto Sassu is > using a similar strategy in order generate a time/order independent > PCR value for unlocking TPM sealed keys by parsing RPM and .deb > distribution manifests. > > Paul Moore, in his comments in February to the V1 series, even > seriously questioned why we would expose the classic linear extension > measurement from a TMA. To put my comment from the first revision into the proper context, and with my understanding that TSEM's security model does not consider event ordering/timing, I questioned what TSEM would expose an ordered list of events to userspace in addition to its unordered, sorted list. Either ordering is important to the security model, in which case you expose the ordered list, or it isn't, in which case you expose the list in whatever form is most convenient for the tooling/model; it makes little sense to me to expose both. --=20 paul-moore.com