Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp2335510lqo; Mon, 13 May 2024 15:34:04 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUvGUhTNfaEECDGWRK/oe5u56uee3ty+0eM5OSS2F52ePgXve5n6dKnzC71sXxbHVbVkG6HcBet+DBBaKmPNauGzKtDayk0/Mg3spP2iQ== X-Google-Smtp-Source: AGHT+IFINGm2MDdLg1FZcXfeoRXzl+AWFBoGyPicMi9aM3zimlXFLwl0PlFvYxtSm37BPlrlEI/B X-Received: by 2002:a17:902:d2c8:b0:1eb:3dad:aced with SMTP id d9443c01a7336-1ef43c0f658mr132422765ad.11.1715639644036; Mon, 13 May 2024 15:34:04 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715639644; cv=pass; d=google.com; s=arc-20160816; b=idgNOJ7DLG7ABCLiBnPr68iMszUXRSU678pGE1NU8JbmFCedGgaP+Ktck+L5EUlrPf 6DEU1FqvD3jlX0x/4VgHfXnkc80NS11etoOz3ZHCpUeh4PNF6AWoerwMgb8YC3j2vaix 6gRwT6BjQb+nJ06rYf6MpkC5t/2NzGzBxf4gNajbqVOMpnjAtI7u6R/GEPeXPpgKmoZM jC6Nmlt/YWitPyOqEYgmeGAW99tVXqxKDpzw9KKjlSdFoEzLTHppRpVe5EVvJwf7awxY DO8vWC9F9JUE0ogHIwtxLo3jVchr64CQpaqsbCV3kJ9h1L+YpLXVUTES5gLd50udYeZK Mzpg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:references:in-reply-to :date:cc:to:from:subject:message-id:dkim-signature:dkim-signature; bh=51LOav0EhLmvuA+X9IVPcYAU4bF/BlFIiw9IFgCBAzI=; fh=U8iyqpKf81H+5KiOWzjM2f/beJKuqL+M2YTTkTaCRVo=; b=vCsqtqL4XQ3m4tpU/yPhzCAviLX62tLcuwfu91RRTG4ZK4UozEHmhZEBQzo3BtClqD kRMtER1LJnxf8b3tqg0aEeRI9wZno4LPykWlJs8c8Q2xIcQ0A1V2fVNuvisglwDt6jXy zUyL+thinWoSZh9/FU/LEVgjiXSiy1z9PKJkHlKZGQL++a0MZKRZn+pyXEps9TyX08Rx LuiisEXUP37TY8N4I9fIiE7vcHhWy6jdxCchP9kmVhfVPybtIkmrXrS4qvS4ePkHDEfp AmmoPiIDRRHAw7GH4Af4b2Z15sMzmXlKQzNNqqECIulgDeCy7I83z4FR0bExuYy6n722 etVA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="QHc/v/Dd"; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="QHc/v/Dd"; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-178141-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-178141-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id d9443c01a7336-1ef0bad60fbsi95052315ad.134.2024.05.13.15.34.03 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 13 May 2024 15:34:04 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-178141-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="QHc/v/Dd"; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b="QHc/v/Dd"; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-178141-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-178141-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 2E2ADB216F2 for ; Mon, 13 May 2024 22:33:56 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 28DA684D34; Mon, 13 May 2024 22:33:46 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="QHc/v/Dd"; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="QHc/v/Dd" Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 52C6B4F883; Mon, 13 May 2024 22:33:43 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.44.175.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715639625; cv=none; b=QjbwMaujx0Z8msN0frV7H+4S2UJ1vc0q7rXAyb0CJS4P+EM17vgISJMy/mUx/cBXR7p6s71URsu3MwtBPo1lHKHMh24OU7XvU80aRBJ25uL6fL7TNZuAA4dKvMH7qqIDDYbzkR38DeEr5o9cbJnUTfKiGQY2t2ts5geOCmITyrI= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715639625; c=relaxed/simple; bh=VCTPQ8CjvvoriPIr3qUhR8Tme9pCRlLe8w6LPLPTQXo=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=si/4xDCs924q8ecBruKhHzCaVK/rQK/XcvES9Ia+OUeSZdenJEegQALliVm/V+RaUobKBCwatelXBQ0SxyHmtmhLH14uWLIHzj91Kkljl0zpvtQPxMFqQTkkw1QBmnLUGk3TKHnL3Vu4ItunskWBZOgxWr8T785BIvJ31dlNxlw= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com; spf=pass smtp.mailfrom=HansenPartnership.com; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=QHc/v/Dd; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=QHc/v/Dd; arc=none smtp.client-ip=96.44.175.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=HansenPartnership.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1715639622; bh=VCTPQ8CjvvoriPIr3qUhR8Tme9pCRlLe8w6LPLPTQXo=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=QHc/v/DdsDmJ2xXElFQP7TWQ+IsfpUeTJ1RtWB5BUu5tMwochUlZUVWw5ARQa72U6 mJx29a5MeI0nQr8rXU89ZlYbgWhG9ElFNKBEj23oOf4KHjQ/CMcbxXZUPpf/hCcNjT kFW+oHVeg8oBIVTh24wPlxtu7ZwNojnZX4/e7kgk= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 6392612868FA; Mon, 13 May 2024 18:33:42 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id EGxPfShCTr4e; Mon, 13 May 2024 18:33:42 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1715639622; bh=VCTPQ8CjvvoriPIr3qUhR8Tme9pCRlLe8w6LPLPTQXo=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=QHc/v/DdsDmJ2xXElFQP7TWQ+IsfpUeTJ1RtWB5BUu5tMwochUlZUVWw5ARQa72U6 mJx29a5MeI0nQr8rXU89ZlYbgWhG9ElFNKBEj23oOf4KHjQ/CMcbxXZUPpf/hCcNjT kFW+oHVeg8oBIVTh24wPlxtu7ZwNojnZX4/e7kgk= Received: from [172.21.4.27] (unknown [50.204.89.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 9FDBD12868BA; Mon, 13 May 2024 18:33:41 -0400 (EDT) Message-ID: <44cd50b60a0a4e376d01544d25187556b8badf94.camel@HansenPartnership.com> Subject: Re: [RFC PATCH 0/2] TPM derived keys From: James Bottomley To: Ignat Korchagin , Jarkko Sakkinen , Ben Boeckel Cc: Mimi Zohar , David Howells , Paul Moore , James Morris , serge@hallyn.com, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@cloudflare.com Date: Mon, 13 May 2024 16:33:40 -0600 In-Reply-To: References: <20240503221634.44274-1-ignat@cloudflare.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 7bit On Mon, 2024-05-13 at 18:09 +0100, Ignat Korchagin wrote: [...] > TPM derived keys attempt to address the above use cases by allowing > applications to deterministically derive unique cryptographic keys > for their own purposes directly from the TPM seed in the owner > hierarchy. The idea is that when an application requests a new key, > instead of generating a random key and wrapping it with the TPM, the > implementation generates a key via KDF(hierarchy seed, application > specific info). Therefore, the resulting keys will always be > cryptographically bound to the application itself and the device they > were generated on. So I think what confuses me is what the expected cryptographic secrecy properties of the derived keys are. I get they're a KDF of seed and deterministic properties, but if those mixing values are well known (as the path or binary checksum cases) then anyone with access to the TPM can derive the key from user space because they can easily obtain the mixing parameters and there's no protection to the TPM keyed hash operation. Consider the use case where two users are using derived keys on the same system (so same TPM). Assuming they use them to protect sensitive information, what prevents user1 from simply deriving user2's key and getting the information, or am I missing the point of this? James