Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp2782424lqo; Tue, 14 May 2024 09:00:21 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUrItgKyrsrMaXulRsN70mpTV3YihNVxGOOzwoehVM4rQEw77aYfKqbR9oUenT3uWLzWXQAxknYKIxN6dSZOYW9jKSHt9NE2UHC0DvLtA== X-Google-Smtp-Source: AGHT+IHIJeDVnDSTLyko+XM/ql/MC6YCIO5Dgr5+0p7dqWnFQ32VPIA2YHenRrX64k+SZEfNbXqo X-Received: by 2002:a05:6a20:9498:b0:1a7:a3cb:7901 with SMTP id adf61e73a8af0-1afde1df659mr11233926637.61.1715702421026; Tue, 14 May 2024 09:00:21 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715702421; cv=pass; d=google.com; s=arc-20160816; b=Jl7TvL5OTuI/0ZHp3cvsNZdj1JD24aVJxIABP5DubVeFY6Tpy5FmakC0ffnav6LBv8 5GCLDbK6rsprtMkVPIpFVTdCogV6XWsA8jYsxxFE6A3Euc6YTX5tYHHwjZKwBdYI8HVI Z1X+KmycsPAZd6RORSsQoHHj2fvod+wkbGiI6Pley9tHUbwKmJuRmmThGLQ6lLANjbDm gOaT1XOACPyjL6IB5hrvB72WluTB1uFrGqq0fkJ6j0qb7yj4XtrgwQT0VefR6zVAyDyY AcFG0vkCu9UNwHg/PoZAF6RKcCvN0SpOyjJFat1JmaEBUAVXGjgJqUdph5ra8JO9WpOI 8XDQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:references:in-reply-to :date:cc:to:from:subject:message-id:dkim-signature:dkim-signature; bh=/wWlzyMJYPFvqTNdgJlruWmKFELtEeAd8LddcgcfZ8U=; fh=Nu751SbZzUYB88aNPsFsjkptbh6huTsUm8047/cfqbA=; b=jmHk58neiYwHDgC1KCvt/nygFo1fZ+Ij0H6+yQ9pDL4/+dHi9tSRovX9KOdog48xoL /L8njvxCvX3HV2v+feaXVKyfUcL4qfIyr9HzILN3fxWU/izud+jdreJM1Y/TT5nl/09j 9aS5bYINOjyPPERMOl4TrIz2HHk1hCsNmBmS99El+cw0G5nB6B0mdFS3VVA7JaGE4w8i dRosY/XyjvlriVrpxWIR3jx6NqC9Zp2DxIihf5HVN1EaPgiobP86shSiio+63MtD8w9B KXr6+/oiw8v3sJ0O9Dy9FNpcLd4HzNzQMguZMyLQ44m0kdw+yUzNzBr8B+eJNX9yBEuu kCEw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=DgnoW9Q7; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=DgnoW9Q7; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-178889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-178889-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-6340b2a0b7asi12820635a12.213.2024.05.14.09.00.20 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 14 May 2024 09:00:21 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-178889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=DgnoW9Q7; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=DgnoW9Q7; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-178889-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-178889-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 9B102285894 for ; Tue, 14 May 2024 15:54:38 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2283717EBBB; Tue, 14 May 2024 15:54:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="DgnoW9Q7"; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="DgnoW9Q7" Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 0B5D917EB87; Tue, 14 May 2024 15:54:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.44.175.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715702071; cv=none; b=D0JSduvci5Ezx+NZEJbYivn4eOM4WUCPnLMcGyYWASGEpx84pINeUbJWikzQ1hiVY3TVnGbtdEUPiynM7MT9gyI84/BTUm78lXssttfX3tu5eMQX9fB59wl2xPo+IjoSTJpeIK+PRq6GHmvUX/MZJoWFP5U+z7/z7gP0fyKi8mw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715702071; c=relaxed/simple; bh=KNws679LRysr8jk1Zmb1/BwUO/NizgI+qJLVlNx5NaY=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=B7kgkzpsRxFEg3S1gd1er0c4nUSAe/0h1zdXaT6okyA1RKvWcsWqxnDJUi6XJBDeImTM04NQ64h3DVfC/C9Cfh9+EARoWbPtJcbnUWflqlVu83R6IEFzNuVOsUGgebLO9wH4cY8hFLVmVL8MjfxixyBaVkv/x8yoK2Q+QPtTy5k= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com; spf=pass smtp.mailfrom=HansenPartnership.com; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=DgnoW9Q7; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=DgnoW9Q7; arc=none smtp.client-ip=96.44.175.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=HansenPartnership.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1715702068; bh=KNws679LRysr8jk1Zmb1/BwUO/NizgI+qJLVlNx5NaY=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=DgnoW9Q7iH3ySE/JVhSguSKX7/LxDsKLHMWl4jiW90F2CZQN0eNlz9BLdUeZj4ll/ 3syv2ceHNoM+X0PmH4MthuBQbr1WWHn+MCyYDCdYBOJD3RapDvZNCAzjLsTVinQNfZ CSdxPXFcKNd+svFXJK9uPZDCNSbaBpoLr6szD48E= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id DB7951286BFA; Tue, 14 May 2024 11:54:28 -0400 (EDT) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id 88j1_6gHYV9J; Tue, 14 May 2024 11:54:28 -0400 (EDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1715702068; bh=KNws679LRysr8jk1Zmb1/BwUO/NizgI+qJLVlNx5NaY=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=DgnoW9Q7iH3ySE/JVhSguSKX7/LxDsKLHMWl4jiW90F2CZQN0eNlz9BLdUeZj4ll/ 3syv2ceHNoM+X0PmH4MthuBQbr1WWHn+MCyYDCdYBOJD3RapDvZNCAzjLsTVinQNfZ CSdxPXFcKNd+svFXJK9uPZDCNSbaBpoLr6szD48E= Received: from [172.21.4.27] (unknown [50.204.89.33]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 1194A1286A68; Tue, 14 May 2024 11:54:28 -0400 (EDT) Message-ID: Subject: Re: [RFC PATCH 0/2] TPM derived keys From: James Bottomley To: Ignat Korchagin Cc: Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , serge@hallyn.com, linux-integrity@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, kernel-team@cloudflare.com Date: Tue, 14 May 2024 09:54:26 -0600 In-Reply-To: References: <20240503221634.44274-1-ignat@cloudflare.com> <3bfcacf38d4f5ab5c8008f2d7df539012940222e.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Tue, 2024-05-14 at 16:38 +0100, Ignat Korchagin wrote: > On Tue, May 14, 2024 at 4:30 PM James Bottomley > wrote: > > > > On Tue, 2024-05-14 at 14:11 +0100, Ignat Korchagin wrote: > > >   * if someone steals one of the disks - we don't want them to > > > see it has encrypted data (no LUKS header) > > > > What is the use case that makes this important?  In usual operation > > over the network, the fact that we're setting up encryption is > > easily identifiable to any packet sniffer (DHE key exchanges are > > fairly easy to fingerprint), but security relies on the fact that > > even knowing that we're setting up encryption, the attacker can't > > gain access to it.  The fact that we are setting up encryption > > isn't seen as a useful thing to conceal, so why is it important for > > your encrypted disk use case? > > In some "jurisdictions" authorities can demand that you decrypt the > data for them for "reasons". On the other hand if they can't prove > there is a ciphertext in the first place - it makes their case > harder. Well, this isn't necessarily a good assumption: the way to detect an encrypted disk is to look at the entropy of the device blocks. If the disk is encrypted, the entropy will be pretty much maximal unlike every other use case. The other thing is that if the authorities have your TPM, they already have access to the disk in this derived key scenario. If *you* still have access to your TPM, you can update the storage seed to shred the data. James