Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3111035lqo;
        Tue, 21 May 2024 07:14:49 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCXuDAJljZbzzW6IlUWHSmdUq0dwlLrLxB6T9dUJOFtOCgS7xJzl2FKocE3JsXmHpRlqyYtfhrbyNJPa4PnilMWGsyzdjfYGXnA+UR3JYQ==
X-Google-Smtp-Source: AGHT+IFOqpLDAw0XRYsoIcr9QiOwRV64Wt77ltHWLvkT3yeKpjbNaqcS58jPdSVNmt3hxscJtvH7
X-Received: by 2002:a17:902:b08d:b0:1eb:4c1d:ed2a with SMTP id d9443c01a7336-1ef43e249edmr243535115ad.27.1716300889145;
        Tue, 21 May 2024 07:14:49 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716300889; cv=pass;
        d=google.com; s=arc-20160816;
        b=xpFtFnWUQHCV6ZZ5WrPdwjaV1EZfpQ6bv6v9AYDbgesFuwhqzmyUuv9995d7ls9358
         0giLKN1nColMnuF1X1/Tjh/uXK72i24TAOT8WbbZqz1PY3239RcV8KpzlPA2JhAcGhrd
         +Qek9Mu/cwd+a/dl1p3ER/RdlUyvbRxR+UdeLuGFH/ginlOsUN42fICdGrl8pIYVZD6z
         tKHChLw9BrXZ5+1WwvffKRE8BMsW+vmR0Gqty7PisTCClmQmyYupe/tKm4/+MO4gO63q
         nbTbvaTgmT8xqM9TkEn5utmS62UPHVUICNj8OudrbrrlTA43DefmNnHGviK22r5aZAcX
         jMqw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=in-reply-to:references:to:from:subject:cc:message-id:date
         :content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:dkim-signature;
        bh=c5Oi5xcVU3KkP3I4LappSiDTvpzU05KFaxHfq0c6Otc=;
        fh=xHFKfwBnM40jSKsMgnFYVOfb/OMktis4R8B70nJbikE=;
        b=QZI/SwZQyKPEQxFnDBo+AXAOcEIbqDY5PY9Cjjzjj9Y2Two8Fnc2nmBSxst8uoHYte
         7f+DsSyInsyJHDfikWhZ/kYKiQs5mgh8sI3SuWb/5mKf9usuRypsZ1tJrV+08LNGTir4
         wxfboR2J9OkDbVoPOyc2RmeAkyfRVb9frmIJkYIw4to5HBTNaHjhIH2+hY1bYijjH++K
         ctci/AxsLSE5H608YIoHKhIetdVTDNj2SlaUZCXbXlXrZbBbNtY+FuKXZTWl6Nl5oDDl
         3hEsKY0sWW2FCjPI913a81Bf6LgTBue5g0/qS53mC7b5I+ZhhPMl9ulAmCggDVrFLJwz
         Hk1Q==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dmdET+5t;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-185052-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185052-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-185052-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161])
        by mx.google.com with ESMTPS id d9443c01a7336-1ef0c15f4f5si14259675ad.525.2024.05.21.07.14.48
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 May 2024 07:14:49 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-185052-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=dmdET+5t;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-185052-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-185052-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by sy.mirrors.kernel.org (Postfix) with ESMTPS id 2A718B23DF4
	for <linux.lists.archive@gmail.com>; Tue, 21 May 2024 14:03:48 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 630CF7F492;
	Tue, 21 May 2024 14:02:58 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="dmdET+5t"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74DA576C76;
	Tue, 21 May 2024 14:02:57 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716300177; cv=none; b=W8vL9R1C/6O/9LOWq/8AHpAasuKYjF331Ly0ZY2dOWGDMsVofC4c7mvXEF001bVjHWILkbq6u1h1TV+3oBQpucy5csqYzDjso5v/rCP9qWk2VxZ9RTbs4E/ZMHHdlRXlOlvHW09anjx5OHcVnLzFaNCSqnHVHxUuBDj5LhUCqvE=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716300177; c=relaxed/simple;
	bh=aWRjRYyj0oV0kFPv0quzlPGQfHQz7Cu3X7PZU1DVrCU=;
	h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To:
	 References:In-Reply-To; b=OTVynAdSMkhVMLPD4UAWjAv6thU8VHEuUfxe61ryhOfh9B2NJ4Ti9HwvJT9sALh7gcyAPw1o526IpRuKPUVKx1EqJIoXSxiTwrFcj3THNB38hPgfAAs/Vwt4T6k6SqtypTnX+suFDKH/a4KOj7MK995C/JqKAmSnxD40s5iQzRo=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=dmdET+5t; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 7869DC32786;
	Tue, 21 May 2024 14:02:54 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1716300177;
	bh=aWRjRYyj0oV0kFPv0quzlPGQfHQz7Cu3X7PZU1DVrCU=;
	h=Date:Cc:Subject:From:To:References:In-Reply-To:From;
	b=dmdET+5t3uPnYJ/vwIWRFi2gqCTEs5nScXgJ5gWgc6ZfZtLeRpGSmhJ9T2NXVbe+i
	 H/pDPK817DPj2UJfvIO7/LR4YyALUC0tuIW/CdLZIHKYIuiu8V6ymYI41tHnGvjxNn
	 MiRPXYHBFgoDSg00gLYkc0YSl/Bq+9VjSaqTbMcjpkL70QBiZlAL1FMbWAWToN/e/o
	 /+vYi3kfMwEjebG3O2rUvdqz24aNiNwWSxqDO9Kqona50jnaglOhH4funreJVnbZqw
	 TAnm/cs5Tg2e0OeOi4OeSmwqu95pHdUZFvD1LTIbja1Mptm3wcYdSadZLZVxAHuY8e
	 HXZIklXCZagxw==
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
Mime-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8
Date: Tue, 21 May 2024 17:02:52 +0300
Message-Id: <D1FDMULT5YRK.GZOPJ9FZ325R@kernel.org>
Cc: <keyrings@vger.kernel.org>, "Peter Huewe" <peterhuewe@gmx.de>, "Jason
 Gunthorpe" <jgg@ziepe.ca>, "Mimi Zohar" <zohar@linux.ibm.com>, "David
 Howells" <dhowells@redhat.com>, "Paul Moore" <paul@paul-moore.com>, "James
 Morris" <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>,
 <linux-kernel@vger.kernel.org>, <linux-security-module@vger.kernel.org>
Subject: Re: [PATCH] tpm: enable HMAC encryption for only x86-64 and aarch64
From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
 <linux-integrity@vger.kernel.org>
X-Mailer: aerc 0.17.0
References: <20240521130921.15028-1-jarkko@kernel.org>
 <236606947b691049c650bdf82c37324084662147.camel@HansenPartnership.com>
In-Reply-To: <236606947b691049c650bdf82c37324084662147.camel@HansenPartnership.com>

On Tue May 21, 2024 at 4:26 PM EEST, James Bottomley wrote:
> On Tue, 2024-05-21 at 16:09 +0300, Jarkko Sakkinen wrote:
> > Let's be more conservative and enable HMAC by default only for the
> > platforms where it immediately makes sense, i.e. x86-64 and aarch64.
> > This can be relaxed later on, and obviously the kconfig option can be
> > set even if not default on a particular arch.
> >=20
> > Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
> > Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
> > Closes:
> > https://lore.kernel.org/linux-integrity/D1FCAPJSYLTS.R9VC1CXDCIHH@kerne=
l.org/
> > Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> > ---
> > =C2=A0drivers/char/tpm/Kconfig | 2 +-
> > =C2=A01 file changed, 1 insertion(+), 1 deletion(-)
> >=20
> > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
> > index e63a6a17793c..19e61dcfcbbe 100644
> > --- a/drivers/char/tpm/Kconfig
> > +++ b/drivers/char/tpm/Kconfig
> > @@ -29,7 +29,7 @@ if TCG_TPM
> > =C2=A0
> > =C2=A0config TCG_TPM2_HMAC
> > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0bool "Use HMAC and encr=
ypted transactions on the TPM bus"
> > -=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0default y
> > +=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0default X86_64 || ARM64
>
> My first instinct is to say that devices in hostile environments (like
> IoT) are likely in the most need of this.  However, it is an
> experimental feature, so I would like to debug it first in the
> environments where it's expected to work, which is desktop and laptop,
> so I'm happy with this:
>
> Acked-by: James Bottomley <James.Bottomley@HansenPartnership.com>

Thanks! And agreed but usually for IoT device you probably end up
anyway creating somewhat tuned kconfig. In desktop default on makes
most sense for the moment. I'm also willling to consider relaxing
this later on.

Asymmetric key patch set that I wrapped up together over the weekend
was also pretty extensive test. First, it uses HMAC encryption for
communication to make sure that private key is not eavesdropped.

Secondly, it also roots to the null key if a parent is not given. So
it covers all the basic features of the HMAC patch set.

The only actual bug was a non-critical memory leak from v5.13, which
consumes some dozens of bytes per power cycle in a common use case
for trusted keys (PR already sent to Linus).

BR, Jarkko