Received: by 2002:a89:d88:0:b0:1fa:5c73:8e2d with SMTP id eb8csp2359644lqb; Mon, 27 May 2024 18:07:35 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCUd60aFDD8Ivm4EFyacxgCNq6nljJWpVBlrvSoooLwhyBX3vawtML7fNRof45n9AsycCmpQMWbZqaP8PxPTJfUO26ksNyqJjUP+vmez9A== X-Google-Smtp-Source: AGHT+IEJwwYvXhji/jHYQrVcrdiPZx6UPVpe/hu7IbgBJ2RfFBhEebX/YWOj2CZiBWLHPzSv4YEp X-Received: by 2002:a50:aa9b:0:b0:578:59f4:9a29 with SMTP id 4fb4d7f45d1cf-57859f49b4bmr7672630a12.23.1716858455553; Mon, 27 May 2024 18:07:35 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716858455; cv=pass; d=google.com; s=arc-20160816; b=rg8eLPQ17/q/JrrybL6jC128RHKjOw4uWODTps4o/W7LqFfmxn8RsnA34eup/qD6tl Qg2ri9dqQUcLwNGY7lgszS9pOpvfTNM4VNibiOkNhgr8llTO9IgGC73OEuUZKeNT6I30 hnfnrLq3Dx/QJvft+q1wZjzPEucs17F3fIEGbPVscpwnL+r5jrUkHYrqzaMY3F1jQ/Lh vC7QkJ4ea11ok7AwXAdD1xIWC3rF9yMprios1jPGLzlPVK1gssmnSUsfdZbkMGLCgsXp YJ9ySQaRgFYc91uDsV1teKJPEb0PI572TbdWhawc7V7tdJu8iH0ZEN//gzPgF3jHvF2q x4kA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:to:from:subject:cc:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=JgsBl6r8gJTauEM1tqCAw9YapXGOxKEPV5QTQ2UB9uc=; fh=9M7ui08Qw6lw7me7szyg4yl4WmUjC7/5fJT1aYYOqT0=; b=cNyJsMORP46Nl3czbSeGeDuoiK3ymZkJWRJEguM8tTg0qo1VjKKdtmcXSUuQVkyxOd aAuwklTevhblJmC1YW8mQ1XeCBGsF1PHwO2nLAgF51zx+bt0GqRrK4y68K4ureP4EKQg d+VcE+jUepwTWxy4qmtAM6NHqGbvP3X+/sUd0ghWkOL3//PESjgEUrTRubvBj1j8tqMR del6TugIcqCEcJSRo3/2be++sNrRI9svZYAjePHLA5PJuCh/G9MIWIc4ICk/GtEFul7H lNsUzj4Iz6Ze875Fxh59S4dGtwNI34feJmgPuRb4ya56tky4Dd07wOh2F/MgM6lWBn3T kVKw==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fYZjAkd2; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-191603-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-191603-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [2604:1380:4601:e00::3]) by mx.google.com with ESMTPS id 4fb4d7f45d1cf-5785246106bsi4349920a12.304.2024.05.27.18.07.35 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 27 May 2024 18:07:35 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-191603-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) client-ip=2604:1380:4601:e00::3; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=fYZjAkd2; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-191603-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:4601:e00::3 as permitted sender) smtp.mailfrom="linux-kernel+bounces-191603-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 4AF2F1F21B45 for ; Tue, 28 May 2024 01:07:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 2E7AF9450; Tue, 28 May 2024 01:07:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="fYZjAkd2" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 41745440C; Tue, 28 May 2024 01:07:25 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716858447; cv=none; b=hDg5OBF+EWSCjIdvNV6AuHFFh1qs6dR6qucW5nDSpLEEVJyCKAmJuOUnoWeteWl/Pkb0BS6dolRVlwzQaO2rXODL+R1/2QsLl6P9b+BLZCeE0uY1+Dr4PdPMSnKtUXP107XOV8liOjUfN8pm6A/9AyFtwlchJ313OLSZV1g+VUY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716858447; c=relaxed/simple; bh=x01mRSeEEp365e3rkUTkz6OZ1lHWe6WZhGNIWXO4aQ4=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To: References:In-Reply-To; b=Xu5eBOFNq4lfLvwt4cVYH0mbJ/WrprVYPHbvLgT/Z7GGYvOA6jy2RgRKP+kipvBy+Xnq6mrYzyeXxOL+Xf1w5McJ0kozQTv17gyBPX29DmLgMu/1YfnrM4LzbhhnKecOhEqcbiLKS7qH/EqgKmo78tfF0dp1XQhYNgt+xaqZfP4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=fYZjAkd2; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id DE3E6C2BBFC; Tue, 28 May 2024 01:07:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716858445; bh=x01mRSeEEp365e3rkUTkz6OZ1lHWe6WZhGNIWXO4aQ4=; h=Date:Cc:Subject:From:To:References:In-Reply-To:From; b=fYZjAkd2U/cvqzRFU6sGdwfqPEKwUqQymcgvUecyz/a8yMmage9eULg7a9fXX/Ies ekaI7x6IxdjrD8Rb4EKby33vr/9srXsxmJgc6eRMMekAYCGmeuG0CeW3InIlpeYJqj OrAz5MfF0o69S/FfczwvHp6/aDiJDblZgOb5xPTHD53kmHqD1T1vR9spztOeULTbPW G/iDUj+2PpXLNbHZdVLnSjWXwD7WrqYcFJMT3BaEQ/F4GXrbny9s7QT6NzcHor7liA Px/Ge5Xc4ON1LkgPPtZwF19dfhSraExPTR0rRHTm1qeR1foniCR2a50ZRlAm2zqAeV Mut5KdkR7onzw== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Tue, 28 May 2024 04:07:20 +0300 Message-Id: Cc: , "Peter Huewe" , "Jason Gunthorpe" , "Mimi Zohar" , "David Howells" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , , Subject: Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default From: "Jarkko Sakkinen" To: "Jarkko Sakkinen" , "James Bottomley" , "Vitor Soares" , X-Mailer: aerc 0.17.0 References: <20240519235122.3380-1-jarkko@kernel.org> <20240519235122.3380-2-jarkko@kernel.org> <850862655008f84ef0b6ecd99750e8dc395304d1.camel@gmail.com> <17dc838120b56ce342c34611596c7b46dcd9ab5a.camel@HansenPartnership.com> <2dd8d49516ec9c7cb8c1182b5b8537b1e82d7067.camel@gmail.com> <17a5dcd7aceb356587ef7c8f45b0f6359b2d2a91.camel@HansenPartnership.com> <0c12c9ea10aa97e246230fc33e6b35c571102b48.camel@gmail.com> <3e4bbd0f0fe9f57fd7555a3775e8d71031c0d6c5.camel@gmail.com> <6e326fa73968839199378694d4e7cc2544326fa6.camel@HansenPartnership.com> <439c3a66a995429f6c8603640477580e17d03104.camel@HansenPartnership.com> In-Reply-To: On Tue May 28, 2024 at 4:04 AM EEST, Jarkko Sakkinen wrote: > On Tue May 28, 2024 at 2:44 AM EEST, James Bottomley wrote: > > On Tue, 2024-05-28 at 02:17 +0300, Jarkko Sakkinen wrote: > > > On Tue May 28, 2024 at 12:36 AM EEST, James Bottomley wrote: > > > > On Mon, 2024-05-27 at 22:53 +0300, Jarkko Sakkinen wrote: > > > > > On Mon May 27, 2024 at 8:57 PM EEST, James Bottomley wrote: > > > > > > On Mon, 2024-05-27 at 18:34 +0300, Jarkko Sakkinen wrote: > > > > [...] > > > > > > > While looking at code I started to wanted what was the > > > > > > > reasoning for adding *undocumented* "TPM2_OA_TMPL" in > > > > > > > include/linux/tpm.h.It should really be in tpm2-sessions.c > > > > > > > and named something like TPM2_NULL_KEY_OA or similar. > > > > > >=20 > > > > > > Well, because you asked for it. I originally had all the flags > > > > > > spelled out and I'm not a fan of this obscurity, but you have > > > > > > to do stuff like this to get patches accepted: > > > > > >=20 > > > > > > https://lore.kernel.org/linux-integrity/CZCKTWU6ZCC9.2UTEQPEVIC= YHL@suppilovahvero/ > > > > >=20 > > > > > I still think the constant does make sense. > > > >=20 > > > > I'm not so sure.=C2=A0 The TCG simply defines it as a collection of > > > > flags and every TPM tool set I've seen simply uses a list of flags > > > > as well. The original design was that the template would be in > > > > this one place and everything else would call into it.=C2=A0 I thin= k the > > > > reason all template construction looks similar is for ease of > > > > auditing (it's easy to get things, particularly the flags, wrong). > > > >=20 > > > > If it only has one use case, it should be spelled out but if > > > > someone else would use it then it should be in the tpm.h shared > > > > header. > > >=20 > > > It is used only in tpm2-sessions.c and for the null key so there it > > > should be. And it is also lacking the associated documentation. Now > > > both name and context it is used is lost. > > > > The comment above the whole thing says what it is and where it comes > > from: > > > > /* > > * create the template. Note: in order for userspace to > > * verify the security of the system, it will have to create > > * and certify this NULL primary, meaning all the template > > * parameters will have to be identical, so conform exactly to > > * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC > > * key H template (H has zero size unique points) > > */ > > > > If we put the broken out flags back it's all fully documented. > > Not the most productive conclusion when refusing to follow properly a > trivial request in the review feedback tbh. In any case this particular constant can be revisited when otherwise changes happen in the area. It is what it is for the time being. I just need to use more strict and dense filter when check the patch revisions next time. BR, Jarkko