Received: by 2002:a5b:505:0:0:0:0:0 with SMTP id o5csp183524ybp; Thu, 3 Oct 2019 12:00:31 -0700 (PDT) X-Google-Smtp-Source: APXvYqzZUmMMKSyzaJNaR1FVAliJOQddJvxx2Hp+X2YskpJ6d6meYKNoXjCDgZM0/X4Eu6i4YLcO X-Received: by 2002:a05:6402:150a:: with SMTP id f10mr10895540edw.110.1570129231573; Thu, 03 Oct 2019 12:00:31 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1570129231; cv=none; d=google.com; s=arc-20160816; b=iRxzzFLJiIXd+biNdhqbo8xJzYykEjIIugm+wtAYJm3buB5yTBlPNlfF9ROrky+vNC 3DnHpuY65UAyv8mdBIeOs6zNHH3dNKPllaOt17XBxNgJJpRhH/mdOKV1p0DeTds3+isM ZT4UW7Vc3/41UxfFClJSDOZlWyaJtZz9qa7Ie0GAqwZyEKdj2ZqxUOHPHe7BmguTY8ej ymjBmKUgn3lTQ572ttlzS5L9qDf5FSOU5DsMyu/t+KSGMF9KS1xQYtvjHwywWM60q8uU mUZa/YE4XxOxSD9G4JO1VGz6wf0ILV0ZQhONknp6y8Xhj/WDq6dU9yAsuNBCohTvqv48 eEkw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:user-agent:organization:in-reply-to :content-transfer-encoding:content-disposition:mime-version :references:message-id:subject:cc:to:from:date; bh=DYsFv013yHd2GOEtMMuDio7KS/3V/bPmv/Mt6MAHN4Y=; b=0sJjKIORlxrNZGPy7fNzMei7FPFASZhSzX3MhNTfHrWgpXtvtV0scW/opbfSzfxFfR eDGTBa5O0A8DSYnQABgPfHPccirip4rVA5XOSIFmD4Q8oE50R6EvhSs/i0ryM8E/7UTx 5VnfmCoCGOJ8RHoA23UPhZ6QzT2nEkDH7sT7A2f3rTiKDcbV+/rdnzMzWxgfZ1Qh47nt 1V1g1dRbjAraFJ7gqzayNQUCn2KhfKwZFsuzGfx/ajTLBgTF2epK/tRbcd0HJYJUFkzT ZdS38Sfl49Fq4U6OBwL1xFLJQCnwlSj+24AViETkcqFILDTp4xW2Qg1dGfcwDFGLQvNy IpNQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d10si1679299eja.69.2019.10.03.12.00.06; Thu, 03 Oct 2019 12:00:31 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-crypto-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732890AbfJCSPi (ORCPT + 99 others); Thu, 3 Oct 2019 14:15:38 -0400 Received: from mga06.intel.com ([134.134.136.31]:31189 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729199AbfJCSPi (ORCPT ); Thu, 3 Oct 2019 14:15:38 -0400 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from orsmga003.jf.intel.com ([10.7.209.27]) by orsmga104.jf.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 03 Oct 2019 11:15:37 -0700 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.67,253,1566889200"; d="scan'208";a="195300707" Received: from okiselev-mobl1.ccr.corp.intel.com (HELO localhost) ([10.251.93.117]) by orsmga003.jf.intel.com with ESMTP; 03 Oct 2019 11:15:32 -0700 Date: Thu, 3 Oct 2019 21:15:31 +0300 From: Jarkko Sakkinen To: Mimi Zohar Cc: linux-integrity@vger.kernel.org, stable@vger.kernel.org, David Howells , Herbert Xu , "David S. Miller" , "open list:ASYMMETRIC KEYS" , "open list:CRYPTO API" , open list Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() Message-ID: <20191003181531.GD19679@linux.intel.com> References: <20190926171601.30404-1-jarkko.sakkinen@linux.intel.com> <1570024819.4999.119.camel@linux.ibm.com> <20191003114119.GF8933@linux.intel.com> <1570107752.4421.183.camel@linux.ibm.com> <20191003180201.GC19679@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20191003180201.GC19679@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-crypto-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Thu, Oct 03, 2019 at 09:02:01PM +0300, Jarkko Sakkinen wrote: > On Thu, Oct 03, 2019 at 09:02:32AM -0400, Mimi Zohar wrote: > > That isn't a valid justification for changing the original definition > > of trusted keys. ?Just as the kernel supports different methods of > > implementing the same function on different architectures, trusted > > keys will need to support different methods of generating a random > > number. ?? > > This is completely incorrect deduction. The random number generator > inside the kernel is there to gather entropy from different sources. > You would exploit trusted keys to potential weaknesses of a single > entropy source by doing that. > > Of course in TEE platform, TEE can be one of the entropy sources but > there is no reason to weaken the security by using it as the only > sources. I.e. where you go wrong is that you are inter mixing requirements for the payload and for sealing. They are disjoint assets. The rules for the payload should not be dependent on how you seal your trusted key. /Jarkko