Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3471663pxf; Mon, 29 Mar 2021 03:12:58 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzUNcLErOeMjxvRN9wO3Zyt4U6huQhJtPZ1qF9p77kI/kXKbntric6EeJVule4k+FgjmRXQ X-Received: by 2002:a17:907:3f96:: with SMTP id hr22mr27091436ejc.427.1617012778261; Mon, 29 Mar 2021 03:12:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617012778; cv=none; d=google.com; s=arc-20160816; b=sTdidYnPy+jQKHn1Fiw3LBrLxCMRfCyeOAz5kuXx/Dn3cAJ1OO5HbaH5Bm/EFbujrr dx8z0u6q4FItgTv9xY9UuWaOZUmdXHJNpV3cpApogxoFRyoUAG7vOqofdungl4DE+Nav qlOqpJIbv0WTJxT6wbVmxI9SPv/VxGoev2VO9eD1ASKWvnplvMnVQIm/4gZPm/5LFG8F OKIMFdKQl8All8QB0Zja1qMeZixVDCzmaQg+i2S35PGVY5ZBV1nPcteneKkaiBjUD6Hp EuoHbC8YTVM1f67ws9WboaFO438ZPSfAVW61vmuUBfXaICJo3iTN0VSP3fIckBfOe10d 3cLg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:content-language :in-reply-to:mime-version:user-agent:date:message-id:from:references :cc:to:subject; bh=XlBse0NVvEbbivztSFLyCz2uy67zAMnd98YArhz4SaI=; b=rAXp67NfrMe3iqprpY7YiYIrrITYIBQGg0KqEMG0OwyifNN+3Q/uvPhxVHPTnMGLsd QOKQjN049hA9F0UaF9qz1wgvLUq7jFW3xadM3ihcgOH5YMPaWAUeU8vqzWoFKjHi59zA oGdpkr1LyLs9kobvBZzo5SiSELF6U7BDrYXmLDd1krLTQ2roTWRDtJv316iLGjawFzvE p81ySUmvPlAF7bAv1gnT/REhmGbsqqqdj4nLucNJBE2Hh1d9SdTo31CJsVH9lpzH6oVb 7VhDSz3phzIWKWTClvy4oaPfcohGeDvY6KFXOH43jWAg6drFXXecFjxGzPYCuGgy2nb5 jV3A== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id v2si12446484ejw.670.2021.03.29.03.12.28; Mon, 29 Mar 2021 03:12:58 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232469AbhC2KLp (ORCPT + 99 others); Mon, 29 Mar 2021 06:11:45 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44976 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232778AbhC2KLg (ORCPT ); Mon, 29 Mar 2021 06:11:36 -0400 Received: from metis.ext.pengutronix.de (metis.ext.pengutronix.de [IPv6:2001:67c:670:201:290:27ff:fe1d:cc33]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 699D8C061574 for ; Mon, 29 Mar 2021 03:11:36 -0700 (PDT) Received: from gallifrey.ext.pengutronix.de ([2001:67c:670:201:5054:ff:fe8d:eefb] helo=[IPv6:::1]) by metis.ext.pengutronix.de with esmtp (Exim 4.92) (envelope-from ) id 1lQorr-00056a-FI; Mon, 29 Mar 2021 12:11:31 +0200 Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys To: Jarkko Sakkinen , David Gstir Cc: Sumit Garg , Mimi Zohar , =?UTF-8?Q?Horia_Geant=c4=83?= , Jonathan Corbet , David Howells , James Bottomley , "kernel@pengutronix.de" , James Morris , "Serge E. Hallyn" , Aymen Sghaier , Herbert Xu , "David S. Miller" , Udit Agarwal , Jan Luebbe , Franck Lenormand , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" References: <319e558e1bd19b80ad6447c167a2c3942bdafea2.1615914058.git-series.a.fatoum@pengutronix.de> <01e6e13d-2968-0aa5-c4c8-7458b7bde462@nxp.com> <45a9e159-2dcb-85bf-02bd-2993d50b5748@pengutronix.de> <63dd7d4b-4729-9e03-cd8f-956b94eab0d9@pengutronix.de> <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de> <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at> From: Ahmad Fatoum Message-ID: <1171de9c-97b9-3936-707b-16ec34cf94d5@pengutronix.de> Date: Mon, 29 Mar 2021 12:11:24 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit X-SA-Exim-Connect-IP: 2001:67c:670:201:5054:ff:fe8d:eefb X-SA-Exim-Mail-From: a.fatoum@pengutronix.de X-SA-Exim-Scanned: No (on metis.ext.pengutronix.de); SAEximRunCond expanded to false X-PTX-Original-Recipient: linux-crypto@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org Hello Jarkko, On 28.03.21 22:37, Jarkko Sakkinen wrote: > On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote: >> Generally speaking, I’d say trusting the CAAM RNG and trusting in it’s >> other features are two separate things. However, reading through the CAAM >> key blob spec I’ve got here, CAAM key blob keys (the keys that secure a blob’s >> content) are generated using its internal RNG. So I’d save if the CAAM RNG >> is insecure, so are generated key blobs. Maybe somebody with more insight >> into the CAAM internals can verify that, but I don’t see any point in using >> the kernel’s RNG as long as we let CAAM generate the key blob keys for us. > > Here's my long'ish analysis. Please read it to the end if by ever means > possible, and apologies, I usually try to keep usually my comms short, but > this requires some more meat than the usual. Thanks for the write-up! > The Bad News > ============ > > Now that we add multiple hardware trust sources for trusted keys, will > there ever be a scenario where a trusted key is originally sealed with a > backing hardware A, unsealed, and resealed with hardware B? > > The hardware and vendor neutral way to generate the key material would be > unconditionally always just the kernel RNG. > > CAAM is actually worse than TCG because it's not even a standards body, if > I got it right. Not a lot but at least a tiny fraction. CAAM is how NXP calls the crypto accelerator built into some of its SoCs. > This brings an open item in TEE patches: trusted_tee_get_random() is an > issue in generating kernel material. I would rather replace that with > kernel RNG *for now*, because the same open question applies also to ARM > TEE. It's also a single company controlled backing technology. > > By all practical means, I do trust ARM TEE in my personal life but this is > not important. > > CAAM *and* TEE backends break the golden rule of putting as little trust as > possible to anything, even not anything weird is clear at sight, as > security is essentially a game of known unknowns and unknown unknowns. Agreed. > The GOOD News > ============= > > So there's actually option (C) that also fixes the TPM trustd keys issue: > > Add a new kernel patch, which: > > 1. Adds the use of kernel RNG as a boot option. > 2. If this boot option is not active, the subsystem will print a warning > to klog denoting this. > 3. Default is of course vendor RNG given the bad design issue in the TPM > trusted keys, but the warning in klog will help to address it at least > a bit. Why should the TPM backend's choice influence later backends? We could add a new option for key creation time, e.g.: keyctl add trusted kmk "new keylen rng=kernel" @s The default would be rng=vendor if available with a fallback to rng=kernel, which should always be available. > 4. Document all this to Documentation/security/keys/trusted-encrypted.rst. Yes, backends would then document whether they support a rng=vendor or not. > I'd prefer the choice between A, B and C be concluded rather sooner than > later. FWIW, my vote is for option C, with the change described above. Cheers, Ahmad > > /Jarkko > -- Pengutronix e.K. | | Steuerwalder Str. 21 | http://www.pengutronix.de/ | 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 | Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |