Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp4165852pxf; Tue, 30 Mar 2021 00:28:09 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyZMC9XQuDNGkl4CwTMr9nfh/n92hoJWyyGSOlM7LmxAeUKDpTTpotxHHPC5yEqPrlOlvlm X-Received: by 2002:aa7:c0cd:: with SMTP id j13mr33329533edp.41.1617089289320; Tue, 30 Mar 2021 00:28:09 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617089289; cv=none; d=google.com; s=arc-20160816; b=HsjkhduxSXZD5uyKCVRmTeJAeNeW3G9osuPoWhxoS9VgTAXesVemw+P0pv3S8icLW4 qVItZlScyWUXYFhVOYn9D7Z+zDBMn8pYku+UwHptEbaECrIKSf9tvEN3z+f2BGDzrwu8 aj14CghScNZREMr8Hb+kmKDfGZItkuqWYlYMVPcOVqSrAgpGdpR4Xa1mWOI0bDEYpt7w NltPTrzdFCvV1O3CJpXdE3fIbCzWvWAJJFKkgn/6UpUbcbdjvdHWmRTcfEzX88+bR4sd Y8qB6alQtNPf3KNBF20JPPGKDIAUQE+B1/IKyNOef6mzVrlAtqdkNCemxFtnxkhNN/7N gUTw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=af4hT6RKaQH4UftQDbKN5QPOjXiK86/wlCCe+4hZGdc=; b=bj1S6NauyvQJt4/yHT9DvWevzL4sh84h4fyIw4uSu5NU9+CLog0zTMFqwxnsPA3fiq 86peDc92GMGWwxw29YAMcQKkWFJTFla0UhXfAQGQ2KD4exa7FpJehaB41q2qEaRdjzq8 vEkvOcHbJ7Ek1LGZVZMi1lCFJzCFoQEhcXlvVD8tQ1cjJEYoAP8Mc7KGEY5Qu+q8k3Sn 7R/TVPmBrfed5uyxHXADjxNXf0pKtEjE1MM7OK9d7lcpNYGOYmyHUFvokz4b4RfplAFz EGcCVOXsmkg5JF5RL/nv6IR3rPt8i/86P+LKs3W8yjtAwWV0VrqSx54XsvTGpSGUTthp BY4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NUla3Scp; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a8si14370910ejt.44.2021.03.30.00.27.38; Tue, 30 Mar 2021 00:28:09 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.s=google header.b=NUla3Scp; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231124AbhC3H1F (ORCPT + 99 others); Tue, 30 Mar 2021 03:27:05 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:38394 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230209AbhC3H0y (ORCPT ); Tue, 30 Mar 2021 03:26:54 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 59B8DC061765 for ; Tue, 30 Mar 2021 00:26:54 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id q29so22204501lfb.4 for ; Tue, 30 Mar 2021 00:26:54 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=af4hT6RKaQH4UftQDbKN5QPOjXiK86/wlCCe+4hZGdc=; b=NUla3ScpKv1xeAWa3oYor1HqrS/QBdHFVbD97Gy2NLtpj6f7l2kc1YuVycA+6xgDsi 9l7wkk1VeogBBuKyQgr52c9E9XztS56+62DQeXZEzEP9oeFxv1R4pBjtUE5YXoqeUmDR ygTmKi3BM6um384QWqUj1HKRFKr64dVReOWoSQ/bOlimMNzeyk8RRDcabaNIj7rZs7CH 04Rj9WUsZ3jLmC/of9MwmcFN+nNvknx0r5TBXUfW+EsQ459b+GxjLJbw48HFQLRgf2nR 0j/rJpyVkw6WltmcEO5Sa5tf3UaXGLTHPOoHlWyOe9aVBQi78oClX+hFcLSfXjnPyKj2 d5HQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=af4hT6RKaQH4UftQDbKN5QPOjXiK86/wlCCe+4hZGdc=; b=L9/cBOHX85topRxfyNAE7Z/8OiAADr8qLluzUZTJ3U73135QOORIsds9xtrFaJCPG+ 8AoZokd65jY9JZvofpCdJM0NxkGsdlYc7lPEFklnTRm4FEHnfredGwWMYvrk+lTrzB2R yOtv1rcEbSWKhAq2MEwrKTbXDVFEIjBMiC95MhfyHB5/PJeiCVxOWv0qjz2y3e1y35ud nvkrj4H+LNFOgdPfrJ+8hH4YN683rbtycFsoHsk0cU0akZ+2FWrDqHSIKJDigxzccAc1 tu1aNmoYpfoCZt0I5U1LBmvTTpsuNvg/CglHhr0bilZvn7Wzo28j3wB3m1d3OZW65O67 1zQw== X-Gm-Message-State: AOAM533ZpyVOPjF3c0IVb5AwiUXCQtv5rGABZQMXuIRTKuG7gfZix6Yf aFFF1aTRUWGnJGPcxz4heMJrx8IVLAILa/ptkLhgrA== X-Received: by 2002:ac2:5970:: with SMTP id h16mr18009743lfp.108.1617089212472; Tue, 30 Mar 2021 00:26:52 -0700 (PDT) MIME-Version: 1.0 References: <319e558e1bd19b80ad6447c167a2c3942bdafea2.1615914058.git-series.a.fatoum@pengutronix.de> <01e6e13d-2968-0aa5-c4c8-7458b7bde462@nxp.com> <45a9e159-2dcb-85bf-02bd-2993d50b5748@pengutronix.de> <63dd7d4b-4729-9e03-cd8f-956b94eab0d9@pengutronix.de> <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de> <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at> In-Reply-To: From: Sumit Garg Date: Tue, 30 Mar 2021 12:56:41 +0530 Message-ID: Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys To: Jarkko Sakkinen Cc: David Gstir , Ahmad Fatoum , Mimi Zohar , =?UTF-8?Q?Horia_Geant=C4=83?= , Jonathan Corbet , David Howells , James Bottomley , "kernel@pengutronix.de" , James Morris , "Serge E. Hallyn" , Aymen Sghaier , Herbert Xu , "David S. Miller" , Udit Agarwal , Jan Luebbe , Franck Lenormand , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Mon, 29 Mar 2021 at 01:07, Jarkko Sakkinen wrote: > > On Sat, Mar 27, 2021 at 01:41:24PM +0100, David Gstir wrote: > > Hi! > > > > > On 25.03.2021, at 06:26, Sumit Garg wrote: > > > > > > On Wed, 24 Mar 2021 at 19:37, Ahmad Fatoum = wrote: > > >> > > >> Hello Sumit, > > >> > > >> On 24.03.21 11:47, Sumit Garg wrote: > > >>> On Wed, 24 Mar 2021 at 14:56, Ahmad Fatoum wrote: > > >>>> > > >>>> Hello Mimi, > > >>>> > > >>>> On 23.03.21 19:07, Mimi Zohar wrote: > > >>>>> On Tue, 2021-03-23 at 17:35 +0100, Ahmad Fatoum wrote: > > >>>>>> On 21.03.21 21:48, Horia Geant=C4=83 wrote: > > >>>>>>> caam has random number generation capabilities, so it's worth u= sing that > > >>>>>>> by implementing .get_random. > > >>>>>> > > >>>>>> If the CAAM HWRNG is already seeding the kernel RNG, why not use= the kernel's? > > >>>>>> > > >>>>>> Makes for less code duplication IMO. > > >>>>> > > >>>>> Using kernel RNG, in general, for trusted keys has been discussed > > >>>>> before. Please refer to Dave Safford's detailed explanation for= not > > >>>>> using it [1]. > > >>>> > > >>>> The argument seems to boil down to: > > >>>> > > >>>> - TPM RNG are known to be of good quality > > >>>> - Trusted keys always used it so far > > >>>> > > >>>> Both are fine by me for TPMs, but the CAAM backend is new code and= neither point > > >>>> really applies. > > >>>> > > >>>> get_random_bytes_wait is already used for generating key material = elsewhere. > > >>>> Why shouldn't new trusted key backends be able to do the same thin= g? > > >>>> > > >>> > > >>> Please refer to documented trusted keys behaviour here [1]. New > > >>> trusted key backends should align to this behaviour and in your cas= e > > >>> CAAM offers HWRNG so we should be better using that. > > >> > > >> Why is it better? > > >> > > >> Can you explain what benefit a CAAM user would have if the trusted k= ey > > >> randomness comes directly out of the CAAM instead of indirectly from > > >> the kernel entropy pool that is seeded by it? > > > > > > IMO, user trust in case of trusted keys comes from trusted keys > > > backend which is CAAM here. If a user doesn't trust that CAAM would > > > act as a reliable source for RNG then CAAM shouldn't be used as a > > > trust source in the first place. > > > > > > And I think building user's trust for kernel RNG implementation with > > > multiple entropy contributions is pretty difficult when compared with > > > CAAM HWRNG implementation. > > > > Generally speaking, I=E2=80=99d say trusting the CAAM RNG and trusting = in it=E2=80=99s > > other features are two separate things. However, reading through the CA= AM > > key blob spec I=E2=80=99ve got here, CAAM key blob keys (the keys that = secure a blob=E2=80=99s > > content) are generated using its internal RNG. So I=E2=80=99d save if t= he CAAM RNG > > is insecure, so are generated key blobs. Maybe somebody with more insig= ht > > into the CAAM internals can verify that, but I don=E2=80=99t see any po= int in using > > the kernel=E2=80=99s RNG as long as we let CAAM generate the key blob k= eys for us. > > Here's my long'ish analysis. Please read it to the end if by ever means > possible, and apologies, I usually try to keep usually my comms short, bu= t > this requires some more meat than the usual. > > The Bad News > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > Now that we add multiple hardware trust sources for trusted keys, will > there ever be a scenario where a trusted key is originally sealed with a > backing hardware A, unsealed, and resealed with hardware B? > > The hardware and vendor neutral way to generate the key material would be > unconditionally always just the kernel RNG. > > CAAM is actually worse than TCG because it's not even a standards body, i= f > I got it right. Not a lot but at least a tiny fraction. > > This brings an open item in TEE patches: trusted_tee_get_random() is an > issue in generating kernel material. I would rather replace that with > kernel RNG *for now*, because the same open question applies also to ARM > TEE. It's also a single company controlled backing technology. > > By all practical means, I do trust ARM TEE in my personal life but this i= s > not important. > > CAAM *and* TEE backends break the golden rule of putting as little trust = as > possible to anything, even not anything weird is clear at sight, as > security is essentially a game of known unknowns and unknown unknowns. > > Unfortunately, TPM trusted keys started this bad security practice, and > obviously it cannot be fixed without breaking uapi backwards compatibilit= y. > > This leaves me exactly two rational options: > > A. Add a patch to remove trusted_tee_get_random() and use kernel RNG > instead. > B. Drop the whole TEE patch set up until I have good reasons to believe > that it's the best possible idea ever to use TEE RNG. > > Doing does (A) does not disclude of doing (B) later on, if someone some > day sends a patch with sound reasoning. > > It's also good to understand that when some day a vendor D, other than TC= G, > CAAM or ARM, comes up, we need to go again this lenghty and messy > discussion. Now this already puts an already accepted patch set into a > risk, because by being a responsible maintainer I would have legit reason= s > just simply to drop it. > > OK, but.... > > The GOOD News > =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D > > So there's actually option (C) that also fixes the TPM trustd keys issue: > > Add a new kernel patch, which: > > 1. Adds the use of kernel RNG as a boot option. > 2. If this boot option is not active, the subsystem will print a warning > to klog denoting this. > 3. Default is of course vendor RNG given the bad design issue in the TPM > trusted keys, but the warning in klog will help to address it at least > a bit. > 4. Document all this to Documentation/security/keys/trusted-encrypted.rst= . > > I'd prefer the choice between A, B and C be concluded rather sooner than > later. Option (C) sounds reasonable to me but I would rather prefer an info message rather than warning as otherwise it would reflect that we are enforcing kernel RNG choice for a user to trust upon. -Sumit > > /Jarkko