Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp56829pxf; Wed, 31 Mar 2021 16:33:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxYh0/XLwn2o7eC3Zu1UFe5F1xfWpR+FGErbNhbYqYwownr9a2aMEKn1HkPo5IzdVqdZg13 X-Received: by 2002:aa7:ce8a:: with SMTP id y10mr6836643edv.66.1617233603328; Wed, 31 Mar 2021 16:33:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1617233603; cv=none; d=google.com; s=arc-20160816; b=VBlC98300GLpd/irA8as6jyi3NHOtI7CQnXGp8KyNa+p8Czo7oEnovGuCubLD+2XGF kD7CMNlxngrgcrKNzxRuh/upgbRj1BiyOmOErNdeVZHVO2uHnwIVWZXXkLMYQ6PGpB0C 2cZsCSh4tX7JJ3VuXBcGiTStTnALq7cl9B21C79+WMaWa41A1PgiPUTZSOVAZ8g2gfd9 QRrMcaZFoPqCbsDtscuYAzlDJrZAaq2xnOElxKuKGnpqYIBEBBvJYJfTW3CGoU5RWvDX tIyxYFdNfo2PlgVxPggGaulHcuFyy0JgLm/5NzIhU0p5s2nlQFpD9OlFhjbie/+2shQV 7dVA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=qIgfexVuwIoMdiyrGmzY2D1bzF93zyBjY/UalgJvYqQ=; b=WIVQrAhgLP0twPffDQOgBSSLSms84WmHaN7M9Dv39C+Ai9vV1IcRi9iGPKKwhd4JoA zJgvkoPr2fFNdDaZpqJ3AjOgJ6FbmYVY+nkVIJecWosb9SwBiiHT/5a79k5l1mPwx2fZ iW/IjkjG/EAKiIYD+teZEaMov+r1eZdeoI6WIMFyk+gXYjtk/wvJfMCmbePpZ6NbQo93 kfEILnJgsKWLjoNpXyjK3xwTrjCbq6zmnivGk3/2KwY9HTaBJp4vL08kGD/eqfnCKNVV mRuChcZCbP3koQ0e3t9lY7I45XYsT86KiE923DWfHbNOn8EYuNr6BMEL6YUpL6kDEVzR rTcg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=QLAhGd5d; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ec6si2777626ejb.738.2021.03.31.16.32.59; Wed, 31 Mar 2021 16:33:23 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=QLAhGd5d; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232271AbhCaXcD (ORCPT + 99 others); Wed, 31 Mar 2021 19:32:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:33862 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232982AbhCaXbt (ORCPT ); Wed, 31 Mar 2021 19:31:49 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 4F74260FDB; Wed, 31 Mar 2021 23:31:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1617233508; bh=22Sf+C8CNMBp5xxIlZSGAARcmSEGXDH2/y17KA34uHY=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=QLAhGd5dF1Cfe5ThbKZsmV5wk9gLsS57U6plIuuvArE60HI08QwBFhauWE9sOvNIz 3PLR8A7R5B4VariiO6fUUcQkPJ4+V/GFZU17nbbyI1H9Fq5Uzo6OeW+YyZMvNsQe75 ijCs6yoa9ABtG8hA/k0KlAJ72zlPsJ5bo1fU0FH75alQOFLQMV7k2Vdntuh2+Z7A4S 7Fc5SgWybdXlwnky06ucIP+cQeKo1/q/zM7vUhlj+/kaLR7V3bsLDxB1jZyt3Uc5jP RxTMIQL6XGNWVQu0bFl4w85p6i7Xmzdxf6ignQIa+JBaHSc3gf0Lx5oCgFU7nsJ0+l IzyAqtQpF67Ig== Date: Thu, 1 Apr 2021 02:31:46 +0300 From: Jarkko Sakkinen To: Eric Biggers Cc: David Gstir , Sumit Garg , Ahmad Fatoum , Mimi Zohar , Horia =?utf-8?Q?Geant=C4=83?= , Jonathan Corbet , David Howells , James Bottomley , "kernel@pengutronix.de" , James Morris , "Serge E. Hallyn" , Aymen Sghaier , Herbert Xu , "David S. Miller" , Udit Agarwal , Jan Luebbe , Franck Lenormand , "keyrings@vger.kernel.org" , "linux-crypto@vger.kernel.org" , "linux-doc@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "linux-security-module@vger.kernel.org" Subject: Re: [PATCH v1 3/3] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Message-ID: References: <01e6e13d-2968-0aa5-c4c8-7458b7bde462@nxp.com> <45a9e159-2dcb-85bf-02bd-2993d50b5748@pengutronix.de> <63dd7d4b-4729-9e03-cd8f-956b94eab0d9@pengutronix.de> <557b92d2-f3b8-d136-7431-419429f0e059@pengutronix.de> <6F812C20-7585-4718-997E-0306C4118468@sigma-star.at> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Tue, Mar 30, 2021 at 02:47:18PM -0700, Eric Biggers wrote: > On Sun, Mar 28, 2021 at 11:37:23PM +0300, Jarkko Sakkinen wrote: > > > > Unfortunately, TPM trusted keys started this bad security practice, and > > obviously it cannot be fixed without breaking uapi backwards compatibility. > > > > The whole point of a randomness source is that it is random. So userspace can't > be depending on any particular output, and the randomness source can be changed > without breaking backwards compatibility. > > So IMO, trusted keys should simply be fixed to use get_random_bytes(). > > - Eric It's a bummer but uapi is the god in the end. Since TPM does not do it today, that behaviour must be supported forever. That's why a boot option AND a warning would be the best compromise. /Jarkko