Received: by 2002:a05:6a10:c604:0:0:0:0 with SMTP id y4csp4633529pxt; Wed, 11 Aug 2021 10:18:01 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxrroV7NtjRXzWpP+qvNGEZxEnEwU7ktvyaDmKnWlcE32OPuCZKNLQfWDkkUKqjcrZDssAL X-Received: by 2002:a05:6602:446:: with SMTP id e6mr158676iov.3.1628702281133; Wed, 11 Aug 2021 10:18:01 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1628702281; cv=none; d=google.com; s=arc-20160816; b=vwtXcW0Cmb0gdE5yXsANuixRuyQYLK9fGXDil6NFwAMcm7serx+yzxoCu9are8pe7n wjOdA2YVwxeoa0+JdUaRaBY5RJLn4S/rs0OWeIhc0uX2Ae9jBIIp3Lk6Rr+y9RpVS20N +mtsEB/WCK8K1E95iYg9Lng9iG8FLUzeX9EOzY6ndXluGmJJkBK+6O3Tba3apWR1qN1E uAU5Fb0k2lP2kUb6L6zuL7tJ2Bm1IxwKBiWC/q6GdBLYE85JOHhjuN+DaVdwzs+LRLdp WkOLds9UuX/G5QUYpkM/lHRRkMszl0Bl/Lu3gdrDl4xLg3hHbOfEvEEqxOx6RVNctkon hBEg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=BPXyZaoBE+T+Dxyd55GiDd7ymfAZ67hkkr8FQOveO5w=; b=uvwQeNzQo/U1AbMs58tODXJpkcIax/EUTpqodaMUCNtJVeptj+SCX/QxFkgdzLV6le 2UJDaWeN1Hz+8EEUYXcbeEliA1osU5qeRZFkSYzglRC9gU5sTYdJqowqQF20J8G1QCjH 8HyogO+bOjM4iowd37iiqVSXVVygmq9Vq7oEs6Ex9msgDUqqX4mElanWJvqoQHMNXCZR B6Cu9L6sA25n02pro9x81QyfPQ9rAWiP0Ssf0nNxOlJ9LqY5bkyylnu3CKKpI9R2MgF5 uLdEkojsrYJVueBycdyh0hTudLAP1ys1ZcBZhLg0QWgAEWZFsYkgU40jr/hb06Q1lMvW jxLg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=R4lANRmD; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id d3si1897789ilq.47.2021.08.11.10.17.48; Wed, 11 Aug 2021 10:18:01 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=R4lANRmD; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231215AbhHKRQe (ORCPT + 99 others); Wed, 11 Aug 2021 13:16:34 -0400 Received: from mail.kernel.org ([198.145.29.99]:57480 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231264AbhHKRQ3 (ORCPT ); Wed, 11 Aug 2021 13:16:29 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id A77F760720; Wed, 11 Aug 2021 17:16:04 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1628702165; bh=9h03uKGoS94D5joA0oQ8vjBfh49XzjEF5chJiZqRUSM=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=R4lANRmD7F79aJk1QwsPA2lv4OQqEB1kpG2XjTPtoXxx6kuKdityhC7zcwKDhreDm XsJtAmOJwSddjxQ448+ktoeI/eZG+BkVyc8KFEo9igVGQiUXZozh4ciYpL3BBkmy/C MSYHY5jOe/mKDm+DeplA7idJPn7uEyxVgcHpr/tEE0XIP51hv1ElOHYW1uwu9jfjA+ 5YH/uPw3qKgSzzl5x8Ds9Ib4uFTwfnJNyYHvdvJQ8gOhgKZnARoeLVfV4/WPn2nr8T BtQn83YSoqFY/rAzopncT84KP1iFL+r8KclwjGHTrQL7ZQQK11C+VpuZ4WRpn9JLly baVtflrGpwJlA== Date: Wed, 11 Aug 2021 10:16:03 -0700 From: Eric Biggers To: Mimi Zohar Cc: Jarkko Sakkinen , Ahmad Fatoum , "Theodore Y. Ts'o" , Jaegeuk Kim , kernel@pengutronix.de, James Morris , "Serge E. Hallyn" , James Bottomley , Sumit Garg , David Howells , linux-fscrypt@vger.kernel.org, linux-crypto@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [PATCH v2] fscrypt: support trusted keys Message-ID: References: <20210806150928.27857-1-a.fatoum@pengutronix.de> <20210809094408.4iqwsx77u64usfx6@kernel.org> <20210810180636.vqwaeftv7alsodgn@kernel.org> <20210810212140.sdq5dq2wy5uaj7h7@kernel.org> <20210811001743.ofzkwdwa6rcjsf4d@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Wed, Aug 11, 2021 at 07:34:18AM -0400, Mimi Zohar wrote: > On Wed, 2021-08-11 at 03:17 +0300, Jarkko Sakkinen wrote: > > On Tue, Aug 10, 2021 at 02:27:24PM -0700, Eric Biggers wrote: > > > On Wed, Aug 11, 2021 at 12:21:40AM +0300, Jarkko Sakkinen wrote: > > > > On Tue, Aug 10, 2021 at 11:46:49AM -0700, Eric Biggers wrote: > > > > > On Tue, Aug 10, 2021 at 09:06:36PM +0300, Jarkko Sakkinen wrote: > > > > > > > > > > > > > > > > I don't think this is right, or at least it does not follow the pattern > > > > > > > > in [*]. I.e. you should rather use trusted key to seal your fscrypt key. > > > > > > > > > > > > > > What's the benefit of the extra layer of indirection over just using a "trusted" > > > > > > > key directly? The use case for "encrypted" keys is not at all clear to me. > > > > > > > > > > > > Because it is more robust to be able to use small amount of trusted keys, > > > > > > which are not entirely software based. > > > > > > > > > > > > And since it's also a pattern on existing kernel features utilizing trusted > > > > > > keys, the pressure here to explain why break the pattern, should be on the > > > > > > side of the one who breaks it. > > > > > > > > > > This is a new feature, so it's on the person proposing the feature to explain > > > > > why it's useful. The purpose of "encrypted" keys is not at all clear, and the > > > > > documentation for them is heavily misleading. E.g.: > > > > > > > > > > "user space sees, stores, and loads only encrypted blobs" > > > > > (Not necessarily true, as I've explained previously.) > > > > > > > > > > "Encrypted keys do not depend on a trust source" ... "The main disadvantage > > > > > of encrypted keys is that if they are not rooted in a trusted key" > > > > > (Not necessarily true, and in fact it seems they're only useful when they > > > > > *do* depend on a trust source. At least that's the use case that is being > > > > > proposed here, IIUC.) > > > > > > > > > > I do see a possible use for the layer of indirection that "encrypted" keys are, > > > > > which is that it would reduce the overhead of having lots of keys be directly > > > > > encrypted by the TPM/TEE/CAAM. Is this the use case? If so, it needs to be > > > > > explained. > > > > > > > > If trusted keys are used directly, it's an introduction of a bottleneck. > > > > If they are used indirectly, you can still choose to have one trusted > > > > key per fscrypt key. > > > > > > > > Thus, it's obviously a bad idea to use them directly. > > > > > > So actually explain that in the documentation. It's not obvious at all. And > > > does this imply that the support for trusted keys in dm-crypt is a mistake? > > > > Looking at dm-crypt implementation, you can choose to use 'encrypted' key > > type, which you can seal with a trusted key. > > > > Note: I have not been involved when the feature was added to dm-crypt. > > At least for TPM 1.2, "trusted" keys may be sealed to a PCR and then > extended to prevent subsequent usage. For example, in the initramfs > all of the "encrypted" keys could be decrypted by a single "trusted" > key, before extending the PCR. > > Mimi > Neither of you actually answered my question, which is whether the support for trusted keys in dm-crypt is a mistake. I think you're saying that it is? That would imply that fscrypt shouldn't support trusted keys, but rather encrypted keys -- which conflicts with Ahmad's patch which is adding support for trusted keys. Note that your reasoning for this is not documented at all in the trusted-encrypted keys documentation; it needs to be (email threads don't really matter), otherwise how would anyone know when/how to use this feature? - Eric