Received: by 2002:a05:6358:3188:b0:123:57c1:9b43 with SMTP id q8csp1112634rwd; Sun, 14 May 2023 13:01:29 -0700 (PDT) X-Google-Smtp-Source: ACHHUZ6Bm0Nphz1S7Q29VItnGGSPP1mZve8LoOTtSWdzYsdxz4fpDGgF1suiiVQ58Z8bgW1CkMya X-Received: by 2002:a17:90a:734b:b0:24e:5a5a:1050 with SMTP id j11-20020a17090a734b00b0024e5a5a1050mr32828153pjs.24.1684094489106; Sun, 14 May 2023 13:01:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1684094489; cv=none; d=google.com; s=arc-20160816; b=dhmTIccEluThcbPS4F5aDzvNGRikO93ggd4secNjXadEZnhnd7zxf6Qj0KsJvZghvE 5fDtll3pVIFcZRqh/A32K0G7bxmOqNJEEIv9FNJFrXULLXFCOiOKoKR5rH6Llrhy7Zur 8DHrT4z8obBcMjOvPZQuwvHC17tnICVoOHH9D9kuBgu31iOQxD+7u3k6c4hFfCXeGPkB GiSx9cHd4G2PRDdUiGZIlRzP9qJp9tceGAv3LZxWvam124w5yPx8QBEr9we5VE+Veu1T 7UAICLVC1bkfHxG88hQpmvD2KYZHvEhP5JwdqtUXx/MsspQVTeTiDDqYLjtlI/sTsOGs BGZA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=H1QygJ/joy0yD1v8BVosblUXwZfRBBJGmRcCxfTp18E=; b=tRYNinWJtD374k9bOHShowATtAsB9NWGojEksWrzyfdRWd2/+usptMgnlbwFn4cni5 urQPezmLfv6l3MNhzoOvP/5FUkfU5kr+7TC5FNS2B3g2N8gqB0mQNv0ASEbYSZswAB8p TsZzuz4yXx0b0WpPtFZf3iqZrx0ZOn0MtK5f6KZF1Iym+lRTYCgcbBQ3GlPKOMIp/gPy cr7curJBRM1/2wR1eZ8w96AbjhkQDphnK7x6eh1SwfVNGuEvBe0zp9m7jw3fGzdU75AN PnKIlKAgLCEtZtPaG0HRHbYHeBaGAaVQOw+Osh2F4r3iFLdW+iSF9hszYeNj9a/FsbSL 4mog== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id t189-20020a6381c6000000b0051b70782bc7si14495297pgd.234.2023.05.14.13.01.04; Sun, 14 May 2023 13:01:28 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-crypto-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230024AbjENTL6 (ORCPT + 99 others); Sun, 14 May 2023 15:11:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:44288 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229611AbjENTL5 (ORCPT ); Sun, 14 May 2023 15:11:57 -0400 Received: from cavan.codon.org.uk (irc.codon.org.uk [IPv6:2a00:1098:84:22e::2]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 093A61984; Sun, 14 May 2023 12:11:53 -0700 (PDT) Received: by cavan.codon.org.uk (Postfix, from userid 1000) id 9869140A84; Sun, 14 May 2023 20:11:50 +0100 (BST) Date: Sun, 14 May 2023 20:11:50 +0100 From: Matthew Garrett To: Eric Biggers Cc: Andrew Cooper , Ard Biesheuvel , Ross Philipson , linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, James.Bottomley@hansenpartnership.com, luto@amacapital.net, nivedita@alum.mit.edu, kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com Subject: Re: [PATCH v6 06/14] x86: Add early SHA support for Secure Launch early measurements Message-ID: <20230514191150.GA17168@srcf.ucam.org> References: <20230504145023.835096-1-ross.philipson@oracle.com> <20230504145023.835096-7-ross.philipson@oracle.com> <20230510012144.GA1851@quark.localdomain> <20230512110455.GD14461@srcf.ucam.org> <20230512112847.GF14461@srcf.ucam.org> <4acf414e-67e7-c964-566b-a5e657e9d1bb@citrix.com> <20230514181817.GA9528@sol.localdomain> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20230514181817.GA9528@sol.localdomain> User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-0.8 required=5.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,KHOP_HELO_FCRDNS,SPF_HELO_NEUTRAL, SPF_NEUTRAL,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-crypto@vger.kernel.org On Sun, May 14, 2023 at 11:18:17AM -0700, Eric Biggers wrote: > On Fri, May 12, 2023 at 01:24:22PM +0100, Andrew Cooper wrote: > > You're suggesting that because Linux has been slow to take D-RTM over > > the past decade, you're going to intentionally break people with older > > hardware just because you don't feel like using an older algorithm? > > > > That's about the worst possible reason to not take support. > > > > There really are people in the world with older TPM 1.2 systems where > > this D-RTM using SHA1 only is an improvement over using the incumbent tboot. > > > > ~Andrew > > This patchset is proposing a new kernel feature. So by definition, there are no > existing users of it that can be broken. The patchset reimplements a more extensible version of an existing feature which people already consume, and presumably people will be encouraged to transition to it. There is plenty of hardware that supports this feature that only implements SHA-1. If you want to propose that the kernel not implement any functionality that uses deprecated hash algorithms then that seems like a larger conversation rather than one that should focus on a single pachset.