diff for duplicates of <1520720026.4495.11.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index 82f5076..eb10051 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -1,14 +1,14 @@ By now, everybody knows we have a problem with the TPM2_RS_PW easy button on TPM2 in that transactions on the TPM bus can be intercepted -and altered. The way to fix this is to use real sessions for HMAC +and altered. ?The way to fix this is to use real sessions for HMAC capabilities to ensure integrity and to use parameter and response encryption to ensure confidentiality of the data flowing over the TPM bus. This patch series is about adding a simple API which can ensure the above properties as a layered addition to the existing TPM handling -code. This series now includes protections for PCR extend, getting -random numbers from the TPM and data sealing and unsealing. It +code. ?This series now includes protections for PCR extend, getting +random numbers from the TPM and data sealing and unsealing. ?It therefore eliminates all uses of TPM2_RS_PW in the kernel and adds encryption protection to sensitive data flowing into and out of the TPM. @@ -26,7 +26,7 @@ that comes with a policy, so the API will have to be extended to fix that case I've verified this using the test suite in the last patch on a VM -connected to a tpm2 emulator. I also instrumented the emulator to make +connected to a tpm2 emulator. ?I also instrumented the emulator to make sure the sensitive data was properly encrypted. James @@ -58,3 +58,7 @@ James Bottomley (6): -- 2.12.3 +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 7cc083f..ed564ed 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,23 +1,20 @@ - "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" + "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" "Subject\0[PATCH v3 0/6] add integrity and security to TPM2 transactions\0" "Date\0Sat, 10 Mar 2018 14:13:46 -0800\0" - "To\0linux-integrity@vger.kernel.org\0" - "Cc\0linux-crypto@vger.kernel.org" - linux-security-module@vger.kernel.org - " Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "By now, everybody knows we have a problem with the TPM2_RS_PW easy\n" "button on TPM2 in that transactions on the TPM bus can be intercepted\n" - "and altered. The way to fix this is to use real sessions for HMAC\n" + "and altered. ?The way to fix this is to use real sessions for HMAC\n" "capabilities to ensure integrity and to use parameter and response\n" "encryption to ensure confidentiality of the data flowing over the TPM\n" "bus.\n" "\n" "This patch series is about adding a simple API which can ensure the\n" "above properties as a layered addition to the existing TPM handling\n" - "code. This series now includes protections for PCR extend, getting\n" - "random numbers from the TPM and data sealing and unsealing. It\n" + "code. ?This series now includes protections for PCR extend, getting\n" + "random numbers from the TPM and data sealing and unsealing. ?It\n" "therefore eliminates all uses of TPM2_RS_PW in the kernel and adds\n" "encryption protection to sensitive data flowing into and out of the\n" "TPM.\n" @@ -35,7 +32,7 @@ "that case\n" "\n" "I've verified this using the test suite in the last patch on a VM\n" - "connected to a tpm2 emulator. I also instrumented the emulator to make\n" + "connected to a tpm2 emulator. ?I also instrumented the emulator to make\n" "sure the sensitive data was properly encrypted.\n" "\n" "James\n" @@ -66,6 +63,10 @@ " create mode 100644 drivers/char/tpm/tpm2-sessions.h\n" "\n" "-- \n" - 2.12.3 + "2.12.3\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -36c016c5bd0dc13fb6c1959dafebe303385341541273fce6ddfa91b0c99da3d5 +ca5fa145f4b47cab493ad064150e22a9157d146c305890d95c4e26074afaffab
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.