Re: How to generate and load evm-key in TPM less systems

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Mimi Zohar <zohar@linux.ibm.com>
To: rishi gupta <gupt21@gmail.com>,
	linux-integrity@vger.kernel.org,
	Dave Chinner <david@fromorbit.com>,
	"Theodore Y. Ts'o" <tytso@mit.edu>,
	zohar@linux.vnet.ibm.com
Cc: James Bottomley <jejb@linux.vnet.ibm.com>
Subject: Re: How to generate and load evm-key in TPM less systems
Date: Sun, 29 Jul 2018 20:35:12 -0400	[thread overview]
Message-ID: <1532910912.4337.75.camel@linux.ibm.com> (raw)
In-Reply-To: <CALUj-guObu_R6--mbiNmF_ZgGNayr5Tj3pKVtW2VC3ZWWZypsg@mail.gmail.com>

[Cc'ing James Bottomley]

On Sun, 2018-07-29 at 23:46 +0530, rishi gupta wrote:
> Hi Integrity team,
> 
> IMA is working fine in our embedded linux product and now we are trying to
> implement EVM. Our system does not have TPM but have trustzone and crypto
> engine. My question is:
> 
> 1. What is the standard practice to generate and load evm-key in systems
> that does not have TPM.

TPMs are really cheap.   Convince your product group to include a TPM?

"encrypted" keys can be decrypted either by a "trusted" or a "user"
type key, but the latter is not considered safe and should be limited
to test environments.

Udit Agarwal recently suggested defining a new key type named "secure"
keys, but didn't explain what made them secure.  The "secure" key type
was limited to CAAM.

> 2. Suppose we have an encrypted key which has been decrypted and loaded in
> kernel. Isn't it an attacker can analyse RAM and get the evm-key. Am I
> missing something here.

No, what you're saying is true.  In a secure, locked down environment
analyzing kernel memory (should still) requires root privileges.

Mimi

next prev parent reply	other threads:[~2018-07-30  2:07 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-29 18:16 How to generate and load evm-key in TPM less systems rishi gupta
2018-07-30  0:35 ` Mimi Zohar [this message]
2018-07-30  3:51   ` rishi gupta

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1532910912.4337.75.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=david@fromorbit.com \
    --cc=gupt21@gmail.com \
    --cc=jejb@linux.vnet.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=tytso@mit.edu \
    --cc=zohar@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.