From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Date: Fri, 24 Aug 2018 11:22:39 +0000 Subject: Re: [PATCH 01/23] TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev Message-Id: <1535109759.19550.355.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="ibm852" Content-Transfer-Encoding: base64 List-Id: References: <153486700916.13066.12870860668352070081.stgit@warthog.procyon.org.uk> <153486701644.13066.13372706238885253812.stgit@warthog.procyon.org.uk> <20180821183004.GB25543@ziepe.ca> <20180824062434.GB3584@linux.intel.com> <20180824062557.GC3584@linux.intel.com> In-Reply-To: <20180824062557.GC3584@linux.intel.com> To: Jarkko Sakkinen , Jason Gunthorpe Cc: David Howells , denkenz@gmail.com, jejb@linux.vnet.ibm.com, keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org T24gRnJpLCAyMDE4LTA4LTI0IGF0IDA5OjI1ICswMzAwLCBKYXJra28gU2Fra2luZW4gd3JvdGU6 Cj4gT24gRnJpLCBBdWcgMjQsIDIwMTggYXQgMDk6MjQ6MzRBTSArMDMwMCwgSmFya2tvIFNha2tp bmVuIHdyb3RlOgo+ID4gT24gVHVlLCBBdWcgMjEsIDIwMTggYXQgMTI6MzA6MDRQTSAtMDYwMCwg SmFzb24gR3VudGhvcnBlIHdyb3RlOgo+ID4gPiBPbiBUdWUsIEF1ZyAyMSwgMjAxOCBhdCAwNDo1 Njo1NlBNICswMTAwLCBEYXZpZCBIb3dlbGxzIHdyb3RlOgo+ID4gPiA+IEFkZCBuZXdseSByZWdp c3RlcmVkIFRQTXMgdG8gdGhlIHRhaWwgb2YgdGhlIGxpc3QsIG5vdCB0aGUgYmVnaW5uaW5nLCBz byB0aGF0Cj4gPiA+ID4gdGhpbmdzIHRoYXQgYXJlIHNwZWNpZnlpbmcgVFBNX0FOWV9OVU0gZG9u J3QgZmluZCB0aGF0IHRoZSBkZXZpY2UgdGhleSdyZQo+ID4gPiA+IHVzaW5nIGhhcyBpbmFkdmVy dGVudGx5IGNoYW5nZWQuICBBZGRpbmcgYSBzZWNvbmQgZGV2aWNlIHdvdWxkIGJyZWFrIElNQSwg Zm9yCj4gPiA+ID4gaW5zdGFuY2UuCj4gPiA+ID4gCj4gPiA+ID4gU2lnbmVkLW9mZi1ieTogRGF2 aWQgSG93ZWxscyA8ZGhvd2VsbHNAcmVkaGF0LmNvbT4KPiA+ID4gPiBSZXZpZXdlZC1ieTogSmFz b24gR3VudGhvcnBlIDxqZ3VudGhvcnBlQG9ic2lkaWFucmVzZWFyY2guY29tPgo+ID4gPiA+IFNp Z25lZC1vZmYtYnk6IFBldGVyIEh1ZXdlIDxwZXRlcmh1ZXdlQGdteC5kZT4KPiA+ID4gPiBjYzog c3RhYmxlQHZnZXIua2VybmVsLm9yZwo+ID4gPiA+IC0tLQo+ID4gPiAKPiA+ID4gV2UgcmVhbGx5 IHNob3VsZCBhcHBseSB0aGlzIHBhdGNoLi4uCj4gPiA+IAo+ID4gPiBKYXNvbgo+ID4gCj4gPiBU aGlzIGlzIHRoZSBmaXJzdCB0aW1lIEkgcmVtZW1iZXIgc2VlaW5nIGl0Lgo+IAo+IEF0IGxlYXN0 IGluIHRoZSBzZW5zZSB0aGF0IEkgc2hvdWxkIHJldmlldyBpdC4KCkkgcmVtZW1iZXIgdGhpcyBw YXRjaCwgYmVjYXVzZSBpdCBhZmZlY3RlZCBJTUEuIMKgSXQgaGFzIGFscmVhZHkgYmVlbgp1cHN0 cmVhbWVkIGFzIDM5OGExZTcxZGM4Mi4KCk1pbWkK From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:48050 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727247AbeHXO5L (ORCPT ); Fri, 24 Aug 2018 10:57:11 -0400 Received: from pps.filterd (m0098416.ppops.net [127.0.0.1]) by mx0b-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w7OBEMg4013804 for ; Fri, 24 Aug 2018 07:22:58 -0400 Received: from e06smtp07.uk.ibm.com (e06smtp07.uk.ibm.com [195.75.94.103]) by mx0b-001b2d01.pphosted.com with ESMTP id 2m2dasrjmn-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Fri, 24 Aug 2018 07:22:57 -0400 Received: from localhost by e06smtp07.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 24 Aug 2018 12:22:56 +0100 Subject: Re: [PATCH 01/23] TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev From: Mimi Zohar To: Jarkko Sakkinen , Jason Gunthorpe Cc: David Howells , denkenz@gmail.com, jejb@linux.vnet.ibm.com, keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org Date: Fri, 24 Aug 2018 07:22:39 -0400 In-Reply-To: <20180824062557.GC3584@linux.intel.com> References: <153486700916.13066.12870860668352070081.stgit@warthog.procyon.org.uk> <153486701644.13066.13372706238885253812.stgit@warthog.procyon.org.uk> <20180821183004.GB25543@ziepe.ca> <20180824062434.GB3584@linux.intel.com> <20180824062557.GC3584@linux.intel.com> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Message-Id: <1535109759.19550.355.camel@linux.ibm.com> Sender: linux-integrity-owner@vger.kernel.org List-ID: On Fri, 2018-08-24 at 09:25 +0300, Jarkko Sakkinen wrote: > On Fri, Aug 24, 2018 at 09:24:34AM +0300, Jarkko Sakkinen wrote: > > On Tue, Aug 21, 2018 at 12:30:04PM -0600, Jason Gunthorpe wrote: > > > On Tue, Aug 21, 2018 at 04:56:56PM +0100, David Howells wrote: > > > > Add newly registered TPMs to the tail of the list, not the beginning, so that > > > > things that are specifying TPM_ANY_NUM don't find that the device they're > > > > using has inadvertently changed. Adding a second device would break IMA, for > > > > instance. > > > > > > > > Signed-off-by: David Howells > > > > Reviewed-by: Jason Gunthorpe > > > > Signed-off-by: Peter Huewe > > > > cc: stable@vger.kernel.org > > > > --- > > > > > > We really should apply this patch... > > > > > > Jason > > > > This is the first time I remember seeing it. > > At least in the sense that I should review it. I remember this patch, because it affected IMA. It has already been upstreamed as 398a1e71dc82. Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 From: zohar@linux.ibm.com (Mimi Zohar) Date: Fri, 24 Aug 2018 07:22:39 -0400 Subject: [PATCH 01/23] TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev In-Reply-To: <20180824062557.GC3584@linux.intel.com> References: <153486700916.13066.12870860668352070081.stgit@warthog.procyon.org.uk> <153486701644.13066.13372706238885253812.stgit@warthog.procyon.org.uk> <20180821183004.GB25543@ziepe.ca> <20180824062434.GB3584@linux.intel.com> <20180824062557.GC3584@linux.intel.com> Message-ID: <1535109759.19550.355.camel@linux.ibm.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org On Fri, 2018-08-24 at 09:25 +0300, Jarkko Sakkinen wrote: > On Fri, Aug 24, 2018 at 09:24:34AM +0300, Jarkko Sakkinen wrote: > > On Tue, Aug 21, 2018 at 12:30:04PM -0600, Jason Gunthorpe wrote: > > > On Tue, Aug 21, 2018 at 04:56:56PM +0100, David Howells wrote: > > > > Add newly registered TPMs to the tail of the list, not the beginning, so that > > > > things that are specifying TPM_ANY_NUM don't find that the device they're > > > > using has inadvertently changed. Adding a second device would break IMA, for > > > > instance. > > > > > > > > Signed-off-by: David Howells > > > > Reviewed-by: Jason Gunthorpe > > > > Signed-off-by: Peter Huewe > > > > cc: stable at vger.kernel.org > > > > --- > > > > > > We really should apply this patch... > > > > > > Jason > > > > This is the first time I remember seeing it. > > At least in the sense that I should review it. I remember this patch, because it affected IMA. ?It has already been upstreamed as 398a1e71dc82. Mimi From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Subject: Re: [PATCH 01/23] TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev Date: Fri, 24 Aug 2018 07:22:39 -0400 Message-ID: <1535109759.19550.355.camel@linux.ibm.com> References: <153486700916.13066.12870860668352070081.stgit@warthog.procyon.org.uk> <153486701644.13066.13372706238885253812.stgit@warthog.procyon.org.uk> <20180821183004.GB25543@ziepe.ca> <20180824062434.GB3584@linux.intel.com> <20180824062557.GC3584@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Return-path: In-Reply-To: <20180824062557.GC3584-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Jarkko Sakkinen , Jason Gunthorpe Cc: David Howells , linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-integrity-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, denkenz-Re5JQEeQqe8AvxtiuMwx3w@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net T24gRnJpLCAyMDE4LTA4LTI0IGF0IDA5OjI1ICswMzAwLCBKYXJra28gU2Fra2luZW4gd3JvdGU6 Cj4gT24gRnJpLCBBdWcgMjQsIDIwMTggYXQgMDk6MjQ6MzRBTSArMDMwMCwgSmFya2tvIFNha2tp bmVuIHdyb3RlOgo+ID4gT24gVHVlLCBBdWcgMjEsIDIwMTggYXQgMTI6MzA6MDRQTSAtMDYwMCwg SmFzb24gR3VudGhvcnBlIHdyb3RlOgo+ID4gPiBPbiBUdWUsIEF1ZyAyMSwgMjAxOCBhdCAwNDo1 Njo1NlBNICswMTAwLCBEYXZpZCBIb3dlbGxzIHdyb3RlOgo+ID4gPiA+IEFkZCBuZXdseSByZWdp c3RlcmVkIFRQTXMgdG8gdGhlIHRhaWwgb2YgdGhlIGxpc3QsIG5vdCB0aGUgYmVnaW5uaW5nLCBz byB0aGF0Cj4gPiA+ID4gdGhpbmdzIHRoYXQgYXJlIHNwZWNpZnlpbmcgVFBNX0FOWV9OVU0gZG9u J3QgZmluZCB0aGF0IHRoZSBkZXZpY2UgdGhleSdyZQo+ID4gPiA+IHVzaW5nIGhhcyBpbmFkdmVy dGVudGx5IGNoYW5nZWQuICBBZGRpbmcgYSBzZWNvbmQgZGV2aWNlIHdvdWxkIGJyZWFrIElNQSwg Zm9yCj4gPiA+ID4gaW5zdGFuY2UuCj4gPiA+ID4gCj4gPiA+ID4gU2lnbmVkLW9mZi1ieTogRGF2 aWQgSG93ZWxscyA8ZGhvd2VsbHNAcmVkaGF0LmNvbT4KPiA+ID4gPiBSZXZpZXdlZC1ieTogSmFz b24gR3VudGhvcnBlIDxqZ3VudGhvcnBlQG9ic2lkaWFucmVzZWFyY2guY29tPgo+ID4gPiA+IFNp Z25lZC1vZmYtYnk6IFBldGVyIEh1ZXdlIDxwZXRlcmh1ZXdlQGdteC5kZT4KPiA+ID4gPiBjYzog c3RhYmxlQHZnZXIua2VybmVsLm9yZwo+ID4gPiA+IC0tLQo+ID4gPiAKPiA+ID4gV2UgcmVhbGx5 IHNob3VsZCBhcHBseSB0aGlzIHBhdGNoLi4uCj4gPiA+IAo+ID4gPiBKYXNvbgo+ID4gCj4gPiBU aGlzIGlzIHRoZSBmaXJzdCB0aW1lIEkgcmVtZW1iZXIgc2VlaW5nIGl0Lgo+IAo+IEF0IGxlYXN0 IGluIHRoZSBzZW5zZSB0aGF0IEkgc2hvdWxkIHJldmlldyBpdC4KCkkgcmVtZW1iZXIgdGhpcyBw YXRjaCwgYmVjYXVzZSBpdCBhZmZlY3RlZCBJTUEuIMKgSXQgaGFzIGFscmVhZHkgYmVlbgp1cHN0 cmVhbWVkIGFzIDM5OGExZTcxZGM4Mi4KCk1pbWkKCgotLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0KQ2hl Y2sgb3V0IHRoZSB2aWJyYW50IHRlY2ggY29tbXVuaXR5IG9uIG9uZSBvZiB0aGUgd29ybGQncyBt b3N0CmVuZ2FnaW5nIHRlY2ggc2l0ZXMsIFNsYXNoZG90Lm9yZyEgaHR0cDovL3NkbS5saW5rL3Ns YXNoZG90Cl9fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fCnRw bWRkLWRldmVsIG1haWxpbmcgbGlzdAp0cG1kZC1kZXZlbEBsaXN0cy5zb3VyY2Vmb3JnZS5uZXQK aHR0cHM6Ly9saXN0cy5zb3VyY2Vmb3JnZS5uZXQvbGlzdHMvbGlzdGluZm8vdHBtZGQtZGV2ZWwK