From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <jejb@linux.ibm.com>
Cc: "Zhao, Shirley" <shirley.zhao@intel.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Jonathan Corbet <corbet@lwn.net>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
'Mauro Carvalho Chehab' <mchehab+samsung@kernel.org>,
"Zhu, Bing" <bing.zhu@intel.com>,
"Chen, Luhai" <luhai.chen@intel.com>
Subject: Re: One question about trusted key of keyring in Linux kernel.
Date: Wed, 11 Dec 2019 17:23:59 +0000 [thread overview]
Message-ID: <20191211172345.GB4516@linux.intel.com> (raw)
In-Reply-To: <1575923513.31378.22.camel@linux.ibm.com>
On Mon, Dec 09, 2019 at 12:31:53PM -0800, James Bottomley wrote:
> On Mon, 2019-12-09 at 21:47 +0200, Jarkko Sakkinen wrote:
> > On Mon, Dec 02, 2019 at 10:55:32AM -0800, James Bottomley wrote:
> > > blob but it looks like we need to fix the API. I suppose the good
> > > news is given this failure that we have the opportunity to rewrite
> > > the API since no-one else can have used it for anything because of
> > > this. The
> >
> > I did successfully run this test when I wrote it 5 years ago:
> >
> > https://github.com/jsakkine-intel/tpm2-scripts/blob/master/keyctl-smo
> > ke.sh
> >
> > Given that there is API a way must be found that backwards
> > compatibility
> > is not broken. New format is fine but it must co-exist.
>
> The old API is unsupportable in the combination of policy + auth as I
> already explained. The kernel doesn't have access to the nonces to
> generate the HMAC because the session was created by the user and the
> API has no way to pass them in (plus passing them in would be a huge
> security failure if we tried). Given that Shirley appears to be the
> first person ever to try this, I don't think the old API has grown any
> policy users so its safe to remove it. If we get a complaint, we can
> discuss adding it back.
It works within limits so it can be definitely be maintained for
backwards compatibility.
Also, you are making a claim of the users that we cannot verify.
Finally, the new feature neither handles sessions. You claim that
it could be added later. I have to deny that because until session
handling is there we have no ways to be sure about that.
I see your point but this needs more consideration. It does not
make sense to rush.
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <jejb@linux.ibm.com>
Cc: "Zhao, Shirley" <shirley.zhao@intel.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Jonathan Corbet <corbet@lwn.net>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"keyrings@vger.kernel.org" <keyrings@vger.kernel.org>,
"linux-doc@vger.kernel.org" <linux-doc@vger.kernel.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
'Mauro Carvalho Chehab' <mchehab+samsung@kernel.org>,
"Zhu, Bing" <bing.zhu@intel.com>,
"Chen, Luhai" <luhai.chen@intel.com>
Subject: Re: One question about trusted key of keyring in Linux kernel.
Date: Wed, 11 Dec 2019 19:23:59 +0200 [thread overview]
Message-ID: <20191211172345.GB4516@linux.intel.com> (raw)
In-Reply-To: <1575923513.31378.22.camel@linux.ibm.com>
On Mon, Dec 09, 2019 at 12:31:53PM -0800, James Bottomley wrote:
> On Mon, 2019-12-09 at 21:47 +0200, Jarkko Sakkinen wrote:
> > On Mon, Dec 02, 2019 at 10:55:32AM -0800, James Bottomley wrote:
> > > blob but it looks like we need to fix the API. I suppose the good
> > > news is given this failure that we have the opportunity to rewrite
> > > the API since no-one else can have used it for anything because of
> > > this. The
> >
> > I did successfully run this test when I wrote it 5 years ago:
> >
> > https://github.com/jsakkine-intel/tpm2-scripts/blob/master/keyctl-smo
> > ke.sh
> >
> > Given that there is API a way must be found that backwards
> > compatibility
> > is not broken. New format is fine but it must co-exist.
>
> The old API is unsupportable in the combination of policy + auth as I
> already explained. The kernel doesn't have access to the nonces to
> generate the HMAC because the session was created by the user and the
> API has no way to pass them in (plus passing them in would be a huge
> security failure if we tried). Given that Shirley appears to be the
> first person ever to try this, I don't think the old API has grown any
> policy users so its safe to remove it. If we get a complaint, we can
> discuss adding it back.
It works within limits so it can be definitely be maintained for
backwards compatibility.
Also, you are making a claim of the users that we cannot verify.
Finally, the new feature neither handles sessions. You claim that
it could be added later. I have to deny that because until session
handling is there we have no ways to be sure about that.
I see your point but this needs more consideration. It does not
make sense to rush.
/Jarkko
next prev parent reply other threads:[~2019-12-11 17:23 UTC|newest]
Thread overview: 66+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <A888B25CD99C1141B7C254171A953E8E49094313@shsmsx102.ccr.corp.intel.com>
2019-11-13 15:46 ` One question about trusted key of keyring in Linux kernel Mimi Zohar
2019-11-13 15:46 ` Mimi Zohar
2019-11-26 7:32 ` Zhao, Shirley
2019-11-26 7:32 ` Zhao, Shirley
2019-11-26 19:27 ` Mimi Zohar
2019-11-26 19:27 ` Mimi Zohar
2019-11-27 2:46 ` Zhao, Shirley
2019-11-27 2:46 ` Zhao, Shirley
2019-11-27 15:39 ` Mimi Zohar
2019-11-27 15:39 ` Mimi Zohar
2019-11-29 1:54 ` Zhao, Shirley
2019-11-29 1:54 ` Zhao, Shirley
2019-11-29 23:01 ` Jarkko Sakkinen
2019-11-29 23:01 ` Jarkko Sakkinen
2019-12-02 1:45 ` Zhao, Shirley
2019-12-02 1:45 ` Zhao, Shirley
2019-12-06 21:20 ` Jarkko Sakkinen
2019-12-06 21:20 ` Jarkko Sakkinen
2019-11-27 18:06 ` James Bottomley
2019-11-27 18:06 ` James Bottomley
2019-11-29 1:40 ` Zhao, Shirley
2019-11-29 1:40 ` Zhao, Shirley
2019-11-29 20:05 ` James Bottomley
2019-11-29 20:05 ` James Bottomley
2019-12-02 1:44 ` Zhao, Shirley
2019-12-02 1:44 ` Zhao, Shirley
2019-12-02 4:17 ` James Bottomley
2019-12-02 4:17 ` James Bottomley
2019-12-02 5:55 ` Zhao, Shirley
2019-12-02 5:55 ` Zhao, Shirley
2019-12-02 6:17 ` James Bottomley
2019-12-02 6:17 ` James Bottomley
2019-12-02 6:23 ` Zhao, Shirley
2019-12-02 6:23 ` Zhao, Shirley
2019-12-02 6:44 ` James Bottomley
2019-12-02 6:44 ` James Bottomley
2019-12-02 6:50 ` Zhao, Shirley
2019-12-02 6:50 ` Zhao, Shirley
2019-12-02 18:55 ` James Bottomley
2019-12-02 18:55 ` James Bottomley
2019-12-03 2:11 ` Zhao, Shirley
2019-12-03 2:11 ` Zhao, Shirley
2019-12-03 3:12 ` James Bottomley
2019-12-03 3:12 ` James Bottomley
2019-12-04 3:01 ` Zhao, Shirley
2019-12-04 3:01 ` Zhao, Shirley
2019-12-04 3:33 ` James Bottomley
2019-12-04 3:33 ` James Bottomley
2019-12-04 6:39 ` Zhao, Shirley
2019-12-04 6:39 ` Zhao, Shirley
2019-12-09 19:47 ` Jarkko Sakkinen
2019-12-09 19:47 ` Jarkko Sakkinen
2019-12-09 20:31 ` James Bottomley
2019-12-09 20:31 ` James Bottomley
2019-12-11 17:23 ` Jarkko Sakkinen [this message]
2019-12-11 17:23 ` Jarkko Sakkinen
2019-12-11 17:33 ` Jarkko Sakkinen
2019-12-11 17:33 ` Jarkko Sakkinen
2019-12-11 17:53 ` Jarkko Sakkinen
2019-12-11 17:53 ` Jarkko Sakkinen
2019-12-09 21:18 ` Mimi Zohar
2019-12-09 21:18 ` Mimi Zohar
2019-12-11 17:12 ` Jarkko Sakkinen
2019-12-11 17:12 ` Jarkko Sakkinen
2019-11-14 17:01 ` Jarkko Sakkinen
2019-11-14 17:01 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191211172345.GB4516@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=bing.zhu@intel.com \
--cc=corbet@lwn.net \
--cc=jejb@linux.ibm.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luhai.chen@intel.com \
--cc=mchehab+samsung@kernel.org \
--cc=shirley.zhao@intel.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.