From: Matthew Garrett <mjg59@srcf.ucam.org>
To: James Bottomley <jejb@linux.ibm.com>
Cc: Matthew Garrett <matthewgarrett@google.com>,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-pm@vger.kernel.org, keyrings@vger.kernel.org,
zohar@linux.ibm.com, jarkko@kernel.org, corbet@lwn.net,
rjw@rjwysocki.net, Matthew Garrett <mjg59@google.com>
Subject: Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use
Date: Sun, 28 Feb 2021 07:59:02 +0000 [thread overview]
Message-ID: <20210228075902.GA9183@codon.org.uk> (raw)
In-Reply-To: <b0c4980c8fad14115daa3040979c52f07f7fbe2c.camel@linux.ibm.com>
On Wed, Feb 24, 2021 at 10:00:53AM -0800, James Bottomley wrote:
> On Sat, 2021-02-20 at 01:32 +0000, Matthew Garrett wrote:
> > Under certain circumstances it might be desirable to enable the
> > creation of TPM-backed secrets that are only accessible to the
> > kernel. In an ideal world this could be achieved by using TPM
> > localities, but these don't appear to be available on consumer
> > systems.
>
> I don't understand this ... the localities seem to work fine on all the
> systems I have ... is this some embedded thing?
I haven't made it work on an HP Z440 or a Lenovo P520. So now I'm
wondering whether having chipsets with TXT support (even if it's turned
off) confuse this point. Sigh. I'd really prefer to use localities than
a PCR, so if it works on client platforms I'd be inclined to say we'll
do a self-test and go for that, and workstation vendors can just
recommend their customers use UPSes or something.
> > An alternative is to simply block userland from modifying one of the
> > resettable PCRs, leaving it available to the kernel. If the kernel
> > ensures that no userland can access the TPM while it is carrying out
> > work, it can reset PCR 23, extend it to an arbitrary value, create or
> > load a secret, and then reset the PCR again. Even if userland somehow
> > obtains the sealed material, it will be unable to unseal it since PCR
> > 23 will never be in the appropriate state.
>
> This seems a bit arbitrary: You're removing this PCR from user space
> accessibility, but PCR 23 is defined as "Application Support" how can
> we be sure no application will actually want to use it (and then fail)?
Absolutely no way of guaranteeing that, and enabling this option is
certainly an ABI break.
> Since PCRs are very scarce, why not use a NV index instead. They're
> still a bounded resource, but most TPMs have far more of them than they
> do PCRs, and the address space is much bigger so picking a nice
> arbitrary 24 bit value reduces the chance of collisions.
How many write cycles do we expect the NV to survive? But I'll find a
client system with a TPM and play with locality support there - maybe we
can just avoid this problem anyway.
next prev parent reply other threads:[~2021-02-28 8:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-20 1:32 [PATCH 0/9] Enable hibernation when Lockdown is enabled Matthew Garrett
2021-02-20 1:32 ` [PATCH 1/9] tpm: Add support for in-kernel resetting of PCRs Matthew Garrett
2021-02-20 2:52 ` Jarkko Sakkinen
2021-02-20 1:32 ` [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use Matthew Garrett
2021-02-20 3:02 ` Jarkko Sakkinen
2021-02-24 17:12 ` Jarkko Sakkinen
2021-02-24 18:00 ` James Bottomley
2021-02-28 7:59 ` Matthew Garrett [this message]
2021-02-20 1:32 ` [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob Matthew Garrett
2021-02-20 3:05 ` Jarkko Sakkinen
2021-02-22 7:36 ` Matthew Garrett
2021-02-24 17:22 ` Jarkko Sakkinen
2021-02-20 1:32 ` [PATCH 4/9] security: keys: trusted: Store the handle of a loaded key Matthew Garrett
2021-02-20 3:06 ` Jarkko Sakkinen
2021-02-20 1:32 ` [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data Matthew Garrett
2021-02-20 3:09 ` Jarkko Sakkinen
2021-02-21 19:44 ` Ben Boeckel
2021-02-22 7:41 ` Matthew Garrett
2021-02-20 1:32 ` [PATCH 6/9] pm: hibernate: Optionally store and verify a hash of the image Matthew Garrett
2021-05-05 18:18 ` Evan Green
2021-02-20 1:32 ` [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity Matthew Garrett
2021-02-20 2:20 ` Randy Dunlap
2021-02-22 7:41 ` Matthew Garrett
2021-02-20 1:32 ` [PATCH 8/9] pm: hibernate: Verify the digest encryption key Matthew Garrett
2021-02-20 1:32 ` [PATCH 9/9] pm: hibernate: seal the encryption key with a PCR policy Matthew Garrett
2021-05-04 21:56 ` [PATCH 0/9] Enable hibernation when Lockdown is enabled Evan Green
2021-05-05 3:18 ` Jarkko Sakkinen
2021-05-05 3:19 ` Jarkko Sakkinen
2021-05-05 18:02 ` Evan Green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210228075902.GA9183@codon.org.uk \
--to=mjg59@srcf.ucam.org \
--cc=corbet@lwn.net \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mjg59@google.com \
--cc=rjw@rjwysocki.net \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.