Re: Proposed change to tpm driver tpm_pcr_extend

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Ken Goldman <kgold@linux.ibm.com>
To: Monty Wiseman <montywiseman32@gmail.com>,
	linux-integrity@vger.kernel.org, "David (GE Global Research,
	US)" <david.safford@ge.com>
Subject: Re: Proposed change to tpm driver tpm_pcr_extend
Date: Thu, 25 Oct 2018 15:34:40 -0400	[thread overview]
Message-ID: <442debb9-e9bf-ad41-22cf-3de1b5f9db8a@linux.ibm.com> (raw)
In-Reply-To: <CAMHw8A4VfDf9s9RsYKhc0-fp7=twepsG0t-cwZe-rYWHubF1SA@mail.gmail.com>

On 10/24/2018 5:35 AM, Monty Wiseman wrote:
> Option C:
> This is a viable option and may actully be what the caller wants. There actually
> is no rule the all banks must be extended. In fact when "sealing", the
> caller lists

Doesn't not extending a bank open the platform to attack?  Even
if one caller is sealing to one bank, other applications may use a 
different bank.  If that bank was no extended, the caller could extend 
counterfeit measurements and subvert an application.

IMHO, for PCRs that are doing software measurements, the rule should be 
that all allocated banks should be extended.

> the pcr banks they want to seal to. (While is it technically possible
> to provide the
> TPM2_PolicyPCR a mix of banks I don't believe this practical as only
> one expected hash
> is provided as input. We should consider this option.

I'm nearly sure that one can run TPM2_PolicyPCR with multiple banks.

1 - The input parameter pcrDigest is optional.  It permits the caller
to check for correct PCRs early in the policy process.  For example,
it could avoid an unnecessary digital signature or password prompt.

That's why policies should be constructed with policypcr before terms 
that require external input.

2 - The spec Part 1 describes the pcrDigest calculation, and I
don't see anything that mandates only one bank.

     prev parent reply	other threads:[~2018-10-25 19:34 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-24  9:35 Proposed change to tpm driver tpm_pcr_extend Monty Wiseman
2018-10-24 15:05 ` Monty Wiseman
2018-10-25 19:34 ` Ken Goldman [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=442debb9-e9bf-ad41-22cf-3de1b5f9db8a@linux.ibm.com \
    --to=kgold@linux.ibm.com \
    --cc=david.safford@ge.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=montywiseman32@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.