From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org
Cc: linux-crypto@vger.kernel.org, linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 0/6] add integrity and security to TPM2 transactions
Date: Mon, 12 Mar 2018 12:58:27 +0200 [thread overview]
Message-ID: <4aa8a4daf4b2f9f76f86b07bbdcb2f4c06b69a98.camel@linux.intel.com> (raw)
In-Reply-To: <1520720026.4495.11.camel@HansenPartnership.com>
On Sat, 2018-03-10 at 14:13 -0800, James Bottomley wrote:
> By now, everybody knows we have a problem with the TPM2_RS_PW easy
> button on TPM2 in that transactions on the TPM bus can be intercepted
> and altered. The way to fix this is to use real sessions for HMAC
> capabilities to ensure integrity and to use parameter and response
> encryption to ensure confidentiality of the data flowing over the TPM
> bus.
>
> This patch series is about adding a simple API which can ensure the
> above properties as a layered addition to the existing TPM handling
> code. This series now includes protections for PCR extend, getting
> random numbers from the TPM and data sealing and unsealing. It
> therefore eliminates all uses of TPM2_RS_PW in the kernel and adds
> encryption protection to sensitive data flowing into and out of the
> TPM.
>
> This series is also dependent on additions to the crypto subsystem to
> fix problems in the elliptic curve key handling and add the Cipher
> FeedBack encryption scheme:
>
> https://marc.info/?l=linux-crypto-vger&m=151994371015475
>
> In the third version I've added data sealing and unsealing protection,
> apart from one API based problem which means that the way trusted keys
> were protected it's not currently possible to HMAC protect an authority
> that comes with a policy, so the API will have to be extended to fix
> that case
>
> I've verified this using the test suite in the last patch on a VM
> connected to a tpm2 emulator. I also instrumented the emulator to make
> sure the sensitive data was properly encrypted.
>
> James
1. Can I ignore v2 and just review/test this version? I haven't even
peeked into v2 yet.
2. Do you know in which kernel version will the crypto additions land?
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: jarkko.sakkinen@linux.intel.com (Jarkko Sakkinen)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v3 0/6] add integrity and security to TPM2 transactions
Date: Mon, 12 Mar 2018 12:58:27 +0200 [thread overview]
Message-ID: <4aa8a4daf4b2f9f76f86b07bbdcb2f4c06b69a98.camel@linux.intel.com> (raw)
In-Reply-To: <1520720026.4495.11.camel@HansenPartnership.com>
On Sat, 2018-03-10 at 14:13 -0800, James Bottomley wrote:
> By now, everybody knows we have a problem with the TPM2_RS_PW easy
> button on TPM2 in that transactions on the TPM bus can be intercepted
> and altered. The way to fix this is to use real sessions for HMAC
> capabilities to ensure integrity and to use parameter and response
> encryption to ensure confidentiality of the data flowing over the TPM
> bus.
>
> This patch series is about adding a simple API which can ensure the
> above properties as a layered addition to the existing TPM handling
> code. This series now includes protections for PCR extend, getting
> random numbers from the TPM and data sealing and unsealing. It
> therefore eliminates all uses of TPM2_RS_PW in the kernel and adds
> encryption protection to sensitive data flowing into and out of the
> TPM.
>
> This series is also dependent on additions to the crypto subsystem to
> fix problems in the elliptic curve key handling and add the Cipher
> FeedBack encryption scheme:
>
> https://marc.info/?l=linux-crypto-vger&m=151994371015475
>
> In the third version I've added data sealing and unsealing protection,
> apart from one API based problem which means that the way trusted keys
> were protected it's not currently possible to HMAC protect an authority
> that comes with a policy, so the API will have to be extended to fix
> that case
>
> I've verified this using the test suite in the last patch on a VM
> connected to a tpm2 emulator. I also instrumented the emulator to make
> sure the sensitive data was properly encrypted.
>
> James
1. Can I ignore v2 and just review/test this version? I haven't even
peeked into v2 yet.
2. Do you know in which kernel version will the crypto additions land?
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-12 10:58 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-10 22:13 [PATCH v3 0/6] add integrity and security to TPM2 transactions James Bottomley
2018-03-10 22:13 ` James Bottomley
2018-03-10 22:14 ` [PATCH v3 1/6] tpm-buf: create new functions for handling TPM buffers James Bottomley
2018-03-10 22:14 ` James Bottomley
2018-03-12 16:00 ` J Freyensee
2018-03-12 16:00 ` J Freyensee
2018-03-12 17:59 ` James Bottomley
2018-03-12 17:59 ` James Bottomley
2018-03-13 16:00 ` J Freyensee
2018-03-13 16:00 ` J Freyensee
2018-03-16 11:58 ` Jarkko Sakkinen
2018-03-16 11:58 ` Jarkko Sakkinen
2018-03-16 12:02 ` Jarkko Sakkinen
2018-03-16 12:02 ` Jarkko Sakkinen
2018-03-10 22:16 ` [PATCH v3 2/6] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling James Bottomley
2018-03-10 22:16 ` James Bottomley
2018-03-10 22:16 ` [PATCH v3 3/6] tpm2: add hmac checks to tpm2_pcr_extend() James Bottomley
2018-03-10 22:16 ` James Bottomley
2018-03-10 22:17 ` [PATCH v3 4/6] tpm2: add session encryption protection to tpm2_get_random() James Bottomley
2018-03-10 22:17 ` James Bottomley
2018-03-10 22:19 ` [PATCH v3 5/6] trusted keys: Add session encryption protection to the seal/unseal path James Bottomley
2018-03-10 22:19 ` James Bottomley
2018-03-10 22:20 ` [PATCH v3 6/6] tpm2-sessions: NOT FOR COMMITTING add sessions testing James Bottomley
2018-03-10 22:20 ` James Bottomley
2018-03-12 10:58 ` Jarkko Sakkinen [this message]
2018-03-12 10:58 ` [PATCH v3 0/6] add integrity and security to TPM2 transactions Jarkko Sakkinen
2018-03-12 15:57 ` James Bottomley
2018-03-12 15:57 ` James Bottomley
2018-03-16 13:34 ` Jarkko Sakkinen
2018-03-16 13:34 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4aa8a4daf4b2f9f76f86b07bbdcb2f4c06b69a98.camel@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.