From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Gabríel Arthúr Pétursson" <gabriel@system.is>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org
Cc: <keyrings@vger.kernel.org>, "Ard Biesheuvel" <ardb@kernel.org>
Subject: Re: [PATCH v7 12/21] tpm: Add NULL primary creation
Date: Mon, 01 Apr 2024 15:57:22 +0300 [thread overview]
Message-ID: <D08SXGNWN4PG.8KW3OIV7WTIK@kernel.org> (raw)
In-Reply-To: <ea2a3a9a2bea2f1af5565ed32e9584caee2fbecf.camel@system.is>
On Sun Mar 31, 2024 at 7:52 PM EEST, Gabríel Arthúr Pétursson wrote:
> On Sun, 2024-03-31 at 19:00 +0300, Jarkko Sakkinen wrote:
> > Null key is not provisioned, what is the motivation here?
>
> The terms here, to create a key and to provision a key, are almost
> interchangeable. The latter merely implies the additional step of
> saving the key to NVRAM and making it available through a persistent
> handle.
>
> The template, aside from defining what kind of key we want to create,
> is fed into the TPM's KDF used to generate the key. Different template,
> different key.
>
> Userspace will want to recreate the same key the kernel has, thus must
> use the same template. Which template shall be used then?
I don't disagree with you, nor did when sending the first response :-)
Downstream seems to break that guide tho. E.g. Ubuntu uses 0x80100001
NV index for storage key unsealing the key slot with PCR values. I did
some time ago a quick VM install of Ubuntu just to see how it uses TPM2.
I got:
$ sudo tpm2_getcap handles-persistent
- 0x81000001
- 0x81010001
0x81010001 is according to provisioning guide EK handle but Ubuntu uses
it for completely different purpose.
What I would like to understand when it comes to the provisioning guide
is how important it is in reality? I have no information at this point
is e.g. systemd-boot going to follow it but would like to know.
>
> + /*
> + * create the template. Note: in order for userspace to
> + * verify the security of the system, it will have to create
> + * and certify this NULL primary, meaning all the template
> + * parameters will have to be identical, so conform exactly to
> + * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC
> + * key
> + */
>
> The TPM specifications have a standardized set of templates for the
> Endorsement Keys, and a recommendation on a template to
> create/provision the shared SRK.
>
> Why not use that one then, above something else? We are required to use
> a template for key generation after all, might as well pick the one
> most fitting from the standards.
>
> That's at least my understanding of the author's motivation.
Yeah, not necessarily disagree with this or I'm somewhat aligned to this
view. Ubuntu's architecture confuses me so would like to understand the
magnitude of the provisioning guide.
>
> > So for the time being the patch set is NAK just because we lack
> > clear definition of done here. I revisit it only when I know how
> > to test it.
>
> I want to note that I'm not affiliated with the patches' author. I'm
> merely an outside observer who has taken interest in the proposed
> changes. Wanted to share my thoughts.
BR, Jarkko
next prev parent reply other threads:[~2024-04-01 12:57 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-13 17:13 [PATCH v7 00/21] add integrity and security to TPM2 transactions James Bottomley
2024-02-13 17:13 ` [PATCH v7 01/21] tpm: Remove unused tpm_buf_tag() James Bottomley
2024-02-13 17:13 ` [PATCH v7 02/21] tpm: Remove tpm_send() James Bottomley
2024-02-13 17:13 ` [PATCH v7 03/21] tpm: Move buffer handling from static inlines to real functions James Bottomley
2024-02-13 17:13 ` [PATCH v7 04/21] tpm: Update struct tpm_buf documentation comments James Bottomley
2024-02-13 17:13 ` [PATCH v7 05/21] tpm: Store the length of the tpm_buf data separately James Bottomley
2024-02-13 17:13 ` [PATCH v7 06/21] tpm: TPM2B formatted buffers James Bottomley
2024-02-13 17:13 ` [PATCH v7 07/21] tpm: Add tpm_buf_read_{u8,u16,u32} James Bottomley
2024-02-13 17:13 ` [PATCH v7 08/21] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers James Bottomley
2024-02-13 17:13 ` [PATCH v7 09/21] crypto: lib - implement library version of AES in CFB mode James Bottomley
2024-02-13 17:13 ` [PATCH v7 10/21] tpm: add buffer function to point to returned parameters James Bottomley
2024-02-13 17:13 ` [PATCH v7 11/21] tpm: export the context save and load commands James Bottomley
2024-02-13 17:13 ` [PATCH v7 12/21] tpm: Add NULL primary creation James Bottomley
2024-02-23 15:51 ` Jarkko Sakkinen
2024-04-29 20:10 ` James Bottomley
2024-03-30 18:48 ` Gabríel Arthúr Pétursson
2024-03-31 16:00 ` Jarkko Sakkinen
2024-03-31 16:09 ` Jarkko Sakkinen
2024-03-31 16:52 ` Gabríel Arthúr Pétursson
2024-04-01 12:57 ` Jarkko Sakkinen [this message]
2024-04-01 13:04 ` Jarkko Sakkinen
2024-04-02 19:30 ` Ken Goldman
2024-04-03 15:43 ` Jarkko Sakkinen
2024-04-01 14:19 ` James Bottomley
2024-04-01 16:55 ` James Bottomley
2024-04-01 20:54 ` Jarkko Sakkinen
2024-04-01 20:59 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 13/21] tpm: Add HMAC session start and end functions James Bottomley
2024-02-23 17:02 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 14/21] tpm: Add HMAC session name/handle append James Bottomley
2024-02-23 17:06 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 15/21] tpm: Add the rest of the session HMAC API James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 16/21] tpm: add hmac checks to tpm2_pcr_extend() James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 17/21] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 18/21] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2024-02-23 17:11 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 19/21] tpm: add the null key name as a sysfs export James Bottomley
2024-02-23 17:15 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 20/21] Documentation: add tpm-security.rst James Bottomley
2024-02-13 17:13 ` [PATCH v7 21/21] tpm: disable the TPM if NULL name changes James Bottomley
2024-02-23 18:43 ` Jarkko Sakkinen
2024-02-14 0:13 ` [PATCH v7 00/21] add integrity and security to TPM2 transactions Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D08SXGNWN4PG.8KW3OIV7WTIK@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=gabriel@system.is \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.