From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
<openssl-tpm2-engine@groups.io>,
"Jarkko Sakkinen" <jarkko.sakkinen@iki.fi>
Cc: <linux-integrity@vger.kernel.org>
Subject: Re: [PATCH v2 1/8] tss: Fix handling of TPM_RH_NULL in intel-tss
Date: Mon, 05 Aug 2024 00:28:40 +0300 [thread overview]
Message-ID: <D37G310H9GA0.34YJCKUIISRVS@kernel.org> (raw)
In-Reply-To: <940e5cbca2cf08f7275d5e09d552a8500e18742c.camel@HansenPartnership.com>
On Sun Aug 4, 2024 at 4:42 PM EEST, James Bottomley wrote:
> The design of the intel-tss shim is to hide the difference between the
> internal and the external handles by doing the internal to external
> transform on entry. Unfortunately, the NULL handle (TPM_RH_NULL,
> 40000007) has two possible internal representations depending on
> whether it's used to indicate no session or the null hierarcy.
>
> There is a bug in the intel-tss in that it uses the wrong internal
> NULL handle to try to create the NULL seed primary (and thus fails).
> Now that we're going to be using the NULL primary to salt sessions,
> the Intel TSS shim needs fixing to cope with thi correctly.
>
> The fix is to do the correct transform to the internal hierarchy
> representation on NULL hierarchy creation and to do the session handle
> conversion everywhere else. Additionally remove the intel_handle()
> code which was supposed to do this: it's unused because 0 is never
> passed in as a handle number.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
>
> ---
> v2: reword commit message
>
> ---
> src/include/intel-tss.h | 18 +++++-------------
> 1 file changed, 5 insertions(+), 13 deletions(-)
>
> diff --git a/src/include/intel-tss.h b/src/include/intel-tss.h
> index 1870b4e..5b8db20 100644
> --- a/src/include/intel-tss.h
> +++ b/src/include/intel-tss.h
> @@ -251,14 +251,6 @@ intel_sess_helper(TSS_CONTEXT *tssContext,
> TPM_HANDLE auth, TPMA_SESSION flags)
> TPMA_SESSION_CONTINUESESSION |
> flags);
> }
>
> -static inline TPM_HANDLE
> -intel_handle(TPM_HANDLE h)
> -{
> - if (h == 0)
> - return ESYS_TR_NONE;
> - return h;
> -}
> -
> static inline void
> TSS_Delete(TSS_CONTEXT *tssContext)
> {
> @@ -937,8 +929,10 @@ tpm2_CreatePrimary(TSS_CONTEXT *tssContext,
> TPM_HANDLE primaryHandle,
> TPM2B_PUBLIC *opub;
> TPM_RC rc;
>
> - /* FIXME will generate wrong value for NULL hierarchy */
> - primaryHandle = intel_handle(primaryHandle);
> +
> + /* TPM_RH_NULL is mapped to ESYS_TR_NONE, which won't work
> here */
> + if (primaryHandle == TPM_RH_NULL)
> + primaryHandle = INT_TPM_RH_NULL;
>
> outsideInfo.size = 0;
> creationPcr.count = 0;
> @@ -993,9 +987,7 @@ tpm2_StartAuthSession(TSS_CONTEXT *tssContext,
> TPM_HANDLE tpmKey,
> TPM_HANDLE *sessionHandle,
> const char *bindPassword)
> {
> - bind = intel_handle(bind);
> - tpmKey = intel_handle(tpmKey);
> - if (bind != ESYS_TR_NONE)
> + if (bind != TPM_RH_NULL)
> intel_auth_helper(tssContext, bind, bindPassword);
Not blaming the patch but just have hard time coping this.
The most basic question is probably this: what is the application for
INT_TPM_RH_NULL?
Let's imagine that we have a flow chart describing Intel shim as a state
machine. I decide to shoot it with these three stimulus:
1. INT_TPM_RH_NULL
2. TPM_RH_NULL
3. A valid handle
What happens in each case to its state?
>
> return Esys_StartAuthSession(tssContext, tpmKey, bind,
> ESYS_TR_NONE,
BR, Jarkko
next prev parent reply other threads:[~2024-08-04 21:28 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-02 20:25 [PATCH 0/8] openssl_tpm2_engine: Add attestation functions for primary keys James Bottomley
2024-08-02 20:25 ` [PATCH 1/8] tss: Fix handling of TPM_RH_NULL in intel-tss James Bottomley
2024-08-03 17:08 ` Jarkko Sakkinen
2024-08-03 17:51 ` James Bottomley
2024-08-03 19:31 ` Jarkko Sakkinen
2024-08-03 19:47 ` James Bottomley
2024-08-03 20:43 ` Jarkko Sakkinen
2024-08-04 13:42 ` [PATCH v2 " James Bottomley
2024-08-04 15:37 ` [openssl-tpm2-engine] " James Bottomley
2024-08-04 21:28 ` Jarkko Sakkinen [this message]
2024-08-05 2:48 ` James Bottomley
2024-08-05 11:54 ` Jarkko Sakkinen
2024-08-02 20:26 ` [PATCH 2/8] libcommon: add ability to create a signing primary key James Bottomley
2024-08-02 20:26 ` [PATCH 3/8] libcommon: add bin2hex and tmp2_get_hexname James Bottomley
2024-08-03 17:21 ` Jarkko Sakkinen
2024-08-02 20:26 ` [PATCH 4/8] libcommon: add primary creation from template James Bottomley
2024-08-02 20:26 ` [PATCH 5/8] tss: add tpm2_Certify, tpm2_ActivateCredential and tpm2_PolicyOR James Bottomley
2024-08-02 20:26 ` [PATCH 6/8] tools: add new attest_tpm2_primary command James Bottomley
2024-08-02 20:26 ` [PATCH 7/8] attest_tpm2_primary: add man page James Bottomley
2024-08-02 20:26 ` [PATCH 8/8] tests: add tests for attest_tpm2_primary James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D37G310H9GA0.34YJCKUIISRVS@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=jarkko.sakkinen@iki.fi \
--cc=linux-integrity@vger.kernel.org \
--cc=openssl-tpm2-engine@groups.io \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.