From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Thomas Gleixner <tglx@linutronix.de>,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Eric Biggers <ebiggers@kernel.org>,
Ross Philipson <ross.philipson@oracle.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
jarkko@kernel.org, jgg@ziepe.ca, nivedita@alum.mit.edu,
herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v9 06/19] x86: Add early SHA-1 support for Secure Launch early measurements
Date: Thu, 29 Aug 2024 04:25:26 +0100 [thread overview]
Message-ID: <Zs/qJsKu3StL3Wzt@srcf.ucam.org> (raw)
In-Reply-To: <CALCETrXQ7rChWLDqTG0+KY7rsfajSPguMnHO1G4VJi_mgwN9Zw@mail.gmail.com>
On Wed, Aug 28, 2024 at 08:17:05PM -0700, Andy Lutomirski wrote:
> Ross et al, can you confirm that your code actually, at least by
> default and with a monstrous warning to anyone who tries to change the
> default, caps SHA1 PCRs if SHA256 is available? And then can we maybe
> all stop hassling the people trying to develop this series about the
> fact that they're doing their best with the obnoxious system that the
> TPM designers gave them?
Presumably this would be dependent upon non-SHA1 banks being enabled?
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
WARNING: multiple messages have this Message-ID (diff)
From: Matthew Garrett <mjg59@srcf.ucam.org>
To: Andy Lutomirski <luto@amacapital.net>
Cc: Thomas Gleixner <tglx@linutronix.de>,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Eric Biggers <ebiggers@kernel.org>,
Ross Philipson <ross.philipson@oracle.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org,
mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
dave.hansen@linux.intel.com, ardb@kernel.org,
James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
jarkko@kernel.org, jgg@ziepe.ca, nivedita@alum.mit.edu,
herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net,
dwmw2@infradead.org, baolu.lu@linux.intel.com,
kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
trenchboot-devel@googlegroups.com
Subject: Re: [PATCH v9 06/19] x86: Add early SHA-1 support for Secure Launch early measurements
Date: Thu, 29 Aug 2024 04:25:26 +0100 [thread overview]
Message-ID: <Zs/qJsKu3StL3Wzt@srcf.ucam.org> (raw)
In-Reply-To: <CALCETrXQ7rChWLDqTG0+KY7rsfajSPguMnHO1G4VJi_mgwN9Zw@mail.gmail.com>
On Wed, Aug 28, 2024 at 08:17:05PM -0700, Andy Lutomirski wrote:
> Ross et al, can you confirm that your code actually, at least by
> default and with a monstrous warning to anyone who tries to change the
> default, caps SHA1 PCRs if SHA256 is available? And then can we maybe
> all stop hassling the people trying to develop this series about the
> fact that they're doing their best with the obnoxious system that the
> TPM designers gave them?
Presumably this would be dependent upon non-SHA1 banks being enabled?
next prev parent reply other threads:[~2024-08-29 3:25 UTC|newest]
Thread overview: 217+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-31 1:03 [PATCH v9 00/19] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 01/19] x86/boot: Place kernel_info at a fixed offset Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 18:18 ` Jarkko Sakkinen
2024-06-04 18:18 ` Jarkko Sakkinen
2024-06-04 20:28 ` ross.philipson
2024-06-04 20:28 ` ross.philipson
2024-05-31 1:03 ` [PATCH v9 02/19] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 03/19] x86: Secure Launch Kconfig Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 04/19] x86: Secure Launch Resource Table header file Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 18:21 ` Jarkko Sakkinen
2024-06-04 18:21 ` Jarkko Sakkinen
2024-06-04 20:31 ` ross.philipson
2024-06-04 20:31 ` ross.philipson
2024-06-04 22:36 ` Jarkko Sakkinen
2024-06-04 22:36 ` Jarkko Sakkinen
2024-06-04 23:00 ` ross.philipson
2024-06-04 23:00 ` ross.philipson
2024-06-05 0:22 ` Jarkko Sakkinen
2024-06-05 0:22 ` Jarkko Sakkinen
2024-06-05 0:27 ` Jarkko Sakkinen
2024-06-05 0:27 ` Jarkko Sakkinen
2024-06-05 2:33 ` ross.philipson
2024-06-05 2:33 ` ross.philipson
2024-06-05 4:04 ` Jarkko Sakkinen
2024-06-05 4:04 ` Jarkko Sakkinen
2024-06-05 19:03 ` ross.philipson
2024-06-05 19:03 ` ross.philipson
2024-06-06 6:02 ` Jarkko Sakkinen
2024-06-06 6:02 ` Jarkko Sakkinen
2024-06-06 16:49 ` ross.philipson
2024-06-06 16:49 ` ross.philipson
2024-06-20 0:18 ` Jarkko Sakkinen
2024-06-20 0:18 ` Jarkko Sakkinen
2024-06-20 16:55 ` ross.philipson
2024-06-20 16:55 ` ross.philipson
2024-05-31 1:03 ` [PATCH v9 05/19] x86: Secure Launch main " Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 18:24 ` Jarkko Sakkinen
2024-06-04 18:24 ` Jarkko Sakkinen
2024-06-04 20:52 ` ross.philipson
2024-06-04 20:52 ` ross.philipson
2024-05-31 1:03 ` [PATCH v9 06/19] x86: Add early SHA-1 support for Secure Launch early measurements Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 2:16 ` Eric Biggers
2024-05-31 2:16 ` Eric Biggers
2024-05-31 13:54 ` Eric W. Biederman
2024-05-31 13:54 ` Eric W. Biederman
2024-08-15 17:38 ` Daniel P. Smith
2024-08-15 17:38 ` Daniel P. Smith
2024-08-15 19:10 ` Thomas Gleixner
2024-08-15 19:10 ` Thomas Gleixner
2024-08-16 10:42 ` Jarkko Sakkinen
2024-08-16 10:42 ` Jarkko Sakkinen
2024-08-16 11:01 ` Andrew Cooper
2024-08-16 11:01 ` Andrew Cooper
2024-08-16 11:22 ` Jarkko Sakkinen
2024-08-16 11:22 ` Jarkko Sakkinen
2024-08-16 18:41 ` Matthew Garrett
2024-08-16 18:41 ` Matthew Garrett
2024-08-19 18:05 ` Jarkko Sakkinen
2024-08-19 18:05 ` Jarkko Sakkinen
2024-08-19 18:24 ` Matthew Garrett
2024-08-19 18:24 ` Matthew Garrett
2024-08-20 15:26 ` Jarkko Sakkinen
2024-08-20 15:26 ` Jarkko Sakkinen
2024-08-22 18:29 ` Daniel P. Smith
2024-08-22 18:29 ` Daniel P. Smith
2026-02-20 15:35 ` Ard Biesheuvel
2026-02-23 23:08 ` Andrew Cooper
2026-02-24 8:25 ` Ard Biesheuvel
2024-08-29 3:17 ` Andy Lutomirski
2024-08-29 3:17 ` Andy Lutomirski
2024-08-29 3:25 ` Matthew Garrett [this message]
2024-08-29 3:25 ` Matthew Garrett
2024-08-29 17:26 ` Andy Lutomirski
2024-08-29 17:26 ` Andy Lutomirski
2024-09-05 1:01 ` Daniel P. Smith
2024-09-05 1:01 ` Daniel P. Smith
2024-09-13 0:34 ` Daniel P. Smith
2024-09-13 0:34 ` Daniel P. Smith
2024-09-14 3:57 ` Andy Lutomirski
2024-09-14 3:57 ` Andy Lutomirski
2024-09-21 18:36 ` Daniel P. Smith
2024-09-21 18:36 ` Daniel P. Smith
2024-09-21 22:40 ` Andy Lutomirski
2024-09-21 22:40 ` Andy Lutomirski
2024-11-02 14:53 ` Daniel P. Smith
2024-11-02 14:53 ` Daniel P. Smith
2024-11-02 16:04 ` James Bottomley
2024-11-02 16:04 ` James Bottomley
2024-11-15 1:17 ` Daniel P. Smith
2024-11-18 18:43 ` Andy Lutomirski
2024-11-18 18:50 ` Andy Lutomirski
2024-11-18 19:12 ` James Bottomley
2024-11-18 20:02 ` Andy Lutomirski
2024-11-21 20:11 ` ross.philipson
2024-11-21 20:54 ` Andy Lutomirski
2024-11-21 22:42 ` Andy Lutomirski
2024-11-22 23:37 ` ross.philipson
2024-12-12 19:56 ` Daniel P. Smith
2024-12-12 22:30 ` Andy Lutomirski
2024-12-14 2:56 ` Daniel P. Smith
2024-05-31 16:18 ` ross.philipson
2024-05-31 16:18 ` ross.philipson
2024-08-27 18:14 ` Eric Biggers
2024-08-27 18:14 ` Eric Biggers
2024-08-28 20:14 ` ross.philipson
2024-08-28 20:14 ` ross.philipson
2024-08-28 23:13 ` Eric Biggers
2024-08-28 23:13 ` Eric Biggers
2024-06-04 18:52 ` Jarkko Sakkinen
2024-06-04 18:52 ` Jarkko Sakkinen
2024-06-04 21:02 ` ross.philipson
2024-06-04 21:02 ` ross.philipson
2024-06-04 22:40 ` Jarkko Sakkinen
2024-06-04 22:40 ` Jarkko Sakkinen
2024-05-31 1:03 ` [PATCH v9 07/19] x86: Add early SHA-256 " Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 08/19] x86: Secure Launch kernel early boot stub Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 11:00 ` Ard Biesheuvel
2024-05-31 11:00 ` Ard Biesheuvel
2024-05-31 13:33 ` Ard Biesheuvel
2024-05-31 13:33 ` Ard Biesheuvel
2024-05-31 14:04 ` Ard Biesheuvel
2024-05-31 14:04 ` Ard Biesheuvel
2024-05-31 16:13 ` Ard Biesheuvel
2024-05-31 16:13 ` Ard Biesheuvel
2024-06-04 17:31 ` ross.philipson
2024-06-04 17:31 ` ross.philipson
2024-06-04 17:24 ` ross.philipson
2024-06-04 17:24 ` ross.philipson
2024-06-04 17:27 ` Ard Biesheuvel
2024-06-04 17:27 ` Ard Biesheuvel
2024-06-04 17:33 ` ross.philipson
2024-06-04 17:33 ` ross.philipson
2024-06-04 20:54 ` Ard Biesheuvel
2024-06-04 20:54 ` Ard Biesheuvel
2024-06-04 21:12 ` ross.philipson
2024-06-04 21:12 ` ross.philipson
2024-06-04 17:14 ` ross.philipson
2024-06-04 17:14 ` ross.philipson
2024-06-04 19:56 ` Jarkko Sakkinen
2024-06-04 19:56 ` Jarkko Sakkinen
2024-06-04 21:09 ` ross.philipson
2024-06-04 21:09 ` ross.philipson
2024-06-04 22:43 ` Jarkko Sakkinen
2024-06-04 22:43 ` Jarkko Sakkinen
2024-05-31 1:03 ` [PATCH v9 09/19] x86: Secure Launch kernel late " Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 19:58 ` Jarkko Sakkinen
2024-06-04 19:58 ` Jarkko Sakkinen
2024-06-04 21:16 ` ross.philipson
2024-06-04 21:16 ` ross.philipson
2024-06-04 22:45 ` Jarkko Sakkinen
2024-06-04 22:45 ` Jarkko Sakkinen
2024-06-04 19:59 ` Jarkko Sakkinen
2024-06-04 19:59 ` Jarkko Sakkinen
2024-06-04 21:17 ` ross.philipson
2024-06-04 21:17 ` ross.philipson
2024-08-12 19:02 ` ross.philipson
2024-08-12 19:02 ` ross.philipson
2024-08-15 18:35 ` Jarkko Sakkinen
2024-08-15 18:35 ` Jarkko Sakkinen
2024-05-31 1:03 ` [PATCH v9 10/19] x86: Secure Launch SMP bringup support Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 20:05 ` Jarkko Sakkinen
2024-06-04 20:05 ` Jarkko Sakkinen
2024-06-04 21:47 ` ross.philipson
2024-06-04 21:47 ` ross.philipson
2024-06-04 22:46 ` Jarkko Sakkinen
2024-06-04 22:46 ` Jarkko Sakkinen
2024-05-31 1:03 ` [PATCH v9 11/19] kexec: Secure Launch kexec SEXIT support Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 12/19] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 13/19] tpm: Protect against locality counter underflow Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 20:12 ` Jarkko Sakkinen
2024-06-04 20:12 ` Jarkko Sakkinen
2024-08-15 18:52 ` Daniel P. Smith
2024-08-15 18:52 ` Daniel P. Smith
2024-05-31 1:03 ` [PATCH v9 14/19] tpm: Ensure tpm is in known state at startup Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 20:14 ` Jarkko Sakkinen
2024-06-04 20:14 ` Jarkko Sakkinen
2024-08-15 19:24 ` Daniel P. Smith
2024-08-15 19:24 ` Daniel P. Smith
2024-05-31 1:03 ` [PATCH v9 15/19] tpm: Make locality requests return consistent values Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 16/19] tpm: Add ability to set the preferred locality the TPM chip uses Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 20:27 ` Jarkko Sakkinen
2024-06-04 20:27 ` Jarkko Sakkinen
2024-06-04 22:14 ` ross.philipson
2024-06-04 22:14 ` ross.philipson
2024-06-04 22:50 ` Jarkko Sakkinen
2024-06-04 22:50 ` Jarkko Sakkinen
2024-06-04 23:04 ` ross.philipson
2024-06-04 23:04 ` ross.philipson
2024-05-31 1:03 ` [PATCH v9 17/19] tpm: Add sysfs interface to allow setting and querying the preferred locality Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-06-04 20:27 ` Jarkko Sakkinen
2024-06-04 20:27 ` Jarkko Sakkinen
2024-05-31 1:03 ` [PATCH v9 18/19] x86: Secure Launch late initcall platform module Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 1:03 ` [PATCH v9 19/19] x86: EFI stub DRTM launch support for Secure Launch Ross Philipson
2024-05-31 1:03 ` Ross Philipson
2024-05-31 11:09 ` Ard Biesheuvel
2024-05-31 11:09 ` Ard Biesheuvel
2024-06-04 17:22 ` ross.philipson
2024-06-04 17:22 ` ross.philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Zs/qJsKu3StL3Wzt@srcf.ucam.org \
--to=mjg59@srcf.ucam.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=andrew.cooper3@citrix.com \
--cc=ardb@kernel.org \
--cc=baolu.lu@linux.intel.com \
--cc=bp@alien8.de \
--cc=corbet@lwn.net \
--cc=dave.hansen@linux.intel.com \
--cc=davem@davemloft.net \
--cc=dpsmith@apertussolutions.com \
--cc=dwmw2@infradead.org \
--cc=ebiederm@xmission.com \
--cc=ebiggers@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=nivedita@alum.mit.edu \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.