From: Jonathan Cameron <Jonathan.Cameron@Huawei.com>
To: Lukas Wunner <lukas@wunner.de>
Cc: Bjorn Helgaas <helgaas@kernel.org>,
David Howells <dhowells@redhat.com>,
Herbert Xu <herbert@gondor.apana.org.au>,
"David S. Miller" <davem@davemloft.net>,
David Woodhouse <dwmw2@infradead.org>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
<linux-pci@vger.kernel.org>, <linux-cxl@vger.kernel.org>,
<linux-coco@lists.linux.dev>, <keyrings@vger.kernel.org>,
<linux-crypto@vger.kernel.org>, <linuxarm@huawei.com>,
David Box <david.e.box@intel.com>,
Dan Williams <dan.j.williams@intel.com>,
"Li, Ming" <ming4.li@intel.com>,
Ilpo Jarvinen <ilpo.jarvinen@linux.intel.com>,
Alistair Francis <alistair.francis@wdc.com>,
Wilfred Mallawa <wilfred.mallawa@wdc.com>,
Damien Le Moal <dlemoal@kernel.org>,
"Alexey Kardashevskiy" <aik@amd.com>,
Dhaval Giani <dhaval.giani@amd.com>,
Gobikrishna Dhanuskodi <gdhanuskodi@nvidia.com>,
Jason Gunthorpe <jgg@nvidia.com>, Peter Gonda <pgonda@google.com>,
Jerome Glisse <jglisse@google.com>,
Sean Christopherson <seanjc@google.com>,
"Alexander Graf" <graf@amazon.com>,
Samuel Ortiz <sameo@rivosinc.com>,
Jonathan Corbet <corbet@lwn.net>
Subject: Re: [PATCH v2 18/18] spdm: Allow control of next requester nonce through sysfs
Date: Thu, 18 Jul 2024 17:11:49 +0100 [thread overview]
Message-ID: <20240718171149.000011b4@Huawei.com> (raw)
In-Reply-To: <ee3248f9f8d60cff9106a5a46c5f5d53ac81e60a.1719771133.git.lukas@wunner.de>
On Sun, 30 Jun 2024 21:53:00 +0200
Lukas Wunner <lukas@wunner.de> wrote:
> Remote attestation services may mistrust the kernel to always use a
> fresh nonce for SPDM authentication.
>
> So allow user space to set the next requester nonce by writing to a
> sysfs attribute.
>
> Signed-off-by: Lukas Wunner <lukas@wunner.de>
> Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
> Cc: Jérôme Glisse <jglisse@google.com>
> Cc: Jason Gunthorpe <jgg@nvidia.com>
Why is the group visibility callback in this patch?
Otherwise looks fine to me,
Jonathan
> ---
> Documentation/ABI/testing/sysfs-devices-spdm | 29 ++++++++++++++++
> lib/spdm/core.c | 1 +
> lib/spdm/req-authenticate.c | 8 ++++-
> lib/spdm/req-sysfs.c | 35 ++++++++++++++++++++
> lib/spdm/spdm.h | 4 +++
> 5 files changed, 76 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/ABI/testing/sysfs-devices-spdm b/Documentation/ABI/testing/sysfs-devices-spdm
> index 5ce34ce10b9c..d315b47b4af0 100644
> --- a/Documentation/ABI/testing/sysfs-devices-spdm
> +++ b/Documentation/ABI/testing/sysfs-devices-spdm
> @@ -216,3 +216,32 @@ Description:
> necessary to parse the SPDM messages in the transcript to find
> and extract the nonces, which is cumbersome. That's why they
> are exposed as separate files.
> +
> +
> +What: /sys/devices/.../signatures/next_requester_nonce
> +Date: June 2024
> +Contact: Lukas Wunner <lukas@wunner.de>
> +Description:
> + If you do not trust the kernel to always use a fresh nonce,
> + write 32 bytes to this file to set the requester nonce used
> + in the next SPDM authentication sequence.
> +
> + Meant for remote attestation services. You are responsible
> + for providing a nonce with sufficient entropy. The kernel
> + only uses the nonce once, so provide a new one every time
> + you reauthenticate the device. If you do not provide a
> + nonce, the kernel generates a random one.
> +
> + After the nonce has been consumed, it becomes readable as
> + the newest [0-9]*_requester_nonce, which proves its usage::
> +
> + # dd if=/dev/random bs=32 count=1 | \
> + tee signatures/next_requester_nonce | hexdump
> + 0000000 e0 77 91 54 bd 56 99 c2 ea 4f 0b 1a 7f ba 6e 59
> + 0000010 8f ee f6 b2 26 82 58 34 9e e5 8c 8a 31 58 29 7e
> +
> + # echo re > authenticated
> +
> + # hexdump $(\ls -t signatures/[0-9]*_requester_nonce | head -1)
> + 0000000 e0 77 91 54 bd 56 99 c2 ea 4f 0b 1a 7f ba 6e 59
> + 0000010 8f ee f6 b2 26 82 58 34 9e e5 8c 8a 31 58 29 7e
> diff --git a/lib/spdm/core.c b/lib/spdm/core.c
> index b6a46bdbb2f9..7371adb7a52f 100644
> --- a/lib/spdm/core.c
> +++ b/lib/spdm/core.c
> @@ -434,6 +434,7 @@ void spdm_destroy(struct spdm_state *spdm_state)
> spdm_reset(spdm_state);
> spdm_destroy_log(spdm_state);
> mutex_destroy(&spdm_state->lock);
> + kfree(spdm_state->next_nonce);
> kfree(spdm_state);
> }
> EXPORT_SYMBOL_GPL(spdm_destroy);
> diff --git a/lib/spdm/req-authenticate.c b/lib/spdm/req-authenticate.c
> index 7c977f5835c1..489fc88de74d 100644
> --- a/lib/spdm/req-authenticate.c
> +++ b/lib/spdm/req-authenticate.c
> @@ -626,7 +626,13 @@ static int spdm_challenge(struct spdm_state *spdm_state, u8 slot, bool verify)
> };
> int rc, length;
>
> - get_random_bytes(&req.nonce, sizeof(req.nonce));
> + if (spdm_state->next_nonce) {
> + memcpy(&req.nonce, spdm_state->next_nonce, sizeof(req.nonce));
> + kfree(spdm_state->next_nonce);
> + spdm_state->next_nonce = NULL;
> + } else {
> + get_random_bytes(&req.nonce, sizeof(req.nonce));
> + }
>
> if (spdm_state->version <= 0x12)
> req_sz = offsetofend(typeof(req), nonce);
> diff --git a/lib/spdm/req-sysfs.c b/lib/spdm/req-sysfs.c
> index c782054f8e18..232d4a00a510 100644
> --- a/lib/spdm/req-sysfs.c
> +++ b/lib/spdm/req-sysfs.c
> @@ -176,13 +176,48 @@ const struct attribute_group spdm_certificates_group = {
>
> /* signatures attributes */
>
> +static umode_t spdm_signatures_are_visible(struct kobject *kobj,
> + struct bin_attribute *a, int n)
> +{
> + struct device *dev = kobj_to_dev(kobj);
> + struct spdm_state *spdm_state = dev_to_spdm_state(dev);
> +
> + if (IS_ERR_OR_NULL(spdm_state))
> + return SYSFS_GROUP_INVISIBLE;
> +
> + return a->attr.mode;
> +}
> +
> +static ssize_t next_requester_nonce_write(struct file *file,
> + struct kobject *kobj,
> + struct bin_attribute *attr,
> + char *buf, loff_t off, size_t count)
> +{
> + struct device *dev = kobj_to_dev(kobj);
> + struct spdm_state *spdm_state = dev_to_spdm_state(dev);
> +
> + guard(mutex)(&spdm_state->lock);
> +
> + if (!spdm_state->next_nonce) {
> + spdm_state->next_nonce = kmalloc(SPDM_NONCE_SZ, GFP_KERNEL);
> + if (!spdm_state->next_nonce)
> + return -ENOMEM;
> + }
> +
> + memcpy(spdm_state->next_nonce + off, buf, count);
> + return count;
> +}
> +static BIN_ATTR_WO(next_requester_nonce, SPDM_NONCE_SZ);
> +
> static struct bin_attribute *spdm_signatures_bin_attrs[] = {
> + &bin_attr_next_requester_nonce,
> NULL
> };
>
> const struct attribute_group spdm_signatures_group = {
> .name = "signatures",
> .bin_attrs = spdm_signatures_bin_attrs,
> + .is_bin_visible = spdm_signatures_are_visible,
> };
>
> static unsigned int spdm_max_log_sz = SZ_16M; /* per device */
> diff --git a/lib/spdm/spdm.h b/lib/spdm/spdm.h
> index 448107c92db7..aa36aa55e718 100644
> --- a/lib/spdm/spdm.h
> +++ b/lib/spdm/spdm.h
> @@ -475,6 +475,9 @@ struct spdm_error_rsp {
> * itself and the transcript with trailing signature.
> * @log_counter: Number of generated log entries so far. Will be prefixed to
> * the sysfs files of the next generated log entry.
> + * @next_nonce: Requester nonce to be used for the next authentication
> + * sequence. Populated from user space through sysfs.
> + * If user space does not provide a nonce, the kernel uses a random one.
> */
> struct spdm_state {
> struct device *dev;
> @@ -521,6 +524,7 @@ struct spdm_state {
> struct list_head log;
> size_t log_sz;
> u32 log_counter;
> + u8 *next_nonce;
> };
>
> extern struct list_head spdm_state_list;
next prev parent reply other threads:[~2024-07-18 16:11 UTC|newest]
Thread overview: 89+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-06-30 19:35 [PATCH v2 00/18] PCI device authentication Lukas Wunner
2024-06-30 19:36 ` [PATCH v2 01/18] X.509: Make certificate parser public Lukas Wunner
2024-07-10 2:46 ` Alistair Francis
2024-06-30 19:37 ` [PATCH v2 02/18] X.509: Parse Subject Alternative Name in certificates Lukas Wunner
2024-07-10 2:48 ` Alistair Francis
2024-06-30 19:38 ` [PATCH v2 03/18] X.509: Move certificate length retrieval into new helper Lukas Wunner
2024-07-10 2:49 ` Alistair Francis
2024-07-18 11:04 ` Jonathan Cameron
2024-06-30 19:39 ` [PATCH v2 04/18] certs: Create blacklist keyring earlier Lukas Wunner
2024-07-10 2:52 ` Alistair Francis
2024-06-30 19:40 ` [PATCH v2 05/18] crypto: akcipher - Support more than one signature encoding Lukas Wunner
2024-06-30 19:41 ` [PATCH v2 06/18] crypto: ecdsa - Support P1363 " Lukas Wunner
2024-06-30 22:10 ` Herbert Xu
2024-07-29 14:27 ` Lukas Wunner
2024-06-30 19:42 ` [PATCH v2 07/18] spdm: Introduce library to authenticate devices Lukas Wunner
2024-06-30 21:29 ` Jeff Johnson
2024-07-08 9:57 ` Alexey Kardashevskiy
2024-07-08 12:54 ` Lukas Wunner
2024-07-09 0:45 ` Alexey Kardashevskiy
2024-07-09 8:49 ` Lukas Wunner
2024-07-09 5:09 ` Dan Williams
2024-07-18 11:42 ` Jonathan Cameron
2024-07-09 15:00 ` Jeff Johnson
2024-07-18 14:24 ` Jonathan Cameron
2024-06-30 19:43 ` [PATCH v2 08/18] PCI/CMA: Authenticate devices on enumeration Lukas Wunner
2024-07-09 18:10 ` Dan Williams
2024-07-09 19:32 ` Lukas Wunner
2024-07-09 23:31 ` Dan Williams
2024-07-11 15:00 ` Lukas Wunner
2024-07-11 17:50 ` Dan Williams
2024-07-12 0:50 ` Damien Le Moal
2024-07-14 8:42 ` Lukas Wunner
2024-07-15 17:21 ` Kees Cook
2024-07-15 18:12 ` Jason Gunthorpe
2024-07-15 20:36 ` Dan Williams
2024-07-15 22:02 ` Jason Gunthorpe
2024-07-15 22:17 ` Damien Le Moal
2024-07-15 23:03 ` Jason Gunthorpe
2024-07-15 23:26 ` Damien Le Moal
2024-07-15 23:42 ` Jason Gunthorpe
2024-07-15 23:57 ` Damien Le Moal
2024-07-16 0:11 ` Jason Gunthorpe
2024-07-16 1:23 ` Dan Williams
2024-07-15 22:50 ` Dan Williams
2024-07-15 23:21 ` Jason Gunthorpe
2024-07-15 23:37 ` Dan Williams
2024-07-15 23:55 ` Jason Gunthorpe
2024-07-16 1:35 ` Dan Williams
2024-07-22 10:19 ` Alexey Kardashevskiy
2024-07-22 12:06 ` Jason Gunthorpe
2024-07-23 4:26 ` Alexey Kardashevskiy
2024-07-23 12:58 ` Jason Gunthorpe
2024-07-15 20:19 ` Dan Williams
2024-07-15 20:08 ` Dan Williams
2024-06-30 19:44 ` [PATCH v2 09/18] PCI/CMA: Validate Subject Alternative Name in certificates Lukas Wunner
2024-07-10 20:35 ` Dan Williams
2024-06-30 19:45 ` [PATCH v2 10/18] PCI/CMA: Reauthenticate devices on reset and resume Lukas Wunner
2024-07-10 3:40 ` Alistair Francis
2024-07-10 23:23 ` Dan Williams
2024-07-18 15:01 ` Jonathan Cameron
2024-06-30 19:46 ` [PATCH v2 11/18] PCI/CMA: Expose in sysfs whether devices are authenticated Lukas Wunner
2024-07-17 23:17 ` Dan Williams
2024-07-18 15:11 ` Jonathan Cameron
2024-06-30 19:47 ` [PATCH v2 12/18] PCI/CMA: Expose certificates in sysfs Lukas Wunner
2024-07-18 2:43 ` Dan Williams
2024-07-18 15:16 ` Jonathan Cameron
2024-07-18 15:19 ` Jonathan Cameron
2024-06-30 19:48 ` [PATCH v2 13/18] sysfs: Allow bin_attributes to be added to groups Lukas Wunner
2024-07-04 10:13 ` Greg Kroah-Hartman
2024-07-12 3:49 ` Alistair Francis
2024-07-18 15:22 ` Jonathan Cameron
2024-06-30 19:49 ` [PATCH v2 14/18] sysfs: Allow symlinks to be added between sibling groups Lukas Wunner
2024-07-04 10:14 ` Greg Kroah-Hartman
2024-07-18 15:36 ` Jonathan Cameron
2024-06-30 19:50 ` [PATCH v2 15/18] PCI/CMA: Expose a log of received signatures in sysfs Lukas Wunner
2024-07-18 15:56 ` Jonathan Cameron
2024-06-30 19:51 ` [PATCH v2 16/18] spdm: Limit memory consumed by log of received signatures Lukas Wunner
2024-07-18 16:03 ` Jonathan Cameron
2024-06-30 19:52 ` [PATCH v2 17/18] spdm: Authenticate devices despite invalid certificate chain Lukas Wunner
2024-07-18 16:08 ` Jonathan Cameron
2024-06-30 19:53 ` [PATCH v2 18/18] spdm: Allow control of next requester nonce through sysfs Lukas Wunner
2024-07-18 16:11 ` Jonathan Cameron [this message]
2024-07-08 9:47 ` [PATCH v2 00/18] PCI device authentication Alexey Kardashevskiy
2024-07-08 13:35 ` Lukas Wunner
2025-02-11 1:30 ` Alexey Kardashevskiy
2025-02-12 16:36 ` Lukas Wunner
2025-05-20 8:35 ` Alexey Kardashevskiy
2025-05-29 5:29 ` Alexey Kardashevskiy
2025-05-29 9:40 ` Lukas Wunner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240718171149.000011b4@Huawei.com \
--to=jonathan.cameron@huawei.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=aik@amd.com \
--cc=alistair.francis@wdc.com \
--cc=corbet@lwn.net \
--cc=dan.j.williams@intel.com \
--cc=davem@davemloft.net \
--cc=david.e.box@intel.com \
--cc=dhaval.giani@amd.com \
--cc=dhowells@redhat.com \
--cc=dlemoal@kernel.org \
--cc=dwmw2@infradead.org \
--cc=gdhanuskodi@nvidia.com \
--cc=graf@amazon.com \
--cc=helgaas@kernel.org \
--cc=herbert@gondor.apana.org.au \
--cc=ilpo.jarvinen@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=jglisse@google.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-coco@lists.linux.dev \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-cxl@vger.kernel.org \
--cc=linux-pci@vger.kernel.org \
--cc=linuxarm@huawei.com \
--cc=lukas@wunner.de \
--cc=ming4.li@intel.com \
--cc=pgonda@google.com \
--cc=sameo@rivosinc.com \
--cc=seanjc@google.com \
--cc=wilfred.mallawa@wdc.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).