From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org
Subject: Re: [RFC 0/2] add integrity and security to TPM2 transactions
Date: Mon, 05 Mar 2018 07:42:47 -0800 [thread overview]
Message-ID: <1520264567.5312.14.camel@HansenPartnership.com> (raw)
In-Reply-To: <20180305140431.GA9335@ziepe.ca>
On Mon, 2018-03-05 at 07:04 -0700, Jason Gunthorpe wrote:
> On Fri, Mar 02, 2018 at 10:04:54PM -0800, James Bottomley wrote:
> >
> > By now, everybody knows we have a problem with the TPM2_RS_PW easy
> > button on TPM2 in that transactions on the TPM bus can be
> > intercepted and altered. The way to fix this is to use real
> > sessions for HMAC capabilities to ensure integrity and to use
> > parameter and response encryption to ensure confidentiality of the
> > data flowing over the TPM bus.
>
> We have the same issue for TPM1 then right?
Sort of. HMAC authentication isn't optional in TPM1 like it is in
TPM2, so we do already use it (in the trusted keys code, for instance),
so we have less of a problem becasuse it doesn't have the insecure
TPM_RS_PW option.
However, TPM1 also has a specific weakness here in that if you don't
have authority in the object (i.e. no shared secret), the HMAC provides
no protection against an intelligent attacker. The only way to get the
same security as we have with TPM2 in this situation is to use
transport encryption.
Given that sha1 is already compromised, TPM1 has a strictly limited
shelf life, especially as all laptops are being shipped with TPM2 now,
so I don't think it's unreasonable to say if you're worried about this
compromise you should use TPM2.
James
next prev parent reply other threads:[~2018-03-05 15:42 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-03 6:04 [RFC 0/2] add integrity and security to TPM2 transactions James Bottomley
[not found] ` <1520057175.27452.18.camel@HansenPartnership.com>
2018-03-05 11:35 ` [PATCH 1/2] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling Jarkko Sakkinen
2018-03-05 11:50 ` Jarkko Sakkinen
2018-03-05 14:58 ` James Bottomley
2018-03-05 17:41 ` Jarkko Sakkinen
2018-03-05 14:04 ` [RFC 0/2] add integrity and security to TPM2 transactions Jason Gunthorpe
2018-03-05 15:42 ` James Bottomley [this message]
2018-04-08 20:28 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1520264567.5312.14.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jgg@ziepe.ca \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox