From: Matthew Garrett <mjg59@srcf.ucam.org>
To: James Bottomley <jejb@linux.ibm.com>
Cc: Matthew Garrett <matthewgarrett@google.com>,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-pm@vger.kernel.org, keyrings@vger.kernel.org,
zohar@linux.ibm.com, jarkko@kernel.org, corbet@lwn.net,
rjw@rjwysocki.net, Matthew Garrett <mjg59@google.com>
Subject: Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use
Date: Sun, 28 Feb 2021 07:59:02 +0000 [thread overview]
Message-ID: <20210228075902.GA9183@codon.org.uk> (raw)
In-Reply-To: <b0c4980c8fad14115daa3040979c52f07f7fbe2c.camel@linux.ibm.com>
On Wed, Feb 24, 2021 at 10:00:53AM -0800, James Bottomley wrote:
> On Sat, 2021-02-20 at 01:32 +0000, Matthew Garrett wrote:
> > Under certain circumstances it might be desirable to enable the
> > creation of TPM-backed secrets that are only accessible to the
> > kernel. In an ideal world this could be achieved by using TPM
> > localities, but these don't appear to be available on consumer
> > systems.
>
> I don't understand this ... the localities seem to work fine on all the
> systems I have ... is this some embedded thing?
I haven't made it work on an HP Z440 or a Lenovo P520. So now I'm
wondering whether having chipsets with TXT support (even if it's turned
off) confuse this point. Sigh. I'd really prefer to use localities than
a PCR, so if it works on client platforms I'd be inclined to say we'll
do a self-test and go for that, and workstation vendors can just
recommend their customers use UPSes or something.
> > An alternative is to simply block userland from modifying one of the
> > resettable PCRs, leaving it available to the kernel. If the kernel
> > ensures that no userland can access the TPM while it is carrying out
> > work, it can reset PCR 23, extend it to an arbitrary value, create or
> > load a secret, and then reset the PCR again. Even if userland somehow
> > obtains the sealed material, it will be unable to unseal it since PCR
> > 23 will never be in the appropriate state.
>
> This seems a bit arbitrary: You're removing this PCR from user space
> accessibility, but PCR 23 is defined as "Application Support" how can
> we be sure no application will actually want to use it (and then fail)?
Absolutely no way of guaranteeing that, and enabling this option is
certainly an ABI break.
> Since PCRs are very scarce, why not use a NV index instead. They're
> still a bounded resource, but most TPMs have far more of them than they
> do PCRs, and the address space is much bigger so picking a nice
> arbitrary 24 bit value reduces the chance of collisions.
How many write cycles do we expect the NV to survive? But I'll find a
client system with a TPM and play with locality support there - maybe we
can just avoid this problem anyway.
next prev parent reply other threads:[~2021-02-28 8:00 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-02-20 1:32 [PATCH 0/9] Enable hibernation when Lockdown is enabled Matthew Garrett
2021-02-20 1:32 ` [PATCH 1/9] tpm: Add support for in-kernel resetting of PCRs Matthew Garrett
2021-02-20 2:52 ` Jarkko Sakkinen
2021-02-20 1:32 ` [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use Matthew Garrett
2021-02-20 3:02 ` Jarkko Sakkinen
2021-02-24 17:12 ` Jarkko Sakkinen
2021-02-24 18:00 ` James Bottomley
2021-02-28 7:59 ` Matthew Garrett [this message]
2021-02-20 1:32 ` [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob Matthew Garrett
2021-02-20 3:05 ` Jarkko Sakkinen
2021-02-22 7:36 ` Matthew Garrett
2021-02-24 17:22 ` Jarkko Sakkinen
2021-02-20 1:32 ` [PATCH 4/9] security: keys: trusted: Store the handle of a loaded key Matthew Garrett
2021-02-20 3:06 ` Jarkko Sakkinen
2021-02-20 1:32 ` [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data Matthew Garrett
2021-02-20 3:09 ` Jarkko Sakkinen
2021-02-21 19:44 ` Ben Boeckel
2021-02-22 7:41 ` Matthew Garrett
2021-02-20 1:32 ` [PATCH 6/9] pm: hibernate: Optionally store and verify a hash of the image Matthew Garrett
2021-05-05 18:18 ` Evan Green
2021-02-20 1:32 ` [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity Matthew Garrett
2021-02-20 2:20 ` Randy Dunlap
2021-02-22 7:41 ` Matthew Garrett
2021-02-20 1:32 ` [PATCH 8/9] pm: hibernate: Verify the digest encryption key Matthew Garrett
2021-02-20 1:32 ` [PATCH 9/9] pm: hibernate: seal the encryption key with a PCR policy Matthew Garrett
2021-05-04 21:56 ` [PATCH 0/9] Enable hibernation when Lockdown is enabled Evan Green
2021-05-05 3:18 ` Jarkko Sakkinen
2021-05-05 3:19 ` Jarkko Sakkinen
2021-05-05 18:02 ` Evan Green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210228075902.GA9183@codon.org.uk \
--to=mjg59@srcf.ucam.org \
--cc=corbet@lwn.net \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mjg59@google.com \
--cc=rjw@rjwysocki.net \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).