From: Javier Martinez Canillas <javierm@redhat.com>
To: "Roberts, William C" <william.c.roberts@intel.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Peter Huewe <peterhuewe@gmx.de>,
"Tricca, Philip B" <philip.b.tricca@intel.com>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>
Subject: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails
Date: Wed, 22 Nov 2017 10:26:24 +0100 [thread overview]
Message-ID: <600d6778-f155-ea51-64dc-e0041c6943d3@redhat.com> (raw)
In-Reply-To: <476DC76E7D1DF2438D32BFADF679FC563F4BFC0B@ORSMSX115.amr.corp.intel.com>
On 11/21/2017 09:29 PM, Roberts, William C wrote:
[snip]
>>>
>>> Do you agree with Jason's suggestion to send a synthesized TPM command
>>> in the that the command isn't supported?
>>
>> Nope.
>
> We should update the elf loader to make sure that ELF files don't contain
> Incorrect instructions. We shouldn't have this type of policy in the driver
> considering that the tpm is designed to handle it. Obviously you disagree,
> just understand you're wrong :-P
>
I think the sandbox is correct and makes sense to only send well constructed
commands to the TPM. So my RFC patch breaking the sandbox is clearly wrong.
I still do believe that both interfaces (/dev/tpm and /dev/tpmrm) should be
consistent if possible though. In other words, I don't see the value of not
behaving as expected by the spec if this doesn't have security implications
as is the case with the approach suggested by Jason. And the implementation
for sending the synthesized response is also trivial.
The other option that's fixing this in user-space will be a workaround, since
it would either be to check for TPM_RC_SUCCESS instead of TPM_RC_COMMAND_CODE
or make the SAPI library infer that a -EINVAL error means that a command isn't
supported and return a TPM_RC_COMMAND_CODE to the caller.
For completeness, I'll share my patch implementing what Jason suggested, even
when is quite likely that Jarkko won't like it since he has a strong opinion
on this:
next prev parent reply other threads:[~2017-11-22 9:26 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-11-17 10:07 [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails Javier Martinez Canillas
2017-11-17 16:57 ` Jason Gunthorpe
2017-11-17 17:56 ` Javier Martinez Canillas
2017-11-17 17:58 ` Jason Gunthorpe
2017-11-17 18:10 ` Javier Martinez Canillas
2017-11-17 18:17 ` Jason Gunthorpe
2017-11-17 18:34 ` Javier Martinez Canillas
2017-11-17 19:14 ` Roberts, William C
2017-11-17 23:55 ` Jason Gunthorpe
2017-11-18 0:53 ` Javier Martinez Canillas
2017-11-19 15:27 ` Jason Gunthorpe
2017-11-20 9:26 ` Javier Martinez Canillas
2017-11-20 16:14 ` Roberts, William C
2017-11-20 18:02 ` Jason Gunthorpe
2017-11-20 18:04 ` Jason Gunthorpe
2017-12-08 20:03 ` Ken Goldman
2017-12-08 20:18 ` Jason Gunthorpe
2017-12-08 19:58 ` Ken Goldman
2017-11-20 23:15 ` Jarkko Sakkinen
2017-11-21 9:07 ` Javier Martinez Canillas
2017-11-21 9:27 ` Javier Martinez Canillas
2017-11-21 12:30 ` Jarkko Sakkinen
2017-11-21 12:49 ` Javier Martinez Canillas
[not found] ` <DB638850A6A2434A93ECADDA0BC838905F09D5D9@ORSMSX103.amr.corp.intel.com>
2017-11-22 17:16 ` FW: " flihp
2017-11-22 19:25 ` Javier Martinez Canillas
2017-11-26 14:21 ` Jarkko Sakkinen
2017-11-29 11:26 ` Javier Martinez Canillas
2017-11-22 20:13 ` Jason Gunthorpe
2017-12-08 20:16 ` Ken Goldman
2017-12-08 20:20 ` Jason Gunthorpe
2017-11-26 14:18 ` Jarkko Sakkinen
2017-11-26 23:23 ` Javier Martinez Canillas
2017-11-26 14:14 ` Jarkko Sakkinen
2017-11-21 20:29 ` Roberts, William C
2017-11-22 9:26 ` Javier Martinez Canillas [this message]
2017-11-26 14:12 ` Jarkko Sakkinen
2017-11-26 23:19 ` Javier Martinez Canillas
2017-12-08 20:11 ` Ken Goldman
2017-11-26 14:06 ` Jarkko Sakkinen
2017-12-08 20:20 ` Ken Goldman
2017-12-08 21:34 ` Javier Martinez Canillas
2017-12-17 16:47 ` Jarkko Sakkinen
2017-12-17 18:18 ` Javier Martinez Canillas
2017-12-22 17:38 ` Ken Goldman
2017-12-14 13:11 ` Jarkko Sakkinen
2017-12-08 19:51 ` Ken Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=600d6778-f155-ea51-64dc-e0041c6943d3@redhat.com \
--to=javierm@redhat.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgunthorpe@obsidianresearch.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=philip.b.tricca@intel.com \
--cc=william.c.roberts@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox