From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"Gabríel Arthúr Pétursson" <gabriel@system.is>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org
Cc: <keyrings@vger.kernel.org>, "Ard Biesheuvel" <ardb@kernel.org>
Subject: Re: [PATCH v7 12/21] tpm: Add NULL primary creation
Date: Sun, 31 Mar 2024 19:09:42 +0300 [thread overview]
Message-ID: <D082E6E1VBXE.2U3RU4ZKXUZ9A@kernel.org> (raw)
In-Reply-To: <D08273C2C8HD.2QT57ZPAWPS9H@kernel.org>
On Sun Mar 31, 2024 at 7:00 PM EEST, Jarkko Sakkinen wrote:
> On Sat Mar 30, 2024 at 8:48 PM EET, Gabríel Arthúr Pétursson wrote:
> > On Tue, 2024-02-13 at 12:13 -0500, James Bottomley wrote:
> > > + /* unique: key specific; for ECC it is two points */
> > > + tpm_buf_append_u16(&template, 0);
> > > + tpm_buf_append_u16(&template, 0);
> >
> > Shouldn't the points be 32 bytes each in size, filled with zeros?
> >
> > The TCP TPM 2.0 Provisioning Guidance defines the SRK Template as a
> > diff on top of Template L-2 (for ECC keys) as defined in the EK
> > Credential Profile 2.0 document.
> >
> > Template L-2 calls for the X and Y points to be of 32 bytes each,
> > filled with zeros. The Provisioning Guidance does not call for zero-
> > sized points.
> >
> > For example, let's create an ECC Endorsement Key using the standard
> > template then print its name:
> >
> > tpm2_createek -G ecc -c /dev/null -u ./ek.pub
> > tpm2_loadexternal -c n -u ./ek.pub
> >
> > Equivalently using tpm2_createprimary:
> >
> > perl -e 'print "\0"x64' | tpm2_createprimary -C e -o ./ek.pub -G ecc -a 'fixedtpm|fixedparent|sensitivedataorigin|adminwithpolicy|restricted|decrypt' -L 837197674484b3f81a90cc8d46a5d724fd52d76e06520b64f2a1da1b331469aa -u -
> > tpm2_loadexternal -c n -u ./ek.pub
> >
> > You'll find that the key's public modulus matches that of the EK
> > Certificate imprinted by the manufacturer, indicating we got the
> > template correct.
> >
> > To generate a standard SRK key, the TCG TPM2 Provisioning Guidance
> > states we should:
> >
> > 1. set userWithAuth,
> > 2. clear adminWithPolicy
> > 3. set noDA, and
> > 4. clear the authorization policy.
> >
> > There's no mention of alterations to the unique field.
> >
> > Let's also create the key in the null hierarchy:
> >
> > perl -e 'print "\0"x64' | tpm2_createprimary -C n -o ./null.pub -G ecc -a 'fixedtpm|fixedparent|sensitivedataorigin|userwithauth|noda|restricted|decrypt' -u -
> > tpm2_loadexternal -c n -u ./null.pub
> >
> > The name does not match the kernel's name for the null key.
>
> Null key is not provisioned, what is the motivation here?
>
> Not saying no, just asking for details...
>
> There's couple of things that lack in this patch set ATM:
>
> 1. Neither kselftest additions nor not even proper testing
> instructions. Why 21 patches and zero tests? How one should
> decide when the work is "complete"?
> 2. I still don't know what version of QEMU I should patch to
> test corner cases from an URL, which I cannot recall :-)
> Highlights the first issue.
>
> So for the time being the patch set is NAK just because we lack
> clear definition of done here. I revisit it only when I know how
> to test it.
Your feedback was great because it highlights the issue that the
excepted behaviour is non-existent at this point.
BR, Jarkko
next prev parent reply other threads:[~2024-03-31 16:09 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-13 17:13 [PATCH v7 00/21] add integrity and security to TPM2 transactions James Bottomley
2024-02-13 17:13 ` [PATCH v7 01/21] tpm: Remove unused tpm_buf_tag() James Bottomley
2024-02-13 17:13 ` [PATCH v7 02/21] tpm: Remove tpm_send() James Bottomley
2024-02-13 17:13 ` [PATCH v7 03/21] tpm: Move buffer handling from static inlines to real functions James Bottomley
2024-02-13 17:13 ` [PATCH v7 04/21] tpm: Update struct tpm_buf documentation comments James Bottomley
2024-02-13 17:13 ` [PATCH v7 05/21] tpm: Store the length of the tpm_buf data separately James Bottomley
2024-02-13 17:13 ` [PATCH v7 06/21] tpm: TPM2B formatted buffers James Bottomley
2024-02-13 17:13 ` [PATCH v7 07/21] tpm: Add tpm_buf_read_{u8,u16,u32} James Bottomley
2024-02-13 17:13 ` [PATCH v7 08/21] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers James Bottomley
2024-02-13 17:13 ` [PATCH v7 09/21] crypto: lib - implement library version of AES in CFB mode James Bottomley
2024-02-13 17:13 ` [PATCH v7 10/21] tpm: add buffer function to point to returned parameters James Bottomley
2024-02-13 17:13 ` [PATCH v7 11/21] tpm: export the context save and load commands James Bottomley
2024-02-13 17:13 ` [PATCH v7 12/21] tpm: Add NULL primary creation James Bottomley
2024-02-23 15:51 ` Jarkko Sakkinen
2024-04-29 20:10 ` James Bottomley
2024-03-30 18:48 ` Gabríel Arthúr Pétursson
2024-03-31 16:00 ` Jarkko Sakkinen
2024-03-31 16:09 ` Jarkko Sakkinen [this message]
2024-03-31 16:52 ` Gabríel Arthúr Pétursson
2024-04-01 12:57 ` Jarkko Sakkinen
2024-04-01 13:04 ` Jarkko Sakkinen
2024-04-02 19:30 ` Ken Goldman
2024-04-03 15:43 ` Jarkko Sakkinen
2024-04-01 14:19 ` James Bottomley
2024-04-01 16:55 ` James Bottomley
2024-04-01 20:54 ` Jarkko Sakkinen
2024-04-01 20:59 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 13/21] tpm: Add HMAC session start and end functions James Bottomley
2024-02-23 17:02 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 14/21] tpm: Add HMAC session name/handle append James Bottomley
2024-02-23 17:06 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 15/21] tpm: Add the rest of the session HMAC API James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 16/21] tpm: add hmac checks to tpm2_pcr_extend() James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 17/21] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 18/21] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2024-02-23 17:11 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 19/21] tpm: add the null key name as a sysfs export James Bottomley
2024-02-23 17:15 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 20/21] Documentation: add tpm-security.rst James Bottomley
2024-02-13 17:13 ` [PATCH v7 21/21] tpm: disable the TPM if NULL name changes James Bottomley
2024-02-23 18:43 ` Jarkko Sakkinen
2024-02-14 0:13 ` [PATCH v7 00/21] add integrity and security to TPM2 transactions Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D082E6E1VBXE.2U3RU4ZKXUZ9A@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=gabriel@system.is \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).