From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Jarkko Sakkinen" <jarkko@kernel.org>,
"Ignat Korchagin" <ignat@cloudflare.com>
Cc: "James Bottomley" <James.Bottomley@hansenpartnership.com>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"David Howells" <dhowells@redhat.com>,
"Paul Moore" <paul@paul-moore.com>,
"James Morris" <jmorris@namei.org>, <serge@hallyn.com>,
<linux-integrity@vger.kernel.org>, <keyrings@vger.kernel.org>,
<linux-kernel@vger.kernel.org>, <kernel-team@cloudflare.com>
Subject: Re: [RFC PATCH 0/2] TPM derived keys
Date: Tue, 14 May 2024 18:26:14 +0300 [thread overview]
Message-ID: <D19H0UVF3R0O.3N4GLZWFRZ2DO@kernel.org> (raw)
In-Reply-To: <D19GWXHYP2VC.1OY7BOW5LNXVF@kernel.org>
On Tue May 14, 2024 at 6:21 PM EEST, Jarkko Sakkinen wrote:
> On Tue May 14, 2024 at 5:30 PM EEST, Jarkko Sakkinen wrote:
> > On Tue May 14, 2024 at 5:00 PM EEST, Jarkko Sakkinen wrote:
> > > On Tue May 14, 2024 at 4:11 PM EEST, Ignat Korchagin wrote:
> > > > For example, a cheap NAS box with no internal storage (disks connected
> > > > externally via USB). We want:
> > > > * disks to be encrypted and decryptable only by this NAS box
> > >
> > > So how this differs from LUKS2 style, which also systemd supports where
> > > the encryption key is anchored to PCR's? If I took hard drive out of my
> > > Linux box, I could not decrypt it in another machine because of this.
> >
> > Maybe you could replace the real LUKS2 header with a dummy LUKS2
> > header, which would need to be able the describe "do not use this" and
> > e.g. SHA256 of the actual header. And then treat the looked up header as
> > the header when the drive is mounted.
> >
> > LUKS2 would also need to be able to have pre-defined (e.g. kernel
> > command-line or bootconfig) small internal storage, which would be
> > also encrypted with TPM's PRCs containing an array of LUKS2 header
> > and then look up that with SHA256 as the key.
> >
> > Without knowing LUKS2 implementation to me these do not sound reaching
> > the impossible engineer problems so maybe this would be worth of
> > investigating...
>
> Or why you could not just encrypt the whole header with another key
> that is only in that device? Then it would appear as random full
> length.
>
> I.e. unsealing
>
> 1. Decrypt LUKS2 header with TPM2 key
> 2. Use the new resulting header as it was in the place of encrypted
> stored to the external drive.
> 3. Decrypt key from the LUK2S header etc.
Maybe something like:
1. Asymmetric for LUKS2 (just like it is)
2. Additional symmetric key, which is created as non-migratable and stored
to the TPM2 chip. This deciphers the header, i.e. takes the random
away.
BR, Jarkko
next prev parent reply other threads:[~2024-05-14 15:26 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-03 22:16 [RFC PATCH 0/2] TPM derived keys Ignat Korchagin
2024-05-03 22:16 ` [RFC PATCH 1/2] tpm: add some algorithm and constant definitions from the TPM spec Ignat Korchagin
2024-05-14 22:51 ` Jarkko Sakkinen
2024-05-14 22:52 ` Jarkko Sakkinen
2024-05-03 22:16 ` [RFC PATCH 2/2] KEYS: implement derived keys Ignat Korchagin
2024-05-14 23:10 ` Jarkko Sakkinen
2024-05-14 23:44 ` Jarkko Sakkinen
2024-05-15 0:00 ` Jarkko Sakkinen
2024-05-15 6:44 ` Ignat Korchagin
2024-05-15 12:00 ` Jarkko Sakkinen
2024-05-15 12:03 ` Jarkko Sakkinen
2024-05-15 7:26 ` Ignat Korchagin
2024-05-04 0:21 ` [RFC PATCH 0/2] TPM " Jarkko Sakkinen
2024-05-04 13:55 ` Ben Boeckel
2024-05-04 14:51 ` Jarkko Sakkinen
2024-05-04 15:35 ` Jarkko Sakkinen
2024-05-13 17:09 ` Ignat Korchagin
2024-05-13 22:33 ` James Bottomley
2024-05-14 9:50 ` Ignat Korchagin
2024-05-14 14:11 ` James Bottomley
2024-05-14 14:54 ` Ignat Korchagin
2024-05-13 17:11 ` Ignat Korchagin
2024-05-14 0:28 ` Jarkko Sakkinen
2024-05-14 10:05 ` Ignat Korchagin
2024-05-14 12:09 ` Jarkko Sakkinen
2024-05-14 13:11 ` Ignat Korchagin
2024-05-14 14:00 ` Jarkko Sakkinen
2024-05-14 14:30 ` Jarkko Sakkinen
2024-05-14 15:21 ` Jarkko Sakkinen
2024-05-14 15:26 ` Jarkko Sakkinen [this message]
2024-05-14 15:30 ` Ignat Korchagin
2024-05-14 15:42 ` Jarkko Sakkinen
2024-05-14 16:08 ` Ignat Korchagin
2024-05-14 16:22 ` Jarkko Sakkinen
2024-05-14 14:41 ` Ignat Korchagin
2024-05-14 14:45 ` Jarkko Sakkinen
2024-05-14 15:30 ` James Bottomley
2024-05-14 15:38 ` Ignat Korchagin
2024-05-14 15:54 ` James Bottomley
2024-05-14 16:01 ` Ignat Korchagin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D19H0UVF3R0O.3N4GLZWFRZ2DO@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=ignat@cloudflare.com \
--cc=jmorris@namei.org \
--cc=kernel-team@cloudflare.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox