From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
<linux-integrity@vger.kernel.org>
Cc: <keyrings@vger.kernel.org>
Subject: Re: [PATCH 0/6] Add policy to sealed keys
Date: Fri, 24 May 2024 16:24:57 +0300 [thread overview]
Message-ID: <D1HWPG2VGX2W.2FN9EC7JTDU9I@kernel.org> (raw)
In-Reply-To: <20240524130459.21510-1-James.Bottomley@HansenPartnership.com>
On Fri May 24, 2024 at 4:04 PM EEST, James Bottomley wrote:
> TPM2 policy is much more complicated than the original TPM 1.2 which
> only supported PCR value binding. TPM2 policy may be a sequence of
> policy statements each of which must be correctly executed and may
> include choices in which set of policy statements will execute
> correctly. The actual policy is identified in the key by a single
> hash, which is the end result of extending all the policy statements.
> However, since it is impossible to reverse engineer the policy
> statements from the hash value, the ASN.1 key format is extended to
> give a broken out list of statements the kernel must execute to get
> the correct policy hash value.
>
> In order to create policy sessions (which are usable as HMAC sessions,
> but also respond to policy statements), the TPM HMAC code is reused to
> create the required policy sessions (while preserving bus security).
> However, because the session hash algorithm must match the name
> algorithm of the sealed data (which is used for the policy hash), the
> TPM session code is changed to use a variable hash algorithm.
>
> The first patch consolidates the hash definitions and conversion
> routines, the second adds both variable hash type and policy support
> and the remaining patches add specific policy statement
> implementations.
>
> James
>
> ---
>
> James Bottomley (6):
> tpm: consolidate TPM to crypto hash algorithm conversion
> tpm: add policy sessions
> KEYS: trusted: add PCR policy to TPM2 keys
> KEYS: trusted: add ability to specify arbitrary policy
> KEYS: trusted: implement counter/timer policy
> KEYS: trusted: add support for TPM keys with signed policy
>
> .../security/keys/trusted-encrypted.rst | 99 ++-
> drivers/char/tpm/tpm2-cmd.c | 8 -
> drivers/char/tpm/tpm2-sessions.c | 313 ++++++---
> include/keys/trusted-type.h | 8 +-
> include/linux/tpm.h | 81 ++-
> security/keys/trusted-keys/Kconfig | 2 +
> security/keys/trusted-keys/Makefile | 3 +
> security/keys/trusted-keys/tpm2-policy.c | 662 ++++++++++++++++++
> security/keys/trusted-keys/tpm2-policy.h | 61 ++
> security/keys/trusted-keys/tpm2key.asn1 | 21 +
> security/keys/trusted-keys/trusted_core.c | 7 +-
> security/keys/trusted-keys/trusted_tpm1.c | 15 +
> security/keys/trusted-keys/trusted_tpm2.c | 206 ++++--
> 13 files changed, 1314 insertions(+), 172 deletions(-)
> create mode 100644 security/keys/trusted-keys/tpm2-policy.c
> create mode 100644 security/keys/trusted-keys/tpm2-policy.h
I'd prefer to this postponed after asymmetric keys and also when
the issues have been fixed from HMAC.
Also I fixed myself some bugs like memory leak and useless WARN
from existing trusted keys code so those needs to be fixed too.
So NAK at the time can be rebased later on top.
BR, Jarkko
prev parent reply other threads:[~2024-05-24 13:25 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-24 13:04 [PATCH 0/6] Add policy to sealed keys James Bottomley
2024-05-24 13:04 ` [PATCH 1/6] tpm: consolidate TPM to crypto hash algorithm conversion James Bottomley
2024-05-24 13:40 ` Jarkko Sakkinen
2024-05-24 13:52 ` Jarkko Sakkinen
2024-05-27 3:45 ` Ben Boeckel
2024-05-27 11:18 ` Jarkko Sakkinen
2024-07-16 11:13 ` Jarkko Sakkinen
2024-05-24 13:04 ` [PATCH 2/6] tpm: add policy sessions James Bottomley
2024-07-16 11:53 ` Jarkko Sakkinen
2024-07-16 14:07 ` Jarkko Sakkinen
2024-07-16 14:08 ` Jarkko Sakkinen
2024-07-16 14:12 ` Jarkko Sakkinen
2024-07-18 2:30 ` James Bottomley
2024-07-19 13:21 ` Jarkko Sakkinen
2024-07-19 13:26 ` Jarkko Sakkinen
2024-05-24 13:04 ` [PATCH 3/6] KEYS: trusted: add PCR policy to TPM2 keys James Bottomley
2024-07-16 12:01 ` Jarkko Sakkinen
2024-05-24 13:04 ` [PATCH 4/6] KEYS: trusted: add ability to specify arbitrary policy James Bottomley
2024-07-16 12:01 ` Jarkko Sakkinen
2024-05-24 13:04 ` [PATCH 5/6] KEYS: trusted: implement counter/timer policy James Bottomley
2024-07-16 12:03 ` Jarkko Sakkinen
2024-05-24 13:04 ` [PATCH 6/6] KEYS: trusted: add support for TPM keys with signed policy James Bottomley
2024-07-16 12:03 ` Jarkko Sakkinen
2024-05-24 13:24 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D1HWPG2VGX2W.2FN9EC7JTDU9I@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).