From: Kees Cook <keescook@chromium.org>
To: Evan Green <evgreen@chromium.org>
Cc: linux-kernel@vger.kernel.org, corbet@lwn.net,
linux-pm@vger.kernel.org, rjw@rjwysocki.net,
gwendal@chromium.org, apronin@chromium.org,
Pavel Machek <pavel@ucw.cz>,
Matthew Garrett <mgarrett@aurora.tech>,
linux-integrity@vger.kernel.org, jejb@linux.ibm.com,
zohar@linux.ibm.com, dlunev@google.com,
Eric Biggers <ebiggers@kernel.org>,
Ben Boeckel <me@benboeckel.net>,
jarkko@kernel.org, Matthew Garrett <matthewgarrett@google.com>,
Matthew Garrett <mjg59@google.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Peter Huewe <peterhuewe@gmx.de>
Subject: Re: [PATCH v4 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use
Date: Fri, 4 Nov 2022 11:27:53 -0700 [thread overview]
Message-ID: <202211041127.55ED2921E5@keescook> (raw)
In-Reply-To: <20221103105558.v4.3.I9ded8c8caad27403e9284dfc78ad6cbd845bc98d@changeid>
On Thu, Nov 03, 2022 at 11:01:11AM -0700, Evan Green wrote:
> From: Matthew Garrett <matthewgarrett@google.com>
>
> Introduce a new Kconfig, TCG_TPM_RESTRICT_PCR, which if enabled
> restricts usermode's ability to extend or reset PCR 23.
>
> Under certain circumstances it might be desirable to enable the creation
> of TPM-backed secrets that are only accessible to the kernel. In an
> ideal world this could be achieved by using TPM localities, but these
> don't appear to be available on consumer systems. An alternative is to
> simply block userland from modifying one of the resettable PCRs, leaving
> it available to the kernel. If the kernel ensures that no userland can
> access the TPM while it is carrying out work, it can reset PCR 23,
> extend it to an arbitrary value, create or load a secret, and then reset
> the PCR again. Even if userland somehow obtains the sealed material, it
> will be unable to unseal it since PCR 23 will never be in the
> appropriate state.
>
> This Kconfig is only properly supported for systems with TPM2 devices.
> For systems with TPM1 devices, having this Kconfig enabled completely
> restricts usermode's access to the TPM. TPM1 contains support for
> tunnelled transports, which usermode could use to smuggle commands
> through that this Kconfig is attempting to restrict.
>
> Link: https://lore.kernel.org/lkml/20210220013255.1083202-3-matthewgarrett@google.com/
> Signed-off-by: Matthew Garrett <mjg59@google.com>
> Signed-off-by: Evan Green <evgreen@chromium.org>
> ---
>
> Changes in v4:
> - Augment the commit message (Jarkko)
>
> Changes in v3:
> - Fix up commit message (Jarkko)
> - tpm2_find_and_validate_cc() was split (Jarkko)
> - Simply fully restrict TPM1 since v2 failed to account for tunnelled
> transport sessions (Stefan and Jarkko).
>
> Changes in v2:
> - Fixed sparse warnings
Since you've changed this patch from the original, I would follow the
same advice I gave here:
https://lore.kernel.org/lkml/202209201620.A886373@keescook/
>
--
Kees Cook
next prev parent reply other threads:[~2022-11-04 18:28 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-11-03 18:01 [PATCH v4 00/11] Encrypted Hibernation Evan Green
2022-11-03 18:01 ` [PATCH v4 01/11] tpm: Add support for in-kernel resetting of PCRs Evan Green
2022-11-03 18:01 ` [PATCH v4 02/11] tpm: Export and rename tpm2_find_and_validate_cc() Evan Green
2022-11-04 18:25 ` Kees Cook
2022-11-07 11:37 ` Jarkko Sakkinen
2022-11-03 18:01 ` [PATCH v4 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use Evan Green
2022-11-04 18:27 ` Kees Cook [this message]
2022-11-07 11:39 ` Jarkko Sakkinen
2022-11-07 18:15 ` Evan Green
2022-11-11 20:04 ` Evan Green
2022-11-23 23:03 ` Jarkko Sakkinen
2022-11-03 18:01 ` [PATCH v4 04/11] security: keys: trusted: Include TPM2 creation data Evan Green
2022-11-04 18:33 ` Kees Cook
2022-11-07 20:11 ` Evan Green
2022-11-10 0:29 ` Evan Green
2022-11-03 18:01 ` [PATCH v4 05/11] security: keys: trusted: Allow storage of PCR values in " Evan Green
2022-11-04 18:34 ` Kees Cook
2022-11-03 18:01 ` [PATCH v4 06/11] security: keys: trusted: Verify " Evan Green
2022-11-04 18:35 ` Kees Cook
2022-11-03 18:01 ` [PATCH v4 07/11] PM: hibernate: Add kernel-based encryption Evan Green
2022-11-04 18:38 ` Kees Cook
2022-11-10 0:29 ` Evan Green
2022-11-07 11:42 ` Jarkko Sakkinen
2022-11-03 18:01 ` [PATCH v4 08/11] PM: hibernate: Use TPM-backed keys to encrypt image Evan Green
2022-11-04 18:41 ` Kees Cook
2022-11-03 18:01 ` [PATCH v4 09/11] PM: hibernate: Mix user key in encrypted hibernate Evan Green
2022-11-04 18:54 ` Kees Cook
2022-11-10 0:30 ` Evan Green
2022-11-10 16:17 ` Kees Cook
2022-11-10 18:32 ` Evan Green
2022-11-03 18:01 ` [PATCH v4 10/11] PM: hibernate: Verify the digest encryption key Evan Green
2022-11-04 19:00 ` Kees Cook
2022-11-10 0:30 ` Evan Green
2022-11-03 18:01 ` [PATCH v4 11/11] PM: hibernate: seal the encryption key with a PCR policy Evan Green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202211041127.55ED2921E5@keescook \
--to=keescook@chromium.org \
--cc=apronin@chromium.org \
--cc=corbet@lwn.net \
--cc=dlunev@google.com \
--cc=ebiggers@kernel.org \
--cc=evgreen@chromium.org \
--cc=gwendal@chromium.org \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=me@benboeckel.net \
--cc=mgarrett@aurora.tech \
--cc=mjg59@google.com \
--cc=pavel@ucw.cz \
--cc=peterhuewe@gmx.de \
--cc=rjw@rjwysocki.net \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).