From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.5 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_MUTT autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 6B2BCC4161D for ; Tue, 20 Nov 2018 12:41:20 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 94F8620831 for ; Tue, 20 Nov 2018 12:41:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 94F8620831 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.intel.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-security-module-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726612AbeKTXKP (ORCPT ); Tue, 20 Nov 2018 18:10:15 -0500 Received: from mga14.intel.com ([192.55.52.115]:33288 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725843AbeKTXKP (ORCPT ); Tue, 20 Nov 2018 18:10:15 -0500 X-Amp-Result: UNKNOWN X-Amp-Original-Verdict: FILE UNKNOWN X-Amp-File-Uploaded: False Received: from fmsmga003.fm.intel.com ([10.253.24.29]) by fmsmga103.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 20 Nov 2018 04:41:18 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.56,257,1539673200"; d="scan'208";a="97701873" Received: from jsakkine-mobl1.tm.intel.com (HELO localhost) ([10.237.50.177]) by FMSMGA003.fm.intel.com with ESMTP; 20 Nov 2018 04:41:16 -0800 Date: Tue, 20 Nov 2018 14:41:16 +0200 From: Jarkko Sakkinen To: James Bottomley Cc: linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, monty.wiseman@ge.com, Monty Wiseman , Matthew Garrett Subject: Re: Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks Message-ID: <20181120124116.GA8813@linux.intel.com> References: <1542648844.2910.9.camel@HansenPartnership.com> <20181120111049.GC14594@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20181120111049.GC14594@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.10.1 (2018-07-13) Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: On Tue, Nov 20, 2018 at 01:10:49PM +0200, Jarkko Sakkinen wrote: > This is basically rewrite of TPM genie paper with extras. Maybe just > shorten it to include the proposed architecture and point to the TPM > Genie paper (which is not in the references at all ATM). > > The way I see it the data validation is way more important than > protecting against physical interposer to be frank. > > The attack scenario would require to open the damn device. For laptop > that would leave physical marks (i.e. evil maid). In a data center with > armed guards I would wish you good luck accomplishing it. It is not > anything like sticking a USB stick and run. > > We can take a fix into Linux with a clean implementation but it needs > to be an opt-in feature because not all users will want to use it. Someone (might have been either Mimi or David Howells but cannot recall) correctly pointed out at LSS 2018 that you could just as easily spy and corrupt RAM if you have a time window to perform this type of attack. /Jarkko