lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <OF67E000CB.22C52D18-ON852574A4.005B9DAA-852574A4.005D08CA@us.ibm.com>
Date:	Wed, 13 Aug 2008 12:56:40 -0400
From:	Mimi Zohar <zohar@...ibm.com>
To:	Greg KH <greg@...ah.com>
Cc:	Christoph Hellwig <hch@...radead.org>,
	Kenneth Goldman <kgoldman@...ibm.com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org,
	linux-security-module-owner@...r.kernel.org
Subject: Re: [PATCH 1/4] integrity: TPM internel kernel interface

linux-security-module-owner@...r.kernel.org wrote on 08/12/2008 07:16:02 
PM:

> On Tue, Aug 12, 2008 at 04:57:31PM -0400, Kenneth Goldman wrote:
> > Christoph Hellwig <hch@...radead.org> wrote on 08/12/2008 03:30:31 PM:
> > 
> > > On Mon, Aug 11, 2008 at 05:13:51PM -0400, Mimi Zohar wrote:
> > > >
> > > > I assume the concern here is that between looking up the chip and
> > actually
> > > >
> > > > using the chip, the TPM chip is disabled/deactivated.  Based on
> > > > discussions
> > > > with Kenneth Goldman, the TCG main specification part2: 
structures,
> > > > require
> > > > that even if the TPM is disabled/deactivated, the command to 
extend the
> > 
> > > > PCR
> > > > will succeed, but the command to read the PCR will fail with an
> > > > appropriate
> > > > error code.
> > >
> > > And what happens when the chip simply goes away due to a hotplug 
action?
> > > Or not even the actual chip goes away but just the chip driver and 
you
> > > now dereference freed memory?
> > 
> > Being a TCG/TPM person, I can only address the first question.  The
> > intent is that the TPM is soldered to the planar/motherboard (the TCG
> > uses the phrase "bound to the platform").  I can't imagine
> > any manufacturer designing a pluggable TPM.  It would subvert PCR
> > measurements and thus attestation, data sealing, etc.
> 
> Load up the fake-php hotplug pci driver and "soft" disconnect it from
> the system :)
> 
> That was easy...
> 
> Note, just because you think your device is always going to be soldered
> to the motherboard, doesn't mean it can't be disconnected at any point
> in time with the kernel running.
>
> Or the module could just be unloaded, that's also a very common thing to
> have happen, right?

This problem only affects the TPM internal kernel interface, if the TPM 
driver is not built-in. For IMA, this is not an issue as the TPM driver 
must be built-in in order to start collecting measurements as soon as 
possible, which is at late_initcall().  I will resolve this problem for 
the general internal kernel interface usage case.

Thanks!

Mimi
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ