lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <4AAE981D.2020809@cmu.edu>
Date:	Mon, 14 Sep 2009 15:23:09 -0400
From:	"Jonathan M. McCune" <jonmccune@....edu>
To:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
CC:	Rajiv Andrade <srajiv@...ux.vnet.ibm.com>,
	Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org,
	jbeulich@...ell.com, jmorris@...ei.org,
	tpmdd-devel@...ts.sourceforge.net, m.selhorst@...rix.com,
	Andrew Morton <akpm@...ux-foundation.org>,
	Roland Dreier <rdreier@...co.com>,
	Reiner Sailer <sailer@...ibm.com>
Subject: Re: [tpmdd-devel] [PATCH] TPM: Fixup pubek sysfs file

Inline...

Jason Gunthorpe wrote:
> On Mon, Sep 14, 2009 at 03:34:39PM -0300, Rajiv Andrade wrote:
> 
>>> Thus, fixing the one-item-per-file issues seems reasonable to me. For 
>>> example, changing /sys/devices/platform/tpm_tis/pcrs from a single
>>> multi-entry file to a directory containing files named 0-15 or 0-23 that
>>> each then contain only the relevant 20-byte value seems quite
>>> reasonable. (Today's TPMs contain either 16 or 24 PCRs but future ones
>>> could contain many more.)
> 
>> The number of PCRs of a particular TPM can be retrieved sending it the
>> TPM_GetCapability command, so it's feasible to build this directory
>> structure dynamically (chip independent).
> 
> I think as we've seen, keeping the sysfs stuff working has a real
> cost. So that should be balanced with an actual need. Further, talking
> to the TPM and handling all the parsing properly is a huge complex
> pain, it would be better to have this code gone completely.

The "talking to the TPM" code is indeed somewhat complex, but see my 
comments below regarding IMA (*).

> Can anyone think of a reason why the PCRs should be accessed from
> sysfs? I can't. They are only really useful in connection with other
> complex TPM operations. Userspace can fully access them using the
> relevant TPM calls.

Fair enough, though they are useful in combination with IMA and as a 
sanity check that the driver is working correctly.

> The pubek should definately go, it is useless in 99% of cases.

Seconded.

> The caps file should be split up into 'manufacturer' 'tcg_version'
> (please include the spec rev too!!) and maybe 'firmware_version'. This
> would at least be useful to udev.

Seems reasonable.

* IBM's "Integrity Measurement Architecture (IMA)" is part of the Linux 
kernel as of v2.6.30 (linux-ima.sourceforge.net).  See 
security/integrity/ima/*.  This mechanism can make use of the TPM.  I've 
copied Reiner Sailer, one of the developers of IMA.

IMA can leverage the ability to read and extend PCRs, and its security 
properties derive from that functionality being a part of the kernel. 
PCR reading is currently part of the TPM driver in drivers/char/tpm/tpm.c.

Thus, to the question, "Can we remove the ability of the kernel to send 
TPM commands such as GetCapability and PCRRead?" I believe the answer is 
no. Or at least, not without causing a lot of work for the IMA system. 
Although it may be worth discussing whether this functionality should be 
moved from the driver into IMA.

To the question, "Can we remove the sysfs entries relating to PCRs and 
pubek," I believe the answer is yes, if the resulting complexity 
reduction actually turns out to be significant.

Regards,
-Jon
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ