| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 14 Sep 2009 15:23:09 -0400 From: "Jonathan M. McCune" <jonmccune@....edu> To: Jason Gunthorpe <jgunthorpe@...idianresearch.com> CC: Rajiv Andrade <srajiv@...ux.vnet.ibm.com>, Greg KH <greg@...ah.com>, linux-kernel@...r.kernel.org, jbeulich@...ell.com, jmorris@...ei.org, tpmdd-devel@...ts.sourceforge.net, m.selhorst@...rix.com, Andrew Morton <akpm@...ux-foundation.org>, Roland Dreier <rdreier@...co.com>, Reiner Sailer <sailer@...ibm.com> Subject: Re: [tpmdd-devel] [PATCH] TPM: Fixup pubek sysfs file Inline... Jason Gunthorpe wrote: > On Mon, Sep 14, 2009 at 03:34:39PM -0300, Rajiv Andrade wrote: > >>> Thus, fixing the one-item-per-file issues seems reasonable to me. For >>> example, changing /sys/devices/platform/tpm_tis/pcrs from a single >>> multi-entry file to a directory containing files named 0-15 or 0-23 that >>> each then contain only the relevant 20-byte value seems quite >>> reasonable. (Today's TPMs contain either 16 or 24 PCRs but future ones >>> could contain many more.) > >> The number of PCRs of a particular TPM can be retrieved sending it the >> TPM_GetCapability command, so it's feasible to build this directory >> structure dynamically (chip independent). > > I think as we've seen, keeping the sysfs stuff working has a real > cost. So that should be balanced with an actual need. Further, talking > to the TPM and handling all the parsing properly is a huge complex > pain, it would be better to have this code gone completely. The "talking to the TPM" code is indeed somewhat complex, but see my comments below regarding IMA (*). > Can anyone think of a reason why the PCRs should be accessed from > sysfs? I can't. They are only really useful in connection with other > complex TPM operations. Userspace can fully access them using the > relevant TPM calls. Fair enough, though they are useful in combination with IMA and as a sanity check that the driver is working correctly. > The pubek should definately go, it is useless in 99% of cases. Seconded. > The caps file should be split up into 'manufacturer' 'tcg_version' > (please include the spec rev too!!) and maybe 'firmware_version'. This > would at least be useful to udev. Seems reasonable. * IBM's "Integrity Measurement Architecture (IMA)" is part of the Linux kernel as of v2.6.30 (linux-ima.sourceforge.net). See security/integrity/ima/*. This mechanism can make use of the TPM. I've copied Reiner Sailer, one of the developers of IMA. IMA can leverage the ability to read and extend PCRs, and its security properties derive from that functionality being a part of the kernel. PCR reading is currently part of the TPM driver in drivers/char/tpm/tpm.c. Thus, to the question, "Can we remove the ability of the kernel to send TPM commands such as GetCapability and PCRRead?" I believe the answer is no. Or at least, not without causing a lot of work for the IMA system. Although it may be worth discussing whether this functionality should be moved from the driver into IMA. To the question, "Can we remove the sysfs entries relating to PCRs and pubek," I believe the answer is yes, if the resulting complexity reduction actually turns out to be significant. Regards, -Jon -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists