lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20101109064016.GF16307@obsidianresearch.com>
Date:	Mon, 8 Nov 2010 23:40:16 -0700
From:	Jason Gunthorpe <jgunthorpe@...idianresearch.com>
To:	David Safford <safford@...son.ibm.com>
Cc:	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org, keyrings@...ux-nfs.org,
	linux-crypto@...r.kernel.org, David Howells <dhowells@...hat.com>,
	James Morris <jmorris@...ei.org>,
	Rajiv Andrade <srajiv@...ux.vnet.ibm.com>,
	Mimi Zohar <zohar@...ibm.com>
Subject: Re: [PATCH v1.2 3/4] keys: add new trusted key-type

On Mon, Nov 08, 2010 at 01:18:33PM -0500, David Safford wrote:

> This is strictly for convenience in initramfs, so that the trusted
> key can be loaded and locked in a single command, with no need for
> an additional application to extend a PCR. As the the TPM driver 
> already has support for extend, it's a trivial addition.

I guess I imagined that user space would want to extend some PCRs
anyhow with data from the root filesystem before handing over
control. This is not related to your patch at all, just overall how
I'd expect the TPM to be used..

It just seems like really odd functionality. I'm not familiar with the
KH api, but is there any chance now (or in future) that non-root could
access this function?

A few random observations
 - I'm sure someone will say kdoc format should be used for those
   function comments?
 - Using a random value to extend the PCR effectively wastes it
   and creates a tiny risk the random extend could result in 0.
 - It would be nice to formally state the datablob is a
   TPM_STORED_DATA with no embellishments. The expectation is
   userspace can validate the sealInfo prior to loading the
   key.
 - I'm unclear on the merits of using raw random data from the TPM.
   I'd feel much better if this was mixed with random
   from the kernel pool too. Ideally using a FIPS DBRNG transform..
 - Shouldn't all the TPM RPC functions live together in the TPM code
   someplace? You've done a good job of adding many more general
   primitives to build RPC's with.

   FWIW, last time I worked with TPMs I built a RPC code generator
   for this stuff, which if any more are added would be a really smart
   direction to head in.

Cheers,
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ