lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <BCA04D5D9A3B764C9B7405BBA4D4A3C035F2B995@ALPMBAPA12.e2k.ad.ge.com>
Date:   Wed, 9 Oct 2019 12:11:06 +0000
From:   "Safford, David (GE Global Research, US)" <david.safford@...com>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Ken Goldman <kgold@...ux.ibm.com>
CC:     Mimi Zohar <zohar@...ux.ibm.com>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "stable@...r.kernel.org" <stable@...r.kernel.org>,
        "open list:ASYMMETRIC KEYS" <keyrings@...r.kernel.org>,
        "open list:CRYPTO API" <linux-crypto@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()


> From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
> Sent: Tuesday, October 8, 2019 7:54 PM
> To: Ken Goldman <kgold@...ux.ibm.com>
> Cc: Safford, David (GE Global Research, US) <david.safford@...com>; Mimi
> Zohar <zohar@...ux.ibm.com>; linux-integrity@...r.kernel.org;
> stable@...r.kernel.org; open list:ASYMMETRIC KEYS
> <keyrings@...r.kernel.org>; open list:CRYPTO API <linux-
> crypto@...r.kernel.org>; open list <linux-kernel@...r.kernel.org>
> Subject: EXT: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
> 
> On Wed, Oct 09, 2019 at 02:49:35AM +0300, Jarkko Sakkinen wrote:
> > On Mon, Oct 07, 2019 at 06:13:01PM -0400, Ken Goldman wrote:
> > > The TPM library specification states that the TPM must comply with
> > > NIST
> > > SP800-90 A.
> > >
> > > https://trustedcomputinggroup.org/membership/certification/tpm-certi
> > > fied-products/
> > >
> > > shows that the TPMs get third party certification, Common Criteria EAL 4+.
> > >
> > > While it's theoretically possible that an attacker could compromise
> > > both the TPM vendors and the evaluation agencies, we do have EAL 4+
> > > assurance against both 1 and 2.
> >
> > Certifications do not equal to trust.
> 
> And for trusted keys the least trust solution is to do generation with the kernel
> assets and sealing with TPM. With TEE the least trust solution is equivalent.
> 
> Are you proposing that the kernel random number generation should be
> removed? That would be my conclusion of this discussion if I would agree any
> of this (I don't).
> 
> /Jarkko

No one is suggesting that.

You are suggesting changing the documented behavior of trusted keys, and
that would cause problems for some of our use cases. While certification
may not in your mind be equal to trust, it is equal to compliance with 
mandatory regulations.

Perhaps rather than arguing past each other, we should look into 
providing users the ability to choose, as an argument to keyctl?

dave

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ