lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 05 May 2020 16:38:02 +0200
From:   Lukasz Hawrylko <lukasz.hawrylko@...ux.intel.com>
To:     Daniel Kiper <daniel.kiper@...cle.com>, grub-devel@....org,
        linux-kernel@...r.kernel.org, trenchboot-devel@...glegroups.com,
        x86@...nel.org
Cc:     alexander.burmashev@...cle.com, andrew.cooper3@...rix.com,
        ard.biesheuvel@...aro.org, dpsmith@...rtussolutions.com,
        eric.snowberg@...cle.com, javierm@...hat.com,
        kanth.ghatraju@...cle.com, konrad.wilk@...cle.com,
        krystian.hebel@...eb.com, michal.zygowski@...eb.com,
        mjg59@...gle.com, phcoder@...il.com, pirot.krol@...eb.com,
        pjones@...hat.com, ross.philipson@...cle.com
Subject: Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher

On Tue, 2020-05-05 at 01:21 +0200, Daniel Kiper wrote:
> Hi,
> 
> This is an RFC patchset for the GRUB introducing the Intel TXT secure launcher.
> This is a part of larger work known as the TrenchBoot. Patchset can be split
> into two distinct parts:
>   - 01-12: preparatory patches,
>   - 13-18: the Intel TXT secure launcher itself.
> 
> The initial implementation of the Intel TXT secure launcher works. However,
> there are still some missing bits and pieces, e.g.:
>   - SINIT ACM auto loader,
>   - lack of RMRR support,
>   - lack of support for MLEs larger than 1 GiB,
>   - lack of TPM 1.2 support.
>   - various fixes and cleanups.
> 
> Commands introduced by this patchset: tpm_type, slaunch, slaunch_module (not
> required on server platforms) and slaunch_state (useful for checking platform
> configuration and state; based on tboot's txt-stat).
> 
> Daniel
> 

Hi Daniel

Your patch looks promising, however I have few concerns.

In OS-MLE table there is a buffer for TPM event log, however I see that
you are not using it, but instead allocate space somewhere in the
memory. I am just wondering if, from security perspective, it will be
better to use memory from TXT heap for event log, like we do in TBOOT.

There is a function that verifies if platform is TXT capable
-grub_txt_verify_platform(), it only checks SMX and GETSEC features.
Although BIOS should enforce both VMX and VT-d enabled when enabling
TXT, I think that adding these check here as redundancy may be a good
idea. The same situation is with TPM presence.

I suggest to add possibility to skip TXT launch when last boot ended
with TXT error. This option can avoid boot loops when something goes
wrong.

How will you read LCP from storage? I see that there is slaunch_module
command that currently you are using only for loading SINIT. In the
future it can be expanded to support LCP file too, what do you think?

Do not forget to apply changes required by latest Intel's platforms, you
should check following commits in TBOOT's repository: 2f03b57ffdba,
fe2dddd742dc.

Lukasz

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ