lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <C6007C2B-AEFF-4A48-B791-323CDC04266D@amacapital.net>
Date:   Mon, 1 Jun 2020 17:49:03 -0700
From:   Andy Lutomirski <luto@...capital.net>
To:     "Daniel P. Smith" <dpsmith@...rtussolutions.com>
Cc:     Andy Lutomirski <luto@...nel.org>,
        Daniel Kiper <daniel.kiper@...cle.com>,
        Lukasz Hawrylko <lukasz.hawrylko@...ux.intel.com>,
        grub-devel@....org, LKML <linux-kernel@...r.kernel.org>,
        trenchboot-devel@...glegroups.com, X86 ML <x86@...nel.org>,
        alexander.burmashev@...cle.com,
        Andrew Cooper <andrew.cooper3@...rix.com>,
        Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        eric.snowberg@...cle.com, javierm@...hat.com,
        kanth.ghatraju@...cle.com,
        Konrad Rzeszutek Wilk <konrad.wilk@...cle.com>,
        krystian.hebel@...eb.com, michal.zygowski@...eb.com,
        Matthew Garrett <mjg59@...gle.com>, phcoder@...il.com,
        piotr.krol@...eb.com, Peter Jones <pjones@...hat.com>,
        Ross Philipson <ross.philipson@...cle.com>
Subject: Re: [GRUB PATCH RFC 00/18] i386: Intel TXT secure launcher



> On Jun 1, 2020, at 5:14 PM, Daniel P. Smith <dpsmith@...rtussolutions.com> wrote:
> 
> On 6/1/20 3:39 PM, Andy Lutomirski wrote:
>>>> .
> 
> In other words, the log for the relaunch to attest what is currently
> running is really no less useful than using the first launch log to
> attest to the what was running in the first launch.
> 

Maybe it would help if you give some examples of what’s actually in this log and why anyone, Linux or otherwise, cares for any purpose other than debugging.  We’re talking about a log written by something like GRUB, right?  If so, I’m imagining things like:

GRUB: loading such-and-such module
GRUB: loading the other module
GRUB: loading Linux at /boot/vmlinuz-whatever
GRUB: about to do the DRTM launch. Bye-bye.

This is surely useful for debugging.  But, if I understand your security model correctly, it’s untrustworthy in the sense that this all comes from before the DRTM launch and it could have been tampered with by SMM code or even just a malicious USB stick.  Or even a malicious compromised kernel on the same machine. So you could hash this log into a PCR, but I don’t see what you’ve accomplished by doing so.

Or have I misunderstood what this log is?  Perhaps you’re talking about something else entirely.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ