lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 08 Dec 2020 10:02:57 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Jarkko Sakkinen <jarkko@...nel.org>,
        Elaine Palmer <erpalmerny@...il.com>
Cc:     Sumit Garg <sumit.garg@...aro.org>,
        jarkko.sakkinen@...ux.intel.com, jejb@...ux.ibm.com,
        dhowells@...hat.com, jens.wiklander@...aro.org, corbet@....net,
        jmorris@...ei.org, serge@...lyn.com, casey@...aufler-ca.com,
        janne.karhunen@...il.com, daniel.thompson@...aro.org,
        Markus.Wamser@...ed-mode.de, lhinds@...hat.com,
        keyrings@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-security-module@...r.kernel.org, linux-doc@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-arm-kernel@...ts.infradead.org,
        op-tee@...ts.trustedfirmware.org,
        Kenneth Goldman <kgoldman@...ibm.com>, gcwilson@...ux.ibm.com,
        zgu@...ibm.com, stefanb@...ibm.com, NAYNA JAIN1 <naynjain@....com>
Subject: Re: [PATCH v8 3/4] doc: trusted-encrypted: updates with TEE as a
 new trust source

Hi Jarkko,

On Fri, 2020-12-04 at 17:30 +0200, Jarkko Sakkinen wrote:
> On Wed, Dec 02, 2020 at 02:34:07PM -0500, gmail Elaine Palmer wrote:
> > Hi Sumit,  
> > 
> > Thank you for the detailed descriptions and examples of trust sources
> > for Trusted Keys.   A group of us in IBM (Stefan Berger, Ken Goldman,
> > Zhongshu Gu, Nayna Jain, Elaine Palmer, George Wilson, Mimi Zohar)
> > have been doing related work for quite some time, and we have one
> > primary concern and some suggested changes to the document. 
> > 
> > Our primary concern is that describing a TEE as a Trust Source needs
> > to be more specific.   For example, "ARM TrustZone" is not sufficient,
> > but "wolfSSL embedded SSL/TLS library with ARM TrustZone
> > CryptoCell-310" is.  Just because a key is protected by software
> > running in a TEE is not enough to establish trust.  Just like
> > cryptographic modules, a Trust Source should be defined as a specific
> > implementation on specific hardware with well-documented environmental
> > assumptions, dependencies, and threats.
> > 
> > In addition to the above concern, our suggested changes are inline
> > below.
> 
> In order to give a decent review comment it should have two ingredients:
> 
> - Where the existing line of code / text / whatever goes wrong.
> - How it should modified and why that makes sense. And use as plain
>   English and non-academic terms as possible, if it is documentation.
>   Further, scope is only the kernel implementation, no more or no
>   less.
> 
> "do this" is not unfortunately an argument. Feedback is welcome when
> it is supported by something common sensse.

Even after the code is fully debugged, reviewed and tested, our concern
is that people will assume the security guarantees of TEE based trusted
keys to be equivalent to that of a discrete TPM.

> 
> Some meta suggestion of related to email:
> 
> Please also use a proper email client and split your paragraphs into
> at most 80 character lines with new line characters when writing email.
> I prefer to use 72 character line length so that there's some space
> for longer email threads.

Sure, we'll re-post the suggested documentation changes/additions.

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ