[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAHSSk04asd_ac8KLJYNRyR1Z+fD+iUb+UxjUu0U=HbT1-2R7Ag@mail.gmail.com>
Date: Tue, 3 Jan 2023 13:10:27 -0800
From: Matthew Garrett <mgarrett@...ora.tech>
To: William Roberts <bill.c.roberts@...il.com>
Cc: jejb@...ux.ibm.com, Evan Green <evgreen@...omium.org>,
linux-kernel@...r.kernel.org, corbet@....net,
linux-integrity@...r.kernel.org,
Eric Biggers <ebiggers@...nel.org>, gwendal@...omium.org,
dianders@...omium.org, apronin@...omium.org,
Pavel Machek <pavel@....cz>, Ben Boeckel <me@...boeckel.net>,
rjw@...ysocki.net, Kees Cook <keescook@...omium.org>,
dlunev@...gle.com, zohar@...ux.ibm.com, jarkko@...nel.org,
linux-pm@...r.kernel.org, Matthew Garrett <mjg59@...gle.com>,
Jason Gunthorpe <jgg@...pe.ca>, Peter Huewe <peterhuewe@....de>
Subject: Re: [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to
kernel-only use
On Tue, Jan 3, 2023 at 1:05 PM William Roberts <bill.c.roberts@...il.com> wrote:
> What's the use case of using the creation data and ticket in this
> context? Who gets the
> creationData and the ticket?
> Could a user supplied outsideInfo work? IIRC I saw some patches flying around
> where the sessions will get encrypted and presumably correctly as well. This
> would allow the transfer of that outsideInfo, like the NV Index PCR value to
> be included and integrity protected by the session HMAC.
The goal is to ensure that the key was generated by the kernel. In the
absence of the creation data, an attacker could generate a hibernation
image using their own key and trick the kernel into resuming arbitrary
code. We don't have any way to pass secret data from the hibernate
kernel to the resume kernel, so I don't think there's any easy way to
do it with outsideinfo.
Powered by blists - more mailing lists