[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20230514191150.GA17168@srcf.ucam.org>
Date: Sun, 14 May 2023 20:11:50 +0100
From: Matthew Garrett <mjg59@...f.ucam.org>
To: Eric Biggers <ebiggers@...nel.org>
Cc: Andrew Cooper <andrew.cooper3@...rix.com>,
Ard Biesheuvel <ardb@...nel.org>,
Ross Philipson <ross.philipson@...cle.com>,
linux-kernel@...r.kernel.org, x86@...nel.org,
linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
linux-crypto@...r.kernel.org, iommu@...ts.linux-foundation.org,
kexec@...ts.infradead.org, linux-efi@...r.kernel.org,
dpsmith@...rtussolutions.com, tglx@...utronix.de, mingo@...hat.com,
bp@...en8.de, hpa@...or.com, James.Bottomley@...senpartnership.com,
luto@...capital.net, nivedita@...m.mit.edu,
kanth.ghatraju@...cle.com, trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v6 06/14] x86: Add early SHA support for Secure Launch
early measurements
On Sun, May 14, 2023 at 11:18:17AM -0700, Eric Biggers wrote:
> On Fri, May 12, 2023 at 01:24:22PM +0100, Andrew Cooper wrote:
> > You're suggesting that because Linux has been slow to take D-RTM over
> > the past decade, you're going to intentionally break people with older
> > hardware just because you don't feel like using an older algorithm?
> >
> > That's about the worst possible reason to not take support.
> >
> > There really are people in the world with older TPM 1.2 systems where
> > this D-RTM using SHA1 only is an improvement over using the incumbent tboot.
> >
> > ~Andrew
>
> This patchset is proposing a new kernel feature. So by definition, there are no
> existing users of it that can be broken.
The patchset reimplements a more extensible version of an existing
feature which people already consume, and presumably people will be
encouraged to transition to it. There is plenty of hardware that
supports this feature that only implements SHA-1. If you want to propose
that the kernel not implement any functionality that uses deprecated
hash algorithms then that seems like a larger conversation rather than
one that should focus on a single pachset.
Powered by blists - more mailing lists