lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Mar 2024 22:07:19 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "David Gstir" <david@...ma-star.at>
Cc: "Mimi Zohar" <zohar@...ux.ibm.com>, "James Bottomley"
 <jejb@...ux.ibm.com>, "Herbert Xu" <herbert@...dor.apana.org.au>, "David S.
 Miller" <davem@...emloft.net>, "Shawn Guo" <shawnguo@...nel.org>, "Jonathan
 Corbet" <corbet@....net>, "Sascha Hauer" <s.hauer@...gutronix.de>,
 "kernel@...gutronix.de" <kernel@...gutronix.de>, "Fabio Estevam"
 <festevam@...il.com>, "NXP Linux Team" <linux-imx@....com>, "Ahmad Fatoum"
 <a.fatoum@...gutronix.de>, "sigma star Kernel Team"
 <upstream+dcp@...ma-star.at>, "David Howells" <dhowells@...hat.com>, "Li
 Yang" <leoyang.li@....com>, "Paul Moore" <paul@...l-moore.com>, "James
 Morris" <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, "Paul E.
 McKenney" <paulmck@...nel.org>, "Randy Dunlap" <rdunlap@...radead.org>,
 "Catalin Marinas" <catalin.marinas@....com>, "Rafael J. Wysocki"
 <rafael.j.wysocki@...el.com>, "Tejun Heo" <tj@...nel.org>, "Steven Rostedt
 (Google)" <rostedt@...dmis.org>, <linux-doc@...r.kernel.org>,
 "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
 "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
 "keyrings@...r.kernel.org" <keyrings@...r.kernel.org>,
 "linux-crypto@...r.kernel.org" <linux-crypto@...r.kernel.org>,
 <linux-arm-kernel@...ts.infradead.org>, <linuxppc-dev@...ts.ozlabs.org>,
 "linux-security-module@...r.kernel.org"
 <linux-security-module@...r.kernel.org>, "Richard Weinberger"
 <richard@....at>, "David Oberhollenzer" <david.oberhollenzer@...ma-star.at>
Subject: Re: [PATCH v6 3/6] KEYS: trusted: Introduce NXP DCP-backed trusted
 keys

On Fri Mar 8, 2024 at 9:17 AM EET, David Gstir wrote:
> Hi Jarkko,
>
> > On 07.03.2024, at 20:30, Jarkko Sakkinen <jarkko@...nel.org> wrote:
>
> [...]
>
> >> +
> >> +static int trusted_dcp_init(void)
> >> +{
> >> + int ret;
> >> +
> >> + if (use_otp_key)
> >> + pr_info("Using DCP OTP key\n");
> >> +
> >> + ret = test_for_zero_key();
> >> + if (ret) {
> >> + pr_err("Test for zero'ed keys failed: %i\n", ret);
> > 
> > I'm not sure whether this should err or warn.
> > 
> > What sort of situations can cause the test the fail (e.g.
> > adversary/interposer, bad configuration etc.).
>
> This occurs when the hardware is not in "secure mode". I.e. it’s a bad configuration issue.
> Once the board is properly configured, this will never trigger again.
> Do you think a warning is better for this then?

Bad configuration is not unexpected configuration so it cannot possibly
be an error situation as far as Linux is considered. So warning is 
appropriate here I'd figure.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ