lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Sat, 18 May 2024 14:25:24 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Parthiban" <parthiban@...umiz.com>,
 <James.Bottomley@...senPartnership.com>
Cc: <linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
 <peterhuewe@....de>, <jgg@...pe.ca>
Subject: Re: SLB9670 TPM module crash

On Sat May 18, 2024 at 2:21 PM EEST, Parthiban wrote:
> Dear James Bottomley,
>
> The following crash is observed in the current mainline kernel and I have tried the
> git bisect to narrow it down. Bisect points to the below commit, which got merged as
> part of [1]. I tried reverting the below commit and the TPM loads fine.
>
> commit 1b6d7f9eb150305dcb0da4f7101a8d30dcdf0497
> Author: James Bottomley <James.Bottomley@...senPartnership.com>
> Date:   Mon Apr 29 16:28:07 2024 -0400
>
>     tpm: add session encryption protection to tpm2_get_random()
>     
>     If some entity is snooping the TPM bus, they can see the random
>     numbers we're extracting from the TPM and do prediction attacks
>     against their consumers.  Foil this attack by using response
>     encryption to prevent the attacker from seeing the random sequence.
>     
>     Signed-off-by: James Bottomley <James.Bottomley@...senPartnership.com>
>     Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org>
>     Tested-by: Jarkko Sakkinen <jarkko@...nel.org>
>     Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
>
>  drivers/char/tpm/tpm2-cmd.c | 21 +++++++++++++++++----
>  1 file changed, 17 insertions(+), 4 deletions(-)
>
> [   11.551988] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
> [   11.563036] spi_master spi0: will run message pump with realtime priority


Explanation and workaround: https://lore.kernel.org/linux-integrity/D1C1KL7Q27P9.39BH0Z4EMBBUG@kernel.org/

James, this must be fixed by:

diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 7c0486e3199c..2d9e2c860ad9 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -34,7 +34,7 @@ if TCG_TPM

 config TCG_TPM2_HMAC
        bool "Use HMAC and encrypted transactions on the TPM bus"
-       default y
+       default n
        select CRYPTO_ECDH
        select CRYPTO_LIB_AESCFB
        select CRYPTO_LIB_SHA256

Distributors know how to enable this but given the high volumes of small
devices still with TPM, this trend needs to be cutted.

BR, Jarkko


BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ