lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D1FDMULT5YRK.GZOPJ9FZ325R@kernel.org>
Date: Tue, 21 May 2024 17:02:52 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "James Bottomley" <James.Bottomley@...senPartnership.com>,
 <linux-integrity@...r.kernel.org>
Cc: <keyrings@...r.kernel.org>, "Peter Huewe" <peterhuewe@....de>, "Jason
 Gunthorpe" <jgg@...pe.ca>, "Mimi Zohar" <zohar@...ux.ibm.com>, "David
 Howells" <dhowells@...hat.com>, "Paul Moore" <paul@...l-moore.com>, "James
 Morris" <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>,
 <linux-kernel@...r.kernel.org>, <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH] tpm: enable HMAC encryption for only x86-64 and aarch64

On Tue May 21, 2024 at 4:26 PM EEST, James Bottomley wrote:
> On Tue, 2024-05-21 at 16:09 +0300, Jarkko Sakkinen wrote:
> > Let's be more conservative and enable HMAC by default only for the
> > platforms where it immediately makes sense, i.e. x86-64 and aarch64.
> > This can be relaxed later on, and obviously the kconfig option can be
> > set even if not default on a particular arch.
> > 
> > Cc: James Bottomley <James.Bottomley@...senPartnership.com>
> > Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
> > Closes:
> > https://lore.kernel.org/linux-integrity/D1FCAPJSYLTS.R9VC1CXDCIHH@kernel.org/
> > Signed-off-by: Jarkko Sakkinen <jarkko@...nel.org>
> > ---
> >  drivers/char/tpm/Kconfig | 2 +-
> >  1 file changed, 1 insertion(+), 1 deletion(-)
> > 
> > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
> > index e63a6a17793c..19e61dcfcbbe 100644
> > --- a/drivers/char/tpm/Kconfig
> > +++ b/drivers/char/tpm/Kconfig
> > @@ -29,7 +29,7 @@ if TCG_TPM
> >  
> >  config TCG_TPM2_HMAC
> >         bool "Use HMAC and encrypted transactions on the TPM bus"
> > -       default y
> > +       default X86_64 || ARM64
>
> My first instinct is to say that devices in hostile environments (like
> IoT) are likely in the most need of this.  However, it is an
> experimental feature, so I would like to debug it first in the
> environments where it's expected to work, which is desktop and laptop,
> so I'm happy with this:
>
> Acked-by: James Bottomley <James.Bottomley@...senPartnership.com>

Thanks! And agreed but usually for IoT device you probably end up
anyway creating somewhat tuned kconfig. In desktop default on makes
most sense for the moment. I'm also willling to consider relaxing
this later on.

Asymmetric key patch set that I wrapped up together over the weekend
was also pretty extensive test. First, it uses HMAC encryption for
communication to make sure that private key is not eavesdropped.

Secondly, it also roots to the null key if a parent is not given. So
it covers all the basic features of the HMAC patch set.

The only actual bug was a non-critical memory leak from v5.13, which
consumes some dozens of bytes per power cycle in a common use case
for trusted keys (PR already sent to Linus).

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ