lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 21 May 2024 10:56:26 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jarkko Sakkinen <jarkko@...nel.org>, linux-integrity@...r.kernel.org
Cc: keyrings@...r.kernel.org, Peter Huewe <peterhuewe@....de>, Jason
 Gunthorpe <jgg@...pe.ca>, Mimi Zohar <zohar@...ux.ibm.com>, David Howells
 <dhowells@...hat.com>, Paul Moore <paul@...l-moore.com>, James Morris
 <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, 
 linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [PATCH] tpm: enable HMAC encryption for only x86-64 and aarch64

On Tue, 2024-05-21 at 17:35 +0300, Jarkko Sakkinen wrote:
> On Tue May 21, 2024 at 5:26 PM EEST, Jarkko Sakkinen wrote:
> > On Tue May 21, 2024 at 5:13 PM EEST, James Bottomley wrote:
> > > On Tue, 2024-05-21 at 17:02 +0300, Jarkko Sakkinen wrote:
> > > > Secondly, it also roots to the null key if a parent is not
> > > > given. So it covers all the basic features of the HMAC patch
> > > > set.
> > > 
> > > I don't think that can work.  The key file would be wrapped to
> > > the parent and the null seed (and hence the wrapping) changes
> > > with every reboot.  If you want a permanent key, it has to be in
> > > one of the accessible permanent hierarchies (storage ideally or
> > > endorsement).
> > 
> > I'm fully aware that null seed is randomized per power cycle.

OK, as long as this gets documented, I'm OK with it

> > The fallback was inherited from James Prestwood's original code and
> > I decided to keep it as a testing feature, and also to test HMAC
> > changes.
> > 
> > If you look at the testing transcript in the cover letter, it
> > should beobvious that a primary key is created in my basic test.
> 
> I think what could be done to it in v3 would be to return -EOPNOTSUPP
> if parent is not defined. I.e. rationale here is that this way the
> empty option is still usable for something in future kernel releases.

You can absolutely have null derived parent keys (I use them for
testing as well).  However, the spec says the parent handle in that
case should be TPM_RH_NULL (i.e. 0x40000007) not zero:

https://www.hansenpartnership.com/draft-bottomley-tpm2-keys.html#name-parent

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ