lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D1G91ISGEB3K.35SA67CPX59JE@kernel.org>
Date: Wed, 22 May 2024 17:39:36 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "James Bottomley" <James.Bottomley@...senPartnership.com>, "Vitor
 Soares" <ivitro@...il.com>, <linux-integrity@...r.kernel.org>
Cc: <keyrings@...r.kernel.org>, "Peter Huewe" <peterhuewe@....de>, "Jason
 Gunthorpe" <jgg@...pe.ca>, "Mimi Zohar" <zohar@...ux.ibm.com>, "David
 Howells" <dhowells@...hat.com>, "Paul Moore" <paul@...l-moore.com>, "James
 Morris" <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>,
 <linux-kernel@...r.kernel.org>, <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default

On Wed May 22, 2024 at 5:20 PM EEST, James Bottomley wrote:
> On Wed, 2024-05-22 at 17:11 +0300, Jarkko Sakkinen wrote:
> > For tpm_crb we should actually disable HMAC at some point. It is
> > essentially a performance regression for it.
>
> You'd think that, because of the shared buffer and no bus, but you
> never quite know.  For instance several confidential computing early
> implementations used the crb interface set up by qemu (i.e. over shared
> buffers which are readable by the host).  For them the only way to get
> security is with sessions.  Even with the default Intel CRB, the TPM
> transaction isn't handled directly by the main CPU, it's offloaded to
> the ME (which we all know google loves because of its tight security
> boundary).  It is entirely possible to imagine a software interposer
> running in the ME snooping the CRB buffer.  A very different type of
> attack from the LPB interposer, but plausible non the less.
>
> James

Should have put "consider". I've tested with crb and spi and have
not noticed anything get stuck. One more reason to run tests with
that Celeron CPU from 2018...

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ