| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 28 May 2024 04:04:46 +0300 From: "Jarkko Sakkinen" <jarkko@...nel.org> To: "James Bottomley" <James.Bottomley@...senPartnership.com>, "Vitor Soares" <ivitro@...il.com>, <linux-integrity@...r.kernel.org> Cc: <keyrings@...r.kernel.org>, "Peter Huewe" <peterhuewe@....de>, "Jason Gunthorpe" <jgg@...pe.ca>, "Mimi Zohar" <zohar@...ux.ibm.com>, "David Howells" <dhowells@...hat.com>, "Paul Moore" <paul@...l-moore.com>, "James Morris" <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, <linux-kernel@...r.kernel.org>, <linux-security-module@...r.kernel.org> Subject: Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default On Tue May 28, 2024 at 2:44 AM EEST, James Bottomley wrote: > On Tue, 2024-05-28 at 02:17 +0300, Jarkko Sakkinen wrote: > > On Tue May 28, 2024 at 12:36 AM EEST, James Bottomley wrote: > > > On Mon, 2024-05-27 at 22:53 +0300, Jarkko Sakkinen wrote: > > > > On Mon May 27, 2024 at 8:57 PM EEST, James Bottomley wrote: > > > > > On Mon, 2024-05-27 at 18:34 +0300, Jarkko Sakkinen wrote: > > > [...] > > > > > > While looking at code I started to wanted what was the > > > > > > reasoning for adding *undocumented* "TPM2_OA_TMPL" in > > > > > > include/linux/tpm.h.It should really be in tpm2-sessions.c > > > > > > and named something like TPM2_NULL_KEY_OA or similar. > > > > > > > > > > Well, because you asked for it. I originally had all the flags > > > > > spelled out and I'm not a fan of this obscurity, but you have > > > > > to do stuff like this to get patches accepted: > > > > > > > > > > https://lore.kernel.org/linux-integrity/CZCKTWU6ZCC9.2UTEQPEVICYHL@suppilovahvero/ > > > > > > > > I still think the constant does make sense. > > > > > > I'm not so sure. The TCG simply defines it as a collection of > > > flags and every TPM tool set I've seen simply uses a list of flags > > > as well. The original design was that the template would be in > > > this one place and everything else would call into it. I think the > > > reason all template construction looks similar is for ease of > > > auditing (it's easy to get things, particularly the flags, wrong). > > > > > > If it only has one use case, it should be spelled out but if > > > someone else would use it then it should be in the tpm.h shared > > > header. > > > > It is used only in tpm2-sessions.c and for the null key so there it > > should be. And it is also lacking the associated documentation. Now > > both name and context it is used is lost. > > The comment above the whole thing says what it is and where it comes > from: > > /* > * create the template. Note: in order for userspace to > * verify the security of the system, it will have to create > * and certify this NULL primary, meaning all the template > * parameters will have to be identical, so conform exactly to > * the TCG TPM v2.0 Provisioning Guidance for the SRK ECC > * key H template (H has zero size unique points) > */ > > If we put the broken out flags back it's all fully documented. Not the most productive conclusion when refusing to follow properly a trivial request in the review feedback tbh. BR, Jarkko
Powered by blists - more mailing lists