lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <14fc2ce22d224f05f4d382cd22f5242297e9fb86.camel@HansenPartnership.com>
Date: Wed, 11 Sep 2024 08:06:27 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: "Xing, Cedric" <cedric.xing@...el.com>, Jean-Philippe Brucker
	 <jean-philippe@...aro.org>
Cc: Dan Williams <dan.j.williams@...el.com>, Samuel Ortiz
 <sameo@...osinc.com>,  Lukas Wunner <lukas@...ner.de>, Dionna Amalie Glaze
 <dionnaglaze@...gle.com>, Qinkun Bao <qinkun@...gle.com>,  Mikko Ylinen
 <mikko.ylinen@...ux.intel.com>, Kuppuswamy Sathyanarayanan
 <sathyanarayanan.kuppuswamy@...ux.intel.com>, linux-kernel@...r.kernel.org,
  linux-coco@...ts.linux.dev, suzuki.poulose@....com, sami.mujawar@....com
Subject: Re: [PATCH RFC 0/3] tsm: Unified Measurement Register ABI for TVMs

On Tue, 2024-09-10 at 23:01 -0500, Xing, Cedric wrote:
> On 9/10/2024 12:09 PM, Jean-Philippe Brucker wrote:
> > Hi Cedric,
> > 
> > On Sat, Sep 07, 2024 at 11:56:18PM -0500, Cedric Xing wrote:
> > > Patch 2 introduces event log support for RTMRs, addressing the
> > > fact that the standalone values of RTMRs, which represent the
> > > cumulative digests of sequential events, are not fully
> > > informative on their own.
> > 
> > Would each event_log include the events that firmware wrote before
> > Linux?
>  
> No. The log format proposed here is textual and incompatible with
> TCG2 log format.
> 
> The proposed log format is based on the CoCo event log - 
> https://github.com/confidential-containers/guest-components/issues/495
> .

Given that AMD is planning to use the SVSM-vTPM for post launch
measurements, not supporting TPMs in any form would make this Intel
only on x86 and thus not very "unified".  Microsoft also tends to do
attestations partly via the vTPM in its L1 openHCL component (even for
TDX) and thus would also have difficulty adopting this proposal.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ