lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ab612691fbe76bd9639fd86fbbfa4be17104867c.camel@HansenPartnership.com>
Date: Tue, 18 Mar 2025 08:44:05 -0400
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: "Xing, Cedric" <cedric.xing@...el.com>, Sathyanarayanan Kuppuswamy
 <sathyanarayanan.kuppuswamy@...ux.intel.com>, Dan Williams
 <dan.j.williams@...el.com>, "Kirill A. Shutemov"
 <kirill.shutemov@...ux.intel.com>, Dave Hansen
 <dave.hansen@...ux.intel.com>,  Thomas Gleixner <tglx@...utronix.de>, Ingo
 Molnar <mingo@...hat.com>, Borislav Petkov <bp@...en8.de>,  x86@...nel.org,
 "H. Peter Anvin" <hpa@...or.com>
Cc: linux-kernel@...r.kernel.org, linux-coco@...ts.linux.dev, Dionna Amalie
 Glaze <dionnaglaze@...gle.com>, Dan Middleton
 <dan.middleton@...ux.intel.com>, Mikko Ylinen <mikko.ylinen@...ux.intel.com>
Subject: Re: [PATCH v2 0/4] tsm: Unified Measurement Register ABI for TVMs

On Mon, 2025-03-17 at 22:48 -0500, Xing, Cedric wrote:
> On 3/17/2025 6:15 PM, Sathyanarayanan Kuppuswamy wrote:
> [...]
> > Any comment on the missing event log support? Extending the
> > measurements without logging the event should break the
> > tractability feature. Can you add info about why it is ok to just
> > add extension support for now?
> > 
> The event log support was once proposed and discussed. Please see 
> https://lore.kernel.org/all/20240907-tsm-rtmr-v1-0-12fc4d43d4e7@intel.com/
>  
> for details. In short, it's difficult to define a log format that
> fits all applications, 

I also think the interface doesn't have much utility without a log (at
least the ability to write part).  However, I think the problem is the
quest for a single universal log.  If you just allow the reflected
consumers to use their own log format (and identify that format
somewhere in the filesystem) it still all works.  This would mean that
plugging in IMA becomes simple and it would obviously just use the IMA
log format.

>From a non-repudiable record point of view there are definite reasons
why mutually distrusting subsystems would want their own PCR and log
anyway (so they can do separated replay), so I think supporting
multiple logs is definitely a requirement.  If we have multiple logs,
there's not much of a problem with multiple formats.

> and luckily it doesn't have to be solved in kernel  mode, so we leave
> it out for now.

The problem, that will be hard to do a pure userspace solution for, is
that adding a log entry and extending the PCR should be as close to
atomic as you can get them.

Regards,

James

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ