| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250611143737.00005e21@huawei.com> Date: Wed, 11 Jun 2025 14:37:37 +0100 From: Jonathan Cameron <Jonathan.Cameron@...wei.com> To: Alistair Francis <alistair@...stair23.me> CC: <linux-cxl@...r.kernel.org>, <linux-kernel@...r.kernel.org>, <lukas@...ner.de>, <linux-pci@...r.kernel.org>, <bhelgaas@...gle.com>, <rust-for-linux@...r.kernel.org>, <akpm@...ux-foundation.org>, <boqun.feng@...il.com>, <bjorn3_gh@...tonmail.com>, <wilfred.mallawa@....com>, <aliceryhl@...gle.com>, <ojeda@...nel.org>, <alistair23@...il.com>, <a.hindborg@...nel.org>, <tmgross@...ch.edu>, <gary@...yguo.net>, <alex.gaynor@...il.com>, <benno.lossin@...ton.me> Subject: Re: [RFC v2 00/20] lib: Rust implementation of SPDM On Thu, 27 Feb 2025 13:09:32 +1000 Alistair Francis <alistair@...stair23.me> wrote: > Security Protocols and Data Models (SPDM) [1] is used for authentication, > attestation and key exchange. SPDM is generally used over a range of > transports, such as PCIe, MCTP/SMBus/I3C, ATA, SCSI, NVMe or TCP. > > From the kernels perspective SPDM is used to authenticate and attest devices. > In this threat model a device is considered untrusted until it can be verified > by the kernel and userspace using SPDM. As such SPDM data is untrusted data > that can be mallicious. > > The SPDM specification is also complex, with the 1.2.1 spec being almost 200 > pages and the 1.3.0 spec being almost 250 pages long. > > As such we have the kernel parsing untrusted responses from a complex > specification, which sounds like a possible exploit vector. This is the type > of place where Rust excels! > > This series implements a SPDM requester in Rust. > > This is very similar to Lukas' implementation [2]. This series includes patches > and files from Lukas' C SPDM implementation, which isn't in mainline. > > This is a standalone series and doesn't depend on Lukas' implementation, although > we do still rely on Lukas' crypto preperation patches, not all of which are > upstream yet. > > To help with maintaining compatibility it's designed in a way to match Lukas' > design and the state struct stores the same information, although in a Rust > struct instead of the original C one. > > This series doesn't expose the data to userspace (except for a single sysfs > bool) to avoid the debate about how to do that. I'm planning to do that in > the future though. > > This series is based on the latest rust-next tree. > > This seris depends on the Untrusted abstraction work [4]. > > This seris also depends on the recent bindgen support for static inlines [5]. > > The entire tree can be seen here: https://github.com/alistair23/linux/tree/alistair/spdm-rust > > based-on: https://lore.kernel.org/rust-for-linux/20240925205244.873020-1-benno.lossin@proton.me/ > based-on: https://lore.kernel.org/rust-for-linux/20250107035058.818539-1-alistair@alistair23.me/ Hi Alastair, I've completely failed to find time to actually pick up enough rust to review this :( Also failed to find anyone else who has the rust skills and enough of the background. Ideally I'll get up to speed at some point, but in the meantime wanted to revisit the question of whether we want to go this way from day 1 rather than trying to deal with C version and later this? What's your current thoughts? I know Lukas mentioned he was going to spin a new version shortly (in one of the TSM threads) so are we waiting on that? For now I'm going to take this off my review queue. Sorry! Jonathan > > 1: https://www.dmtf.org/standards/spdm > 2: https://lore.kernel.org/all/cover.1719771133.git.lukas@wunner.de/ > 3: https://github.com/l1k/linux/commits/spdm-future/ > 4: https://lore.kernel.org/rust-for-linux/20240925205244.873020-1-benno.lossin@proton.me/ > 5: https://lore.kernel.org/rust-for-linux/20250107035058.818539-1-alistair@alistair23.me/ > > v2: > - Drop support for Rust and C implementations > - Include patches from Lukas to reduce series deps > - Large code cleanups based on more testing > - Support support for authentication > > Alistair Francis (12): > lib: rspdm: Initial commit of Rust SPDM > lib: rspdm: Support SPDM get_version > lib: rspdm: Support SPDM get_capabilities > lib: rspdm: Support SPDM negotiate_algorithms > lib: rspdm: Support SPDM get_digests > lib: rspdm: Support SPDM get_certificate > crypto: asymmetric_keys - Load certificate parsing early in boot > KEYS: Load keyring and certificates early in boot > PCI/CMA: Support built in X.509 certificates > lib: rspdm: Support SPDM certificate validation > rust: allow extracting the buffer from a CString > lib: rspdm: Support SPDM challenge > > Jonathan Cameron (1): > PCI/CMA: Authenticate devices on enumeration > > Lukas Wunner (7): > X.509: Make certificate parser public > X.509: Parse Subject Alternative Name in certificates > X.509: Move certificate length retrieval into new helper > certs: Create blacklist keyring earlier > PCI/CMA: Validate Subject Alternative Name in certificates > PCI/CMA: Reauthenticate devices on reset and resume > PCI/CMA: Expose in sysfs whether devices are authenticated > > Documentation/ABI/testing/sysfs-devices-spdm | 31 + > MAINTAINERS | 14 + > certs/blacklist.c | 4 +- > certs/system_keyring.c | 4 +- > crypto/asymmetric_keys/asymmetric_type.c | 2 +- > crypto/asymmetric_keys/x509_cert_parser.c | 9 + > crypto/asymmetric_keys/x509_loader.c | 38 +- > crypto/asymmetric_keys/x509_parser.h | 40 +- > crypto/asymmetric_keys/x509_public_key.c | 2 +- > drivers/pci/Kconfig | 13 + > drivers/pci/Makefile | 4 + > drivers/pci/cma.asn1 | 41 + > drivers/pci/cma.c | 272 +++++ > drivers/pci/doe.c | 5 +- > drivers/pci/pci-driver.c | 1 + > drivers/pci/pci-sysfs.c | 3 + > drivers/pci/pci.c | 12 +- > drivers/pci/pci.h | 15 + > drivers/pci/pcie/err.c | 3 + > drivers/pci/probe.c | 1 + > drivers/pci/remove.c | 1 + > include/keys/asymmetric-type.h | 2 + > include/keys/x509-parser.h | 55 + > include/linux/oid_registry.h | 3 + > include/linux/pci-doe.h | 4 + > include/linux/pci.h | 16 + > include/linux/spdm.h | 39 + > lib/Kconfig | 16 + > lib/Makefile | 2 + > lib/rspdm/Makefile | 11 + > lib/rspdm/consts.rs | 135 +++ > lib/rspdm/lib.rs | 180 +++ > lib/rspdm/req-sysfs.c | 97 ++ > lib/rspdm/state.rs | 1037 ++++++++++++++++++ > lib/rspdm/sysfs.rs | 28 + > lib/rspdm/validator.rs | 489 +++++++++ > rust/bindgen_static_functions | 5 + > rust/bindings/bindings_helper.h | 7 + > rust/kernel/error.rs | 3 + > rust/kernel/str.rs | 5 + > 40 files changed, 2587 insertions(+), 62 deletions(-) > create mode 100644 Documentation/ABI/testing/sysfs-devices-spdm > create mode 100644 drivers/pci/cma.asn1 > create mode 100644 drivers/pci/cma.c > create mode 100644 include/keys/x509-parser.h > create mode 100644 include/linux/spdm.h > create mode 100644 lib/rspdm/Makefile > create mode 100644 lib/rspdm/consts.rs > create mode 100644 lib/rspdm/lib.rs > create mode 100644 lib/rspdm/req-sysfs.c > create mode 100644 lib/rspdm/state.rs > create mode 100644 lib/rspdm/sysfs.rs > create mode 100644 lib/rspdm/validator.rs >
Powered by blists - more mailing lists