lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <aJ9fy_sO6tza9qLF@iki.fi>
Date: Fri, 15 Aug 2025 19:26:51 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@....fi>
To: Chris Fenner <cfenn@...gle.com>
Cc: Jarkko Sakkinen <jarkko@...nel.org>, Peter Huewe <peterhuewe@....de>,
	Jason Gunthorpe <jgg@...pe.ca>, linux-integrity@...r.kernel.org,
	linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tpm: Disable TCG_TPM2_HMAC by default

On Fri, Aug 15, 2025 at 08:45:06AM -0700, Chris Fenner wrote:
> I have a Linux machine with a standard off-the-shelf Infineon SLB9670
> TPM. Without the session salting, each PCR extension takes just 4-5
> ms. With session salting, it takes:
> * 30ms to load the null key from its context blob
> * 108ms to start the auth session and extend the PCR inside it
> * 1ms to flush the null key
> 
> for an overhead of about 2880%. Depending on the configuration of the
> kernel/IMA and how many PCR measurements it's making, this could add
> up to a good chunk of time and explain reports like [3] where people
> are noting that turning this feature on adds minutes to or triples the
> boot time.

I'll with shoot another proposal. Let's delete null primary creation
code and add a parameter 'tpm.integrity_handle', which will refers to
persistent primary handle:

1. It simplifies the code considerably.
2. It makes whole a lot more sense especially given that there's
   ambiguity with the key. This comes from earlier off-list
   discussion where you made this argument, and I'll buy that.
   I.e. even if we could certify null primary we cannot certify
   it is "unambiguousness".
3. Update tpm-security documentation accordingly.

I think this might be "the long-term fix" that could be done right noW.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ