| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aJ9ySGv0JZ0DiNgf@kernel.org> Date: Fri, 15 Aug 2025 20:45:44 +0300 From: Jarkko Sakkinen <jarkko@...nel.org> To: Chris Fenner <cfenn@...gle.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@....fi>, Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>, linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [PATCH] tpm: Disable TCG_TPM2_HMAC by default On Fri, Aug 15, 2025 at 10:06:36AM -0700, Chris Fenner wrote: > On Fri, Aug 15, 2025 at 9:27 AM Jarkko Sakkinen <jarkko.sakkinen@....fi> wrote: > > > I'll with shoot another proposal. Let's delete null primary creation > > code and add a parameter 'tpm.integrity_handle', which will refers to > > persistent primary handle: > > I'm not yet sure I understand which handle you mean, or what you're > proposing to do with it. Could you elaborate? Primary key persistent handle. In tpm2_start_auth_session() there's /* salt key handle */ tpm_buf_append_u32(&buf, null_key); Which would become /* salt key handle */ tpm_buf_append_u32(&buf, integrity_handle); And in beginning of exported functions from tpm2-sessions.c: if (!integrity_handle) return 0; And delete from same file: 1. tpm2_create_*() 2. tpm2_load_null() That way the feature makes sense and does not disturb the user who don't want it as PCRs and random numbers will be integrity proteced agains an unambiguous key that can be certified. > > Thanks > Chris BR, Jarkko
Powered by blists - more mailing lists