[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <aN0kKHvc0DRWJPbo@kernel.org>
Date: Wed, 1 Oct 2025 15:52:56 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: James Bottomley <James.Bottomley@...senpartnership.com>
Cc: Jonathan McDowell <noodles@...th.li>, linux-integrity@...r.kernel.org,
dpsmith@...rtussolutions.com, ross.philipson@...cle.com,
Jarkko Sakkinen <jarkko.sakkinen@...nsys.com>,
Roberto Sassu <roberto.sassu@...wei.com>,
Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
David Howells <dhowells@...hat.com>,
Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
open list <linux-kernel@...r.kernel.org>,
"open list:KEYS/KEYRINGS" <keyrings@...r.kernel.org>,
"open list:SECURITY SUBSYSTEM" <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH v3 01/10] tpm: Cap the number of PCR banks
On Wed, Oct 01, 2025 at 02:16:04PM +0300, Jarkko Sakkinen wrote:
> On Tue, Sep 30, 2025 at 10:17:22AM -0400, James Bottomley wrote:
> > On Tue, 2025-09-30 at 15:36 +0300, Jarkko Sakkinen wrote:
> > > On Tue, Sep 30, 2025 at 12:09:15PM +0100, Jonathan McDowell wrote:
> > > > On Mon, Sep 29, 2025 at 10:48:23PM +0300, Jarkko Sakkinen wrote:
> > [...]
> > > > > +#define TPM2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
> > > > > +#define TPM2_MAX_BANKS 4
> > > >
> > > > Where does this max come from? It matches what I see with swtpm by
> > > > default (SHA1, SHA2-256, SHA2-384, SHA-512), so I haven't seen
> > > > anything that exceeds it myself.
> > >
> > > I've never seen hardware TPM that would have more than one or two
> > > banks. We can double it to leave some room. This was tested with
> > > swtpm defaults.
> >
> > I've got a hardware TPM that comes with 3 banks by default (it's a
> > chinese one which has sha1 sha256 and sm2). swtpm isn't a good
> > indicator because it's default allocation is rather pejorative (it
> > disables sha1 whereas most field TPMs don't).
> >
> > However, if you look at how the reference implementation works, the
> > user is allowed to define any number of banks they want, up to the
> > number of supported hashes. The only limitation being there can't be
> > >1 bank for the same hash. Field TPM implementations are allowed to
> > constrain this, but most don't. The question you should be asking
> > here is not how many banks does a particular implementation allow by
> > default, but what's the maximum number a user could configure.
>
> It needs some compilation time cap as the value comes from external
> device. If someone hits to that value, then it needs to be increased
> but as unconstrained it's a bug.
Maximum eight banks should be spacy enough for the time being (and for
the foreseeable future).
BR, Jarkko
Powered by blists - more mailing lists