| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <125ba81bb222cdffef05ef9868c68002efd61235.camel@HansenPartnership.com> Date: Mon, 06 Oct 2025 10:33:40 -0400 From: James Bottomley <James.Bottomley@...senPartnership.com> To: Jarkko Sakkinen <jarkko@...nel.org>, Linus Torvalds <torvalds@...ux-foundation.org> Cc: Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>, David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org, linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org Subject: Re: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-v6.18 On Mon, 2025-10-06 at 17:12 +0300, Jarkko Sakkinen wrote: > 2. Null seed was extremely bad idea. The way I'm planning to actually > fix this is to parametrize the primary key to a persistent key > handle > stored into nvram of the chip instead of genration. This will > address > also ambiguity and can be linked directly to vendor ceritifcate > for e.g. to perfom remote attesttion. Just a minute, there's been no discussion or debate about this on the list. The rationale for using the NULL seed is clearly laid out here: https://docs.kernel.org/security/tpm/tpm-security.html But in brief it is the only way to detect reset attacks against the TPM and a reset attack is the single simplest attack an interposer can do. If you think there's a problem with the approach, by all means let's have a debate, since TPM security is always a trade off, but you can't simply come to your own opinion and try to impose it by fiat without at least raising whatever issue you think you've found with the parties who contributed the code in the first place. Regards, James
Powered by blists - more mailing lists