lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <aOQPYwrGwZfP-GsV@kernel.org>
Date: Mon, 6 Oct 2025 21:50:11 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Jonathan McDowell <noodles@...th.li>
Cc: James Bottomley <James.Bottomley@...senpartnership.com>,
	Linus Torvalds <torvalds@...ux-foundation.org>,
	Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>,
	David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org,
	linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-v6.18

On Mon, Oct 06, 2025 at 06:02:05PM +0100, Jonathan McDowell wrote:
> On Mon, Oct 06, 2025 at 07:51:46PM +0300, Jarkko Sakkinen wrote:
> > My main issue preventing sending a new pull request is that weird list
> > of core TPM2 features that is claimed "not to be required" with zero
> > references. Especially it is contraditory claim that TPM2_CreatePrimary
> > would be optional feature as the whole chip standard is based on three
> > random seeds from which primary keys are templated and used as root
> > keys for other keys.
> 
> My understanding here is that the main specification about what's 
> "required" for TPMs to implement is from the PC Client Platform TPM 
> Profile. There's no specific server PTP (though there is talk about 
> creating one), so _most_ vendors just implement the PC Client PTP. It 
> doesn't mean a TPM that doesn't do so isn't TPM compliant, just not PC 
> Client PTP compliant.
> 
> Google have taken the approach in their Titan based TPM implementation 
> to avoid implementing features they don't need, to reduce attack 
> surface.

If it is an internal product, it does not qualify for as an argument but
good that you brought this detail out. I mean the action is the same
and debate is really what are correct preconditions for taking any
action.

So I'll cover the next trial for PR with:

1. I'll retain my existing commit with no changes.
2. In the cover letter I can address the details brough by Chris with
   the clause that Titan specific arguments are not basis for any
   decision making, as it is wrong and does not scale given that
   any possible company in this planet can have their own random
   incompatible partial TPM implementation (and most likely there
   are at least few of such).
3. I'll link Chris' message to the email. I.e. based on other
   claims in that mail we can already fully justify the action
   itself. I'm just knowingly ignoring that list of "incompatible"
   features, and remark that so that the process is transparent.

> 
> I'm not aware of anyone else who has done this.
> 
> J.
> 
> -- 
> ... You non-conformists are all alike.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ