lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250626064932.1be18542@kernel.org>
Date: Thu, 26 Jun 2025 06:49:32 -0700
From: Jakub Kicinski <kuba@...nel.org>
To: Daniel Zahka <daniel.zahka@...il.com>
Cc: Willem de Bruijn <willemdebruijn.kernel@...il.com>, Donald Hunter
 <donald.hunter@...il.com>, "David S. Miller" <davem@...emloft.net>, Eric
 Dumazet <edumazet@...gle.com>, Paolo Abeni <pabeni@...hat.com>, Simon
 Horman <horms@...nel.org>, Jonathan Corbet <corbet@....net>, Andrew Lunn
 <andrew+netdev@...n.ch>, Saeed Mahameed <saeedm@...dia.com>, Leon
 Romanovsky <leon@...nel.org>, Tariq Toukan <tariqt@...dia.com>, Boris
 Pismenny <borisp@...dia.com>, Kuniyuki Iwashima <kuniyu@...gle.com>, Willem
 de Bruijn <willemb@...gle.com>, David Ahern <dsahern@...nel.org>, Neal
 Cardwell <ncardwell@...gle.com>, Patrisious Haddad <phaddad@...dia.com>,
 Raed Salem <raeds@...dia.com>, Jianbo Liu <jianbol@...dia.com>, Dragos
 Tatulea <dtatulea@...dia.com>, Rahul Rameshbabu <rrameshbabu@...dia.com>,
 Stanislav Fomichev <sdf@...ichev.me>, Toke Høiland-Jørgensen <toke@...hat.com>, Alexander Lobakin
 <aleksander.lobakin@...el.com>, Jacob Keller <jacob.e.keller@...el.com>,
 netdev@...r.kernel.org
Subject: Re: [PATCH v2 01/17] psp: add documentation

On Thu, 26 Jun 2025 07:55:34 -0400 Daniel Zahka wrote:
> >> +after ``psp-versions-ena`` has been disabled. User may also disable
> >> +``psp-versions-ena`` while there are active associations, which will
> >> +break all PSP Rx processing.
> >> +
> >> +Drivers are expected to ensure that device key is usable upon init
> >> +(working keys can be allocated), and that no duplicate keys may be generated
> >> +(reuse of SPI without key rotation). Drivers may achieve this by rotating
> >> +keys twice before registering the PSP device.  
> > Since the device returns a { session_key, spi } pair, risk of reuse
> > is purely in firmware.

I don't think this is a requirement put forward in the spec?
Specifically if a device wants to allow partitioning of the SPI
space it may let the host pick the SPI. To me the device allocating 
the SPIs seemed more like a convenience thing that a security feature
to prevent reuse.

> > I don't follow the need for the extra double rotation.
> 
> Indeed that last sentence is superfluous. Re-initializing a device 
> shouldn't leave a device key from a previous initialization, while 
> resetting the spi space. If something like that were possible, it should 
> probably be obvious to the driver writer to do something like double 
> rotate the keys.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ