From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
zohar@linux.ibm.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com
Subject: Re: [PATCH v3 5/5] tpm: ensure that output of PCR read contains the correct digest size
Date: Thu, 1 Nov 2018 16:32:48 +0200 (EET) [thread overview]
Message-ID: <alpine.DEB.2.21.1811011631010.14303@jsakkine-mobl1> (raw)
In-Reply-To: <7adca046-ae80-7453-9fee-a802b46ceb86@huawei.com>
On Wed, 31 Oct 2018, Roberto Sassu wrote:
> On 10/30/2018 8:52 PM, Jarkko Sakkinen wrote:
>> On Tue, 30 Oct 2018, Roberto Sassu wrote:
>>> This patch ensures that the digest size returned by the TPM during a PCR
>>> read matches the size of the algorithm passed as argument to
>>> tpm2_pcr_read(). The check is performed after information about the PCR
>>> banks has been retrieved.
>>>
>>> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
>>
>> What is the scenarion when this can happen (should be explained in
>> the commit message)?
>
> Without an HMAC session, the request/response payload can be modified.
> This patch ensures that the digest size in the payload is equal to the
> size of the algorithm specified by the caller.
i.e. it protect against memory corruption that could happen in the bus?
Please state this.
> For me it is ok to remove this patch from the set. It was requested by
> Mimi.
For me it is not ok remove this patch :-) I just want that note to the
commit message in order to have it documented.
/Jarkko
next prev parent reply other threads:[~2018-11-01 14:32 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-10-30 15:47 [PATCH v3 0/5] tpm: retrieve digest size of unknown algorithms from TPM Roberto Sassu
2018-10-30 15:47 ` [PATCH v3 1/5] tpm: change the end marker of the active_banks array to zero Roberto Sassu
2018-10-30 19:45 ` Jarkko Sakkinen
2018-10-31 14:43 ` Mimi Zohar
2018-11-01 14:42 ` Mimi Zohar
2018-11-05 8:10 ` Roberto Sassu
2018-11-05 13:02 ` Mimi Zohar
2018-11-05 8:07 ` Roberto Sassu
2018-10-30 15:47 ` [PATCH v3 2/5] tpm: rename and export tpm2_digest and tpm2_algorithms Roberto Sassu
2018-10-30 15:47 ` [PATCH v3 3/5] tpm: modify tpm_pcr_read() definition to pass a TPM hash algorithm Roberto Sassu
2018-10-30 15:47 ` [PATCH v3 4/5] tpm: retrieve digest size of unknown algorithms with PCR read Roberto Sassu
2018-11-01 16:02 ` Mimi Zohar
2018-11-01 16:23 ` Mimi Zohar
2018-11-05 9:47 ` Roberto Sassu
2018-11-05 12:01 ` Jarkko Sakkinen
2018-11-05 13:09 ` Roberto Sassu
2018-11-05 14:48 ` Mimi Zohar
2018-11-05 17:13 ` Jarkko Sakkinen
2018-11-05 17:10 ` Jarkko Sakkinen
2018-10-30 15:47 ` [PATCH v3 5/5] tpm: ensure that output of PCR read contains the correct digest size Roberto Sassu
2018-10-30 19:52 ` Jarkko Sakkinen
2018-10-31 8:16 ` Roberto Sassu
2018-11-01 14:32 ` Jarkko Sakkinen [this message]
2018-11-01 16:52 ` Mimi Zohar
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=alpine.DEB.2.21.1811011631010.14303@jsakkine-mobl1 \
--to=jarkko.sakkinen@linux.intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=roberto.sassu@huawei.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).