From: Stefan Berger <stefanb@linux.ibm.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
keyrings@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH v4 00/13] add integrity and security to TPM2 transactions
Date: Mon, 4 Dec 2023 16:02:19 -0500 [thread overview]
Message-ID: <99abf64b-10af-4a24-ac12-117141798956@linux.ibm.com> (raw)
In-Reply-To: <a56dfd99262b31db06713f6f0b6ff2ba58c2fa4b.camel@HansenPartnership.com>
On 12/4/23 14:24, James Bottomley wrote:
> On Mon, 2023-12-04 at 13:56 -0500, Stefan Berger wrote:
>>
>>
>> On 4/3/23 17:39, James Bottomley wrote:
>>> The interest in securing the TPM against interposers, both active
>>> and
>>> passive has risen to fever pitch with the demonstration of key
>>> recovery against windows bitlocker:
>>>
>>> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
>>>
>>> And subsequently the same attack being successful against all the
>>> Linux TPM based security solutions:
>>>
>>> https://www.secura.com/blog/tpm-sniffing-attacks-against-non-bitlocker-targets
>>>
>>> The attacks fall into two categories:
>>>
>>> 1. Passive Interposers, which sit on the bus and merely observe
>>> 2. Active Interposers, which try to manipulate TPM transactions on
>>> the
>>> bus using man in the middle and packet stealing to create TPM
>>> state the interposer owner desires.
>>
>> I think this is another capability of an interposer that should be
>> mentioned here, unless technically not possible but I would not know
>> why:
>>
>> 3. Active Interposers that send their own commands to the TPM to for
>> example cause DoS attacks.
>>
>> If we protect PCR extensions now and the interposer can send his own
>> PCR extensions and the TPM 2 accepts them (TPM doesn't have a mode to
>> reject unprotected commands in general), why protect the PCR
>> extensions from IMA then?
>
> Well the PCRs are world writable in a standard system, so anyone with
> access, i.e. anyone in the tpm group, can arbitrarily extend them and
> destroy the replay. So I ignored this because while an interposer can
> do this, you don't have to be an interposer to cause log replay
> disruption like this.
Presumably the folks in the tpm group are trusted while the interpose is
not.
>
> The actual threat to PCR extends from an interposer is silent discards
> where the attacker seeks to fake the log after the fact to match a
> quote they've discarded a suspicious event from. Thus the HMAC check
Well, it's not that simple to fake the log unless you are root and then
all bets are off when it comes to sending commands to the TPM.
> is actually the return one, which allows the kernel to know the write
> succeeded.
>
> James
>
next prev parent reply other threads:[~2023-12-04 21:02 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-03 21:39 [PATCH v4 00/13] add integrity and security to TPM2 transactions James Bottomley
2023-04-03 21:39 ` [PATCH v4 01/13] crypto: lib - implement library version of AES in CFB mode James Bottomley
2023-04-23 3:34 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 02/13] tpm: move buffer handling from static inlines to real functions James Bottomley
2023-04-23 3:36 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 03/13] tpm: add kernel doc to buffer handling functions James Bottomley
2023-04-23 3:40 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 04/13] tpm: add buffer handling for TPM2B types James Bottomley
2023-04-23 4:12 ` Jarkko Sakkinen
2023-05-02 15:43 ` Stefan Berger
2023-05-03 11:29 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 05/13] tpm: add cursor based buffer functions for response parsing James Bottomley
2023-04-23 4:14 ` Jarkko Sakkinen
2023-05-02 13:54 ` Stefan Berger
2023-08-22 11:15 ` Jarkko Sakkinen
2023-08-22 13:51 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 06/13] tpm: add buffer function to point to returned parameters James Bottomley
2023-05-02 14:09 ` Stefan Berger
2023-05-03 11:31 ` Jarkko Sakkinen
2023-06-06 2:09 ` James Bottomley
2023-06-06 15:34 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 07/13] tpm: export the context save and load commands James Bottomley
2023-05-02 14:12 ` Stefan Berger
2023-04-03 21:39 ` [PATCH v4 08/13] tpm: Add full HMAC and encrypt/decrypt session handling code James Bottomley
2023-04-04 1:49 ` kernel test robot
2023-04-23 5:29 ` Jarkko Sakkinen
2023-11-26 3:39 ` Jarkko Sakkinen
2023-11-26 3:45 ` Jarkko Sakkinen
2023-11-26 15:07 ` James Bottomley
2023-11-26 15:05 ` James Bottomley
2023-12-04 2:29 ` Jarkko Sakkinen
2023-12-04 12:35 ` James Bottomley
2023-12-04 13:43 ` Mimi Zohar
2023-12-04 13:53 ` James Bottomley
2023-12-04 13:59 ` Mimi Zohar
2023-12-04 14:02 ` James Bottomley
2023-12-04 14:10 ` Mimi Zohar
2023-12-04 14:23 ` James Bottomley
2023-12-04 22:58 ` Jarkko Sakkinen
2023-12-04 22:46 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 09/13] tpm: add hmac checks to tpm2_pcr_extend() James Bottomley
2023-04-23 5:32 ` Jarkko Sakkinen
2023-04-03 21:40 ` [PATCH v4 10/13] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2023-04-03 21:40 ` [PATCH v4 11/13] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2023-04-03 21:40 ` [PATCH v4 12/13] tpm: add the null key name as a sysfs export James Bottomley
2023-04-23 5:38 ` Jarkko Sakkinen
2023-04-03 21:40 ` [PATCH v4 13/13] Documentation: add tpm-security.rst James Bottomley
2023-04-04 18:43 ` [PATCH v4 00/13] add integrity and security to TPM2 transactions William Roberts
2023-04-04 19:18 ` James Bottomley
2023-04-04 19:42 ` William Roberts
2023-04-04 20:19 ` James Bottomley
2023-04-04 21:10 ` William Roberts
2023-04-04 21:33 ` James Bottomley
2023-04-04 21:44 ` William Roberts
2023-04-05 18:39 ` William Roberts
2023-04-05 19:41 ` James Bottomley
2023-04-07 14:40 ` William Roberts
2023-04-23 5:42 ` Jarkko Sakkinen
2023-12-04 18:56 ` Stefan Berger
2023-12-04 19:24 ` James Bottomley
2023-12-04 21:02 ` Stefan Berger [this message]
2023-12-05 13:50 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=99abf64b-10af-4a24-ac12-117141798956@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.