From: Sumit Garg <sumit.garg@linaro.org>
To: Ahmad Fatoum <a.fatoum@pengutronix.de>
Cc: "James Bottomley" <jejb@linux.ibm.com>,
"Jarkko Sakkinen" <jarkko@kernel.org>,
"Mimi Zohar" <zohar@linux.ibm.com>,
"David Howells" <dhowells@redhat.com>,
kernel <kernel@pengutronix.de>,
"James Morris" <jmorris@namei.org>,
"Eric Biggers" <ebiggers@kernel.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"Horia Geantă" <horia.geanta@nxp.com>,
"Aymen Sghaier" <aymen.sghaier@nxp.com>,
"Udit Agarwal" <udit.agarwal@nxp.com>,
"Jan Luebbe" <j.luebbe@pengutronix.de>,
"David Gstir" <david@sigma-star.at>,
"Richard Weinberger" <richard@nod.at>,
"Franck LENORMAND" <franck.lenormand@nxp.com>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
"open list:HARDWARE RANDOM NUMBER GENERATOR CORE"
<linux-crypto@vger.kernel.org>,
linux-integrity <linux-integrity@vger.kernel.org>,
"Linux Kernel Mailing List" <linux-kernel@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH v2 1/6] KEYS: trusted: allow use of TEE as backend without TCG_TPM support
Date: Mon, 19 Jul 2021 13:34:07 +0530 [thread overview]
Message-ID: <CAFA6WYMJp5u_+3bNc0ykFzveakOS4nqJfPvSoaFGQApFctL47A@mail.gmail.com> (raw)
In-Reply-To: <f8285eb0135ba30c9d846cf9dd395d1f5f8b1efc.1624364386.git-series.a.fatoum@pengutronix.de>
Hi Ahmad,
On Tue, 22 Jun 2021 at 18:08, Ahmad Fatoum <a.fatoum@pengutronix.de> wrote:
>
> With recent rework, trusted keys are no longer limited to TPM as trust
> source. The Kconfig symbol is unchanged however leading to a few issues:
>
> - TCG_TPM is required, even if only TEE is to be used
> - Enabling TCG_TPM, but excluding it from available trusted sources
> is not possible
> - TEE=m && TRUSTED_KEYS=y will lead to TEE support being silently
> dropped, which is not the best user experience
>
> Remedy these issues by introducing two new Kconfig symbols:
> TRUSTED_KEYS_TPM and TRUSTED_KEYS_TEE with the appropriate
> dependencies.
>
This should include a fixes tag to the rework commit.
> Signed-off-by: Ahmad Fatoum <a.fatoum@pengutronix.de>
> ---
> To: James Bottomley <jejb@linux.ibm.com>
> To: Jarkko Sakkinen <jarkko@kernel.org>
> To: Mimi Zohar <zohar@linux.ibm.com>
> To: David Howells <dhowells@redhat.com>
> Cc: James Morris <jmorris@namei.org>
> Cc: Eric Biggers <ebiggers@kernel.org>
> Cc: "Serge E. Hallyn" <serge@hallyn.com>
> Cc: "Horia Geantă" <horia.geanta@nxp.com>
> Cc: Aymen Sghaier <aymen.sghaier@nxp.com>
> Cc: Udit Agarwal <udit.agarwal@nxp.com>
> Cc: Jan Luebbe <j.luebbe@pengutronix.de>
> Cc: David Gstir <david@sigma-star.at>
> Cc: Richard Weinberger <richard@nod.at>
> Cc: Franck LENORMAND <franck.lenormand@nxp.com>
> Cc: Sumit Garg <sumit.garg@linaro.org>
> Cc: keyrings@vger.kernel.org
> Cc: linux-crypto@vger.kernel.org
> Cc: linux-integrity@vger.kernel.org
> Cc: linux-kernel@vger.kernel.org
> Cc: linux-security-module@vger.kernel.org
> ---
> security/keys/Kconfig | 14 ++++++-------
> security/keys/trusted-keys/Kconfig | 25 ++++++++++++++++++++++++-
> security/keys/trusted-keys/Makefile | 8 +++++---
> security/keys/trusted-keys/trusted_core.c | 4 ++--
> 4 files changed, 39 insertions(+), 12 deletions(-)
> create mode 100644 security/keys/trusted-keys/Kconfig
>
> diff --git a/security/keys/Kconfig b/security/keys/Kconfig
> index 64b81abd087e..6fdb953b319f 100644
> --- a/security/keys/Kconfig
> +++ b/security/keys/Kconfig
> @@ -70,23 +70,23 @@ config BIG_KEYS
>
> config TRUSTED_KEYS
> tristate "TRUSTED KEYS"
> - depends on KEYS && TCG_TPM
> + depends on KEYS
> select CRYPTO
> select CRYPTO_HMAC
> select CRYPTO_SHA1
> select CRYPTO_HASH_INFO
Should move these as well to TRUSTED_KEYS_TPM as the core code doesn't
mandate their need.
> - select ASN1_ENCODER
> - select OID_REGISTRY
> - select ASN1
> help
> This option provides support for creating, sealing, and unsealing
> keys in the kernel. Trusted keys are random number symmetric keys,
> - generated and RSA-sealed by the TPM. The TPM only unseals the keys,
> - if the boot PCRs and other criteria match. Userspace will only ever
> - see encrypted blobs.
> + generated and sealed by a trust source selected at kernel boot-time.
> + Userspace will only ever see encrypted blobs.
>
> If you are unsure as to whether this is required, answer N.
>
> +if TRUSTED_KEYS
> +source "security/keys/trusted-keys/Kconfig"
> +endif
> +
> config ENCRYPTED_KEYS
> tristate "ENCRYPTED KEYS"
> depends on KEYS
> diff --git a/security/keys/trusted-keys/Kconfig b/security/keys/trusted-keys/Kconfig
> new file mode 100644
> index 000000000000..24af4aaceebf
> --- /dev/null
> +++ b/security/keys/trusted-keys/Kconfig
> @@ -0,0 +1,25 @@
> +config TRUSTED_KEYS_TPM
> + bool "TPM-based trusted keys"
> + depends on TCG_TPM >= TRUSTED_KEYS
> + default y
> + select ASN1_ENCODER
> + select OID_REGISTRY
> + select ASN1
> + help
> + Enable use of the Trusted Platform Module (TPM) as trusted key
> + backend. Trusted keys are are random number symmetric keys,
> + which will be generated and RSA-sealed by the TPM.
> + The TPM only unseals the keys, if the boot PCRs and other
> + criteria match.
> +
> +config TRUSTED_KEYS_TEE
> + bool "TEE-based trusted keys"
> + depends on TEE >= TRUSTED_KEYS
> + default y
> + help
> + Enable use of the Trusted Execution Environment (TEE) as trusted
> + key backend.
> +
> +if !TRUSTED_KEYS_TPM && !TRUSTED_KEYS_TEE
> +comment "No trust source selected!"
> +endif
> diff --git a/security/keys/trusted-keys/Makefile b/security/keys/trusted-keys/Makefile
> index feb8b6c3cc79..96fc6c377398 100644
> --- a/security/keys/trusted-keys/Makefile
> +++ b/security/keys/trusted-keys/Makefile
> @@ -5,10 +5,12 @@
>
> obj-$(CONFIG_TRUSTED_KEYS) += trusted.o
> trusted-y += trusted_core.o
> -trusted-y += trusted_tpm1.o
> +trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm1.o
>
> $(obj)/trusted_tpm2.o: $(obj)/tpm2key.asn1.h
> -trusted-y += trusted_tpm2.o
> -trusted-y += tpm2key.asn1.o
> +trusted-$(CONFIG_TRUSTED_KEYS_TPM) += trusted_tpm2.o
> +trusted-$(CONFIG_TRUSTED_KEYS_TPM) += tpm2key.asn1.o
> +
> +trusted-$(CONFIG_TRUSTED_KEYS_TEE) += trusted_tee.o
>
> trusted-$(CONFIG_TEE) += trusted_tee.o
This should be dropped.
-Sumit
> diff --git a/security/keys/trusted-keys/trusted_core.c b/security/keys/trusted-keys/trusted_core.c
> index d5c891d8d353..8cab69e5d0da 100644
> --- a/security/keys/trusted-keys/trusted_core.c
> +++ b/security/keys/trusted-keys/trusted_core.c
> @@ -27,10 +27,10 @@ module_param_named(source, trusted_key_source, charp, 0);
> MODULE_PARM_DESC(source, "Select trusted keys source (tpm or tee)");
>
> static const struct trusted_key_source trusted_key_sources[] = {
> -#if defined(CONFIG_TCG_TPM)
> +#if defined(CONFIG_TRUSTED_KEYS_TPM)
> { "tpm", &trusted_key_tpm_ops },
> #endif
> -#if defined(CONFIG_TEE)
> +#if defined(CONFIG_TRUSTED_KEYS_TEE)
> { "tee", &trusted_key_tee_ops },
> #endif
> };
> --
> git-series 0.9.1
next prev parent reply other threads:[~2021-07-19 8:04 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-22 12:37 [PATCH v2 0/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 1/6] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2021-07-19 8:04 ` Sumit Garg [this message]
2021-07-19 9:09 ` Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 3/6] KEYS: trusted: allow users to use kernel RNG for key material Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 4/6] KEYS: trusted: allow trust sources " Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 5/6] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2021-07-02 8:03 ` Ahmad Fatoum
2021-06-22 12:37 ` [PATCH v2 6/6] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2021-07-01 20:42 ` Richard Weinberger
2021-07-02 8:00 ` Ahmad Fatoum
2021-07-02 10:53 ` Richard Weinberger
2021-07-02 12:33 ` Ahmad Fatoum
2021-07-20 19:19 ` Richard Weinberger
2021-07-20 20:24 ` Mimi Zohar
2021-07-20 20:37 ` Richard Weinberger
2021-07-21 17:02 ` Ahmad Fatoum
2021-07-14 6:36 ` [PATCH v2 0/6] " Ahmad Fatoum
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAFA6WYMJp5u_+3bNc0ykFzveakOS4nqJfPvSoaFGQApFctL47A@mail.gmail.com \
--to=sumit.garg@linaro.org \
--cc=a.fatoum@pengutronix.de \
--cc=aymen.sghaier@nxp.com \
--cc=david@sigma-star.at \
--cc=dhowells@redhat.com \
--cc=ebiggers@kernel.org \
--cc=franck.lenormand@nxp.com \
--cc=horia.geanta@nxp.com \
--cc=j.luebbe@pengutronix.de \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=kernel@pengutronix.de \
--cc=keyrings@vger.kernel.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=richard@nod.at \
--cc=serge@hallyn.com \
--cc=udit.agarwal@nxp.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.