From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CCDFBECE562 for ; Mon, 17 Sep 2018 09:41:32 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 7AA322086E for ; Mon, 17 Sep 2018 09:41:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 7AA322086E Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=huawei.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727746AbeIQPIG (ORCPT ); Mon, 17 Sep 2018 11:08:06 -0400 Received: from lhrrgout.huawei.com ([185.176.76.210]:2079 "EHLO huawei.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1727020AbeIQPIG (ORCPT ); Mon, 17 Sep 2018 11:08:06 -0400 Received: from LHREML712-CAH.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 347AA96F9EDBF; Mon, 17 Sep 2018 10:41:25 +0100 (IST) Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.153) by smtpsuk.huawei.com (10.201.108.35) with Microsoft SMTP Server (TLS) id 14.3.399.0; Mon, 17 Sep 2018 10:40:44 +0100 From: Roberto Sassu To: CC: , , , Roberto Sassu Subject: [PATCH v2, RESEND 0/3] tpm: retrieve digest size of unknown algorithms from TPM Date: Mon, 17 Sep 2018 11:38:17 +0200 Message-ID: <20180917093820.20500-1-roberto.sassu@huawei.com> X-Mailer: git-send-email 2.14.1 MIME-Version: 1.0 Content-Type: text/plain X-Originating-IP: [10.204.65.153] X-CFilter-Loop: Reflected Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Resending to maintainer with correct mailing lists in CC. The TPM driver currently relies on the crypto subsystem to determine the digest size of supported TPM algorithms. In the future, TPM vendors might implement new algorithms in their chips, and those algorithms might not be supported by the crypto subsystem. Usually, vendors provide patches for the new hardware, and likely the crypto subsystem will be updated before the new algorithm is introduced. However, old kernels might be updated later, after patches are included in the mainline kernel. This would leave the opportunity for attackers to misuse PCRs, as PCR banks with an unknown algorithm are not extended. This patch set provides a long term solution for this issue. If a TPM algorithm is not known by the crypto subsystem, the TPM driver retrieves the digest size from the TPM with a PCR read. All the PCR banks are extended, even if the algorithm is not yet supported by the crypto subsystem. Roberto Sassu (3): tpm: rename and export tpm2_digest and tpm2_algorithms tpm: modify tpm_pcr_read() definition to pass TPM hash algorithms tpm: retrieve digest size of unknown algorithms with PCR read drivers/char/tpm/tpm-interface.c | 24 ++++++++---- drivers/char/tpm/tpm.h | 18 ++------- drivers/char/tpm/tpm2-cmd.c | 78 +++++++++++++++++++++++++------------ include/linux/tpm.h | 30 +++++++++++++- include/linux/tpm_eventlog.h | 9 +---- security/integrity/ima/ima_crypto.c | 10 ++--- 6 files changed, 109 insertions(+), 60 deletions(-) -- 2.14.1 From mboxrd@z Thu Jan 1 00:00:00 1970 From: roberto.sassu@huawei.com (Roberto Sassu) Date: Mon, 17 Sep 2018 11:38:17 +0200 Subject: [PATCH v2, RESEND 0/3] tpm: retrieve digest size of unknown algorithms from TPM Message-ID: <20180917093820.20500-1-roberto.sassu@huawei.com> To: linux-security-module@vger.kernel.org List-Id: linux-security-module.vger.kernel.org Resending to maintainer with correct mailing lists in CC. The TPM driver currently relies on the crypto subsystem to determine the digest size of supported TPM algorithms. In the future, TPM vendors might implement new algorithms in their chips, and those algorithms might not be supported by the crypto subsystem. Usually, vendors provide patches for the new hardware, and likely the crypto subsystem will be updated before the new algorithm is introduced. However, old kernels might be updated later, after patches are included in the mainline kernel. This would leave the opportunity for attackers to misuse PCRs, as PCR banks with an unknown algorithm are not extended. This patch set provides a long term solution for this issue. If a TPM algorithm is not known by the crypto subsystem, the TPM driver retrieves the digest size from the TPM with a PCR read. All the PCR banks are extended, even if the algorithm is not yet supported by the crypto subsystem. Roberto Sassu (3): tpm: rename and export tpm2_digest and tpm2_algorithms tpm: modify tpm_pcr_read() definition to pass TPM hash algorithms tpm: retrieve digest size of unknown algorithms with PCR read drivers/char/tpm/tpm-interface.c | 24 ++++++++---- drivers/char/tpm/tpm.h | 18 ++------- drivers/char/tpm/tpm2-cmd.c | 78 +++++++++++++++++++++++++------------ include/linux/tpm.h | 30 +++++++++++++- include/linux/tpm_eventlog.h | 9 +---- security/integrity/ima/ima_crypto.c | 10 ++--- 6 files changed, 109 insertions(+), 60 deletions(-) -- 2.14.1