From: Andrew Cooper <andyhhp@gmail.com>
To: Matthew Garrett <mjg59@srcf.ucam.org>,
Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
Ross Philipson <ross.philipson@oracle.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org,
kexec@lists.infradead.org, linux-efi@vger.kernel.org,
dpsmith@apertussolutions.com, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, James.Bottomley@hansenpartnership.com,
luto@amacapital.net, nivedita@alum.mit.edu,
kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com,
richard@hughsie.com
Subject: Re: [PATCH v6 06/14] x86: Add early SHA support for Secure Launch early measurements
Date: Fri, 12 May 2023 20:42:37 +0100 [thread overview]
Message-ID: <4a8f15b7-2897-e7f5-fe7e-fded3a4130c6@gmail.com> (raw)
In-Reply-To: <20230512191203.GA21013@srcf.ucam.org>
On 12/05/2023 8:12 pm, Matthew Garrett wrote:
> On Fri, May 12, 2023 at 08:17:21PM +0200, Thomas Gleixner wrote:
>> On Fri, May 12 2023 at 17:13, Matthew Garrett wrote:
>>> On Fri, May 12, 2023 at 03:24:04PM +0200, Thomas Gleixner wrote:
>>>> On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
>>>>> Unless we assert that SHA-1 events are unsupported, it seems a bit odd
>>>>> to force a policy on people who have both banks enabled. People with
>>>>> mixed fleets are potentially going to be dealing with SHA-1 measurements
>>>>> for a while yet, and while there's obviously a security benefit in using
>>>>> SHA-2 instead it'd be irritating to have to maintain two attestation
>>>>> policies.
>>>> Why?
>>>>
>>>> If you have a mixed fleet then it's not too much asked to provide two
>>>> data sets. On a TPM2 system you can enforce SHA-2 and only fallback to
>>>> SHA-1 on TPM 1.2 hardware. No?
>>> No, beause having TPM2 hardware doesn't guarantee that your firmware
>>> enables SHA-2 (which also means this is something that could change with
>>> firmware updates, which means that refusing to support SHA-1 if the
>>> SHA-2 banks are enabled could result in an entirely different policy
>>> being required (and plausibly one that isn't implemented in their
>>> existing tooling)
>> It's not rocket science to have both variants supported in tooling,
>> really.
> People who are currently using tboot are only getting SHA-1, so there's
> no obvious reason for them to have added support yet. *My* tooling all
> supports SHA-2 so I'm completely fine here, but either we refuse to
> support a bunch of hardware or we have to support SHA-1 anyway, and if
> we have to support it the only reason not to implement it even in the
> "SHA-2 is supported" case is because we have opinions about how other
> people implement their security.
The way to deal with this is to merge DRTM support (when it's ready of
course) so people have an option which isn't tboot.
Then warn on finding a TPM2 without SHA-2, and make it a failure for
https://fwupd.github.io/libfwupdplugin/hsi.html#tpm-20-present etc, and
eventually the vendors will decide that the easiest way to avoid getting
a cross in their customers UIs is to implement SHA-2 support properly.
~Andrew
WARNING: multiple messages have this Message-ID (diff)
From: Andrew Cooper <andyhhp@gmail.com>
To: Matthew Garrett <mjg59@srcf.ucam.org>,
Thomas Gleixner <tglx@linutronix.de>
Cc: Ard Biesheuvel <ardb@kernel.org>,
Eric Biggers <ebiggers@kernel.org>,
Ross Philipson <ross.philipson@oracle.com>,
linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org,
kexec@lists.infradead.org, linux-efi@vger.kernel.org,
dpsmith@apertussolutions.com, mingo@redhat.com, bp@alien8.de,
hpa@zytor.com, James.Bottomley@hansenpartnership.com,
luto@amacapital.net, nivedita@alum.mit.edu,
kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com,
richard@hughsie.com
Subject: Re: [PATCH v6 06/14] x86: Add early SHA support for Secure Launch early measurements
Date: Fri, 12 May 2023 20:42:37 +0100 [thread overview]
Message-ID: <4a8f15b7-2897-e7f5-fe7e-fded3a4130c6@gmail.com> (raw)
In-Reply-To: <20230512191203.GA21013@srcf.ucam.org>
On 12/05/2023 8:12 pm, Matthew Garrett wrote:
> On Fri, May 12, 2023 at 08:17:21PM +0200, Thomas Gleixner wrote:
>> On Fri, May 12 2023 at 17:13, Matthew Garrett wrote:
>>> On Fri, May 12, 2023 at 03:24:04PM +0200, Thomas Gleixner wrote:
>>>> On Fri, May 12 2023 at 12:28, Matthew Garrett wrote:
>>>>> Unless we assert that SHA-1 events are unsupported, it seems a bit odd
>>>>> to force a policy on people who have both banks enabled. People with
>>>>> mixed fleets are potentially going to be dealing with SHA-1 measurements
>>>>> for a while yet, and while there's obviously a security benefit in using
>>>>> SHA-2 instead it'd be irritating to have to maintain two attestation
>>>>> policies.
>>>> Why?
>>>>
>>>> If you have a mixed fleet then it's not too much asked to provide two
>>>> data sets. On a TPM2 system you can enforce SHA-2 and only fallback to
>>>> SHA-1 on TPM 1.2 hardware. No?
>>> No, beause having TPM2 hardware doesn't guarantee that your firmware
>>> enables SHA-2 (which also means this is something that could change with
>>> firmware updates, which means that refusing to support SHA-1 if the
>>> SHA-2 banks are enabled could result in an entirely different policy
>>> being required (and plausibly one that isn't implemented in their
>>> existing tooling)
>> It's not rocket science to have both variants supported in tooling,
>> really.
> People who are currently using tboot are only getting SHA-1, so there's
> no obvious reason for them to have added support yet. *My* tooling all
> supports SHA-2 so I'm completely fine here, but either we refuse to
> support a bunch of hardware or we have to support SHA-1 anyway, and if
> we have to support it the only reason not to implement it even in the
> "SHA-2 is supported" case is because we have opinions about how other
> people implement their security.
The way to deal with this is to merge DRTM support (when it's ready of
course) so people have an option which isn't tboot.
Then warn on finding a TPM2 without SHA-2, and make it a failure for
https://fwupd.github.io/libfwupdplugin/hsi.html#tpm-20-present etc, and
eventually the vendors will decide that the easiest way to avoid getting
a cross in their customers UIs is to implement SHA-2 support properly.
~Andrew
_______________________________________________
kexec mailing list
kexec@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/kexec
next prev parent reply other threads:[~2023-05-12 19:42 UTC|newest]
Thread overview: 200+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-04 14:50 [PATCH v6 00/14] x86: Trenchboot secure dynamic launch Linux kernel support Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 01/14] x86/boot: Place kernel_info at a fixed offset Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 02/14] Documentation/x86: Secure Launch kernel documentation Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 16:19 ` Simon Horman
2023-05-05 16:19 ` Simon Horman
2023-05-05 17:32 ` Ross Philipson
2023-05-05 17:32 ` Ross Philipson
2023-05-06 8:48 ` Bagas Sanjaya
2023-05-06 8:48 ` Bagas Sanjaya
2023-05-10 15:41 ` Ross Philipson
2023-05-10 15:41 ` Ross Philipson
2023-05-12 10:47 ` Matthew Garrett
2023-05-12 10:47 ` Matthew Garrett
2023-06-16 16:44 ` Daniel P. Smith
2023-06-16 16:44 ` Daniel P. Smith
2023-06-16 16:54 ` Matthew Garrett
2023-06-16 16:54 ` Matthew Garrett
2023-06-16 18:21 ` Daniel P. Smith
2023-06-16 18:21 ` Daniel P. Smith
2023-05-12 13:19 ` Thomas Gleixner
2023-05-12 13:19 ` Thomas Gleixner
2023-05-04 14:50 ` [PATCH v6 03/14] x86: Secure Launch Kconfig Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 04/14] x86: Secure Launch Resource Table header file Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 16:22 ` Simon Horman
2023-05-05 16:22 ` Simon Horman
2023-05-05 17:34 ` Ross Philipson
2023-05-05 17:34 ` Ross Philipson
2023-05-10 23:04 ` Jarkko Sakkinen
2023-05-10 23:04 ` Jarkko Sakkinen
2023-05-15 20:58 ` Daniel P. Smith
2023-05-15 20:58 ` Daniel P. Smith
2023-05-12 10:55 ` Matthew Garrett
2023-05-12 10:55 ` Matthew Garrett
2023-05-15 21:15 ` Daniel P. Smith
2023-05-15 21:15 ` Daniel P. Smith
2023-05-15 21:22 ` Matthew Garrett
2023-05-15 21:22 ` Matthew Garrett
2023-05-16 0:41 ` Daniel P. Smith
2023-05-16 0:41 ` Daniel P. Smith
2023-05-16 1:43 ` Matthew Garrett
2023-05-16 1:43 ` Matthew Garrett
2023-06-16 20:01 ` Daniel P. Smith
2023-06-16 20:01 ` Daniel P. Smith
2023-06-16 20:15 ` Matthew Garrett
2023-06-16 20:15 ` Matthew Garrett
2023-07-07 19:31 ` Daniel P. Smith
2023-07-07 19:31 ` Daniel P. Smith
2023-05-04 14:50 ` [PATCH v6 05/14] x86: Secure Launch main " Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 16:25 ` Simon Horman
2023-05-05 16:25 ` Simon Horman
2023-05-05 17:37 ` Ross Philipson
2023-05-05 17:37 ` Ross Philipson
2023-05-12 11:00 ` Matthew Garrett
2023-05-12 11:00 ` Matthew Garrett
2023-05-12 16:10 ` Ross Philipson
2023-05-12 16:10 ` Ross Philipson
2023-10-31 21:37 ` ross.philipson
2023-10-31 21:37 ` ross.philipson
2023-05-04 14:50 ` [PATCH v6 06/14] x86: Add early SHA support for Secure Launch early measurements Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 16:34 ` Simon Horman
2023-05-05 16:34 ` Simon Horman
2023-05-09 16:09 ` Daniel P. Smith
2023-05-09 16:09 ` Daniel P. Smith
2023-05-10 1:21 ` Eric Biggers
2023-05-10 1:21 ` Eric Biggers
2023-05-10 22:28 ` Jarkko Sakkinen
2023-05-10 22:28 ` Jarkko Sakkinen
2023-05-12 11:04 ` Matthew Garrett
2023-05-12 11:04 ` Matthew Garrett
2023-05-12 11:18 ` Ard Biesheuvel
2023-05-12 11:18 ` Ard Biesheuvel
2023-05-12 11:28 ` Matthew Garrett
2023-05-12 11:28 ` Matthew Garrett
2023-05-12 11:58 ` Ard Biesheuvel
2023-05-12 11:58 ` Ard Biesheuvel
2023-05-12 12:24 ` Andrew Cooper
2023-05-12 12:24 ` Andrew Cooper
2023-05-14 18:18 ` Eric Biggers
2023-05-14 18:18 ` Eric Biggers
2023-05-14 19:11 ` Matthew Garrett
2023-05-14 19:11 ` Matthew Garrett
2023-05-12 13:24 ` Thomas Gleixner
2023-05-12 13:24 ` Thomas Gleixner
2023-05-12 16:13 ` Matthew Garrett
2023-05-12 16:13 ` Matthew Garrett
2023-05-12 18:17 ` Thomas Gleixner
2023-05-12 18:17 ` Thomas Gleixner
2023-05-12 19:12 ` Matthew Garrett
2023-05-12 19:12 ` Matthew Garrett
2023-05-12 19:42 ` Andrew Cooper [this message]
2023-05-12 19:42 ` Andrew Cooper
2023-05-15 21:23 ` Daniel P. Smith
2023-05-15 21:23 ` Daniel P. Smith
2023-05-11 3:33 ` Herbert Xu
2023-05-11 3:33 ` Herbert Xu
2023-05-16 0:50 ` Daniel P. Smith
2023-05-16 0:50 ` Daniel P. Smith
2023-05-04 14:50 ` [PATCH v6 07/14] x86: Secure Launch kernel early boot stub Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 17:47 ` Simon Horman
2023-05-05 17:47 ` Simon Horman
2023-05-05 18:58 ` Ross Philipson
2023-05-05 18:58 ` Ross Philipson
2023-05-05 19:46 ` Simon Horman
2023-05-05 19:46 ` Simon Horman
2023-05-12 11:26 ` Matthew Garrett
2023-05-12 11:26 ` Matthew Garrett
2023-05-12 16:17 ` Ross Philipson
2023-05-12 16:17 ` Ross Philipson
2023-05-12 16:27 ` Matthew Garrett
2023-05-12 16:27 ` Matthew Garrett
2023-05-16 1:11 ` Daniel P. Smith
2023-05-16 1:11 ` Daniel P. Smith
2023-05-16 1:45 ` Matthew Garrett
2023-05-16 1:45 ` Matthew Garrett
2023-06-15 18:00 ` Ross Philipson
2023-06-15 18:00 ` Ross Philipson
2023-05-12 18:04 ` Thomas Gleixner
2023-05-12 18:04 ` Thomas Gleixner
2023-05-15 20:13 ` Ross Philipson
2023-05-15 20:13 ` Ross Philipson
2023-09-20 21:40 ` ross.philipson
2023-09-20 21:40 ` ross.philipson
2023-05-04 14:50 ` [PATCH v6 08/14] x86: Secure Launch kernel late " Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 17:52 ` Simon Horman
2023-05-05 17:52 ` Simon Horman
2023-05-05 18:59 ` Ross Philipson
2023-05-05 18:59 ` Ross Philipson
2023-05-10 23:02 ` Jarkko Sakkinen
2023-05-10 23:02 ` Jarkko Sakkinen
2023-05-12 15:58 ` Ross Philipson
2023-05-12 15:58 ` Ross Philipson
2023-05-24 2:55 ` Jarkko Sakkinen
2023-05-24 2:55 ` Jarkko Sakkinen
2023-05-12 15:44 ` Thomas Gleixner
2023-05-12 15:44 ` Thomas Gleixner
2023-05-15 20:06 ` Ross Philipson
2023-05-15 20:06 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 09/14] x86: Secure Launch SMP bringup support Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 17:54 ` Simon Horman
2023-05-05 17:54 ` Simon Horman
2023-05-05 18:59 ` Ross Philipson
2023-05-05 18:59 ` Ross Philipson
2023-05-10 22:55 ` Jarkko Sakkinen
2023-05-10 22:55 ` Jarkko Sakkinen
2023-05-11 16:21 ` Ross Philipson
2023-05-11 16:21 ` Ross Philipson
2023-05-12 18:02 ` Thomas Gleixner
2023-05-12 18:02 ` Thomas Gleixner
2023-05-15 20:19 ` Ross Philipson
2023-05-15 20:19 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 10/14] kexec: Secure Launch kexec SEXIT support Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 11/14] reboot: Secure Launch SEXIT support on reboot paths Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-12 11:40 ` Matthew Garrett
2023-05-12 11:40 ` Matthew Garrett
2023-05-15 18:16 ` Ross Philipson
2023-05-15 18:16 ` Ross Philipson
2023-05-16 1:23 ` Daniel P. Smith
2023-05-16 1:23 ` Daniel P. Smith
2023-05-04 14:50 ` [PATCH v6 12/14] x86: Secure Launch late initcall platform module Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 19:42 ` Simon Horman
2023-05-05 19:42 ` Simon Horman
2023-05-08 15:07 ` Ross Philipson
2023-05-08 15:07 ` Ross Philipson
2023-05-10 22:39 ` Jarkko Sakkinen
2023-05-10 22:39 ` Jarkko Sakkinen
2023-05-12 15:53 ` Ross Philipson
2023-05-12 15:53 ` Ross Philipson
2023-05-10 22:40 ` Jarkko Sakkinen
2023-05-10 22:40 ` Jarkko Sakkinen
2023-05-12 15:54 ` Ross Philipson
2023-05-12 15:54 ` Ross Philipson
2023-05-04 14:50 ` [PATCH v6 13/14] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-12 11:43 ` Matthew Garrett
2023-05-12 11:43 ` Matthew Garrett
2023-05-12 16:22 ` Ross Philipson
2023-05-12 16:22 ` Ross Philipson
2023-05-16 1:37 ` Daniel P. Smith
2023-05-16 1:37 ` Daniel P. Smith
2023-05-04 14:50 ` [PATCH v6 14/14] x86: EFI stub DRTM launch support " Ross Philipson
2023-05-04 14:50 ` Ross Philipson
2023-05-05 8:39 ` [PATCH v6 00/14] x86: Trenchboot secure dynamic launch Linux kernel support Bagas Sanjaya
2023-05-05 8:39 ` Bagas Sanjaya
2023-05-05 15:45 ` Ross Philipson
2023-05-05 15:45 ` Ross Philipson
2023-05-06 7:56 ` Bagas Sanjaya
2023-05-06 7:56 ` Bagas Sanjaya
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4a8f15b7-2897-e7f5-fe7e-fded3a4130c6@gmail.com \
--to=andyhhp@gmail.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=bp@alien8.de \
--cc=dpsmith@apertussolutions.com \
--cc=ebiggers@kernel.org \
--cc=hpa@zytor.com \
--cc=iommu@lists.linux-foundation.org \
--cc=kanth.ghatraju@oracle.com \
--cc=kexec@lists.infradead.org \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-efi@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=mingo@redhat.com \
--cc=mjg59@srcf.ucam.org \
--cc=nivedita@alum.mit.edu \
--cc=richard@hughsie.com \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.