From: "David R. Bild" <david.bild@xaptum.com>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
philip.b.tricca@intel.com, Jason Gunthorpe <jgg@ziepe.ca>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Peter Huewe <peterhuewe@gmx.de>,
linux-usb@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: [v3,2/2] usb: misc: xapea00x: perform platform initialization of TPM
Date: Thu, 10 May 2018 09:25:03 -0500 [thread overview]
Message-ID: <CAAi9uDsLmW3K=1UYsmJKOc6hsXqcJXFHyO_scMan5u8d94D9=Q@mail.gmail.com> (raw)
On Tue, May 8, 2018 at 10:36 AM, James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
>
> On Tue, 2018-05-08 at 10:29 -0500, David R. Bild wrote:
> > On Tue, May 8, 2018 at 10:25 AM, James Bottomley
> > <James.Bottomley@hansenpartnership.com> wrote:
> > >
> > > I don't see any reason to set an unreachable password for the
> > > platform
> > > hierarchy if the UEFI didn't. If the desire is to disable the
> > > platform
> > > hierarchy, then it should be disabled, not have a random password
> > > set.
> >
> > "Set random password and throw away the key" was my way of disabling
> > the platform hierarchy. Is there a better way of doing that?
>
> Well, yes, use TPM2_HierarchyControl to set phEnable to CLEAR.
I'm not sure that will work for us. Let me give a little more detail
about this card.
The TPM holds access credentials for connecting to the Xaptum network.
This approach enables secure, zero-touch provisioning for IoT devices:
Xaptum pre-provisions the TPMs *before* they are assembled onto a
device PCB. The device is shipped directly from factory to end
customer. The first time it turns on, the TPM is used to authenticate
the Xaptum network. Using a TPM protects the credentials from being
copied or duplicated by someone in the manufacturing chain.
These cards are designed for existing devices, like IoT gateways. You
can't add a TPM to an existing PCB, but you can plug in a mini PCI-e
card.
We provision the credentials (the DAA secret key, specifically) under
the platform hierarchy. The key can be used without platform
authorization, but not removed. If we disable the platform hierarchy
entirely, I think the credentials will no longer be available for use.
> > > I'd also say this is probably the job of early boot based on
> > > policy.
> >
> > Agreed. And since this card has no "early boot", the driver/kernel
> > need to do it.
>
> Early boot means userspace. for a hot pluggable device, this would
> probably be something in udev if you follow the no-daemon model and the
> daemon could do it if you do follow the daemon model.
Could you expand on the udev approach? I might not understand enough
about udev (or the coming TPM resource manager changes) to follow the
suggestion.
This seems unsafe to me. There's a race between a malicious userspace
program and the daemon to set the platform authorization. If the
malicious program wins, it can reset the TPM, removing the
credentials, and the device won't be able to connect to the Xaptum
network. (This is a liveness concern, not safety. A denial-of-service
attack, essentially.)
Best,
David
---
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "David R. Bild" <david.bild@xaptum.com>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
philip.b.tricca@intel.com, Jason Gunthorpe <jgg@ziepe.ca>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Peter Huewe <peterhuewe@gmx.de>,
linux-usb@vger.kernel.org, linux-integrity@vger.kernel.org
Subject: Re: [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM
Date: Thu, 10 May 2018 09:25:03 -0500 [thread overview]
Message-ID: <CAAi9uDsLmW3K=1UYsmJKOc6hsXqcJXFHyO_scMan5u8d94D9=Q@mail.gmail.com> (raw)
In-Reply-To: <1525793785.3672.12.camel@HansenPartnership.com>
On Tue, May 8, 2018 at 10:36 AM, James Bottomley
<James.Bottomley@hansenpartnership.com> wrote:
>
> On Tue, 2018-05-08 at 10:29 -0500, David R. Bild wrote:
> > On Tue, May 8, 2018 at 10:25 AM, James Bottomley
> > <James.Bottomley@hansenpartnership.com> wrote:
> > >
> > > I don't see any reason to set an unreachable password for the
> > > platform
> > > hierarchy if the UEFI didn't. If the desire is to disable the
> > > platform
> > > hierarchy, then it should be disabled, not have a random password
> > > set.
> >
> > "Set random password and throw away the key" was my way of disabling
> > the platform hierarchy. Is there a better way of doing that?
>
> Well, yes, use TPM2_HierarchyControl to set phEnable to CLEAR.
I'm not sure that will work for us. Let me give a little more detail
about this card.
The TPM holds access credentials for connecting to the Xaptum network.
This approach enables secure, zero-touch provisioning for IoT devices:
Xaptum pre-provisions the TPMs *before* they are assembled onto a
device PCB. The device is shipped directly from factory to end
customer. The first time it turns on, the TPM is used to authenticate
the Xaptum network. Using a TPM protects the credentials from being
copied or duplicated by someone in the manufacturing chain.
These cards are designed for existing devices, like IoT gateways. You
can't add a TPM to an existing PCB, but you can plug in a mini PCI-e
card.
We provision the credentials (the DAA secret key, specifically) under
the platform hierarchy. The key can be used without platform
authorization, but not removed. If we disable the platform hierarchy
entirely, I think the credentials will no longer be available for use.
> > > I'd also say this is probably the job of early boot based on
> > > policy.
> >
> > Agreed. And since this card has no "early boot", the driver/kernel
> > need to do it.
>
> Early boot means userspace. for a hot pluggable device, this would
> probably be something in udev if you follow the no-daemon model and the
> daemon could do it if you do follow the daemon model.
Could you expand on the udev approach? I might not understand enough
about udev (or the coming TPM resource manager changes) to follow the
suggestion.
This seems unsafe to me. There's a race between a malicious userspace
program and the daemon to set the platform authorization. If the
malicious program wins, it can reset the TPM, removing the
credentials, and the device won't be able to connect to the Xaptum
network. (This is a liveness concern, not safety. A denial-of-service
attack, essentially.)
Best,
David
next reply other threads:[~2018-05-10 14:25 UTC|newest]
Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-10 14:25 David R. Bild [this message]
2018-05-10 14:25 ` [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM David R. Bild
-- strict thread matches above, loose matches on Subject: below --
2018-05-25 20:31 [v3,2/2] " Ken Goldman
2018-05-25 20:31 ` [PATCH v3 2/2] " Ken Goldman
2018-05-25 20:23 [v3,2/2] " Ken Goldman
2018-05-25 20:23 ` [PATCH v3 2/2] " Ken Goldman
2018-05-14 20:12 [v3,2/2] " David R. Bild
2018-05-14 20:12 ` [PATCH v3 2/2] " David R. Bild
2018-05-14 20:08 [v3,2/2] " Jason Gunthorpe
2018-05-14 20:08 ` [PATCH v3 2/2] " Jason Gunthorpe
2018-05-14 19:59 [v3,2/2] " David R. Bild
2018-05-14 19:59 ` [PATCH v3 2/2] " David R. Bild
2018-05-14 19:31 [v3,2/2] " Jason Gunthorpe
2018-05-14 19:31 ` [PATCH v3 2/2] " Jason Gunthorpe
2018-05-13 8:51 [v3,2/2] " Jarkko Sakkinen
2018-05-13 8:51 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-13 8:46 [v3,2/2] " Jarkko Sakkinen
2018-05-13 8:46 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-10 15:17 [v3,2/2] " David R. Bild
2018-05-10 15:17 ` [PATCH v3 2/2] " David R. Bild
2018-05-10 14:47 [v3,2/2] " James Bottomley
2018-05-10 14:47 ` [PATCH v3 2/2] " James Bottomley
2018-05-10 14:41 [v3,2/2] " David R. Bild
2018-05-10 14:41 ` [PATCH v3 2/2] " David R. Bild
2018-05-10 14:31 [v3,2/2] " David R. Bild
2018-05-10 14:31 ` [PATCH v3 2/2] " David R. Bild
2018-05-10 14:29 [v3,2/2] " David R. Bild
2018-05-10 14:29 ` [PATCH v3 2/2] " David R. Bild
2018-05-10 14:09 [v3,2/2] " David R. Bild
2018-05-10 14:09 ` [PATCH v3 2/2] " David R. Bild
2018-05-10 1:59 [v3,2/2] " Jarkko Sakkinen
2018-05-10 1:59 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-10 1:44 [v3,2/2] " Jarkko Sakkinen
2018-05-10 1:44 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-10 1:42 [v3,2/2] " Jarkko Sakkinen
2018-05-10 1:42 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-10 1:42 [v3,2/2] " Jarkko Sakkinen
2018-05-10 1:42 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-08 15:36 [v3,2/2] " James Bottomley
2018-05-08 15:36 ` [PATCH v3 2/2] " James Bottomley
2018-05-08 15:29 [v3,2/2] " David R. Bild
2018-05-08 15:29 ` [PATCH v3 2/2] " David R. Bild
2018-05-08 15:25 [v3,2/2] " James Bottomley
2018-05-08 15:25 ` [PATCH v3 2/2] " James Bottomley
2018-05-08 10:55 [v3,2/2] " Jarkko Sakkinen
2018-05-08 10:55 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-08 10:47 [v3,2/2] " Jarkko Sakkinen
2018-05-08 10:47 ` [PATCH v3 2/2] " Jarkko Sakkinen
2018-05-08 9:09 [v3,1/2] usb: misc: xapea00x: add driver for Xaptum ENF Access Card Oliver Neukum
2018-05-08 9:09 ` [PATCH v3 1/2] " Oliver Neukum
2018-05-07 14:12 EXTERNAL: [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM Jeremy Boone
2018-05-07 14:12 ` Jeremy Boone
2018-05-07 13:31 [v3,1/2] usb: misc: xapea00x: add driver for Xaptum ENF Access Card David R. Bild
2018-05-07 13:31 ` [PATCH v3 1/2] " David R. Bild
2018-05-07 9:58 [v3,1/2] " Oliver Neukum
2018-05-07 9:58 ` [PATCH v3 1/2] " Oliver Neukum
2018-05-06 15:02 [v3,2/2] usb: misc: xapea00x: perform platform initialization of TPM Jason Gunthorpe
2018-05-06 15:02 ` [PATCH v3 2/2] " Jason Gunthorpe
2018-05-04 20:19 [v3,2/2] " David R. Bild
2018-05-04 20:19 ` [PATCH v3 2/2] " David R. Bild
2018-05-04 19:56 [v3,2/2] " David R. Bild
2018-05-04 19:56 ` [PATCH v3 2/2] " David R. Bild
2018-05-04 19:06 [v3,2/2] " Jason Gunthorpe
2018-05-04 19:06 ` [PATCH v3 2/2] " Jason Gunthorpe
2018-05-04 13:00 [v3,2/2] " David R. Bild
2018-05-04 13:00 ` [PATCH v3 2/2] " David R. Bild
2018-05-04 13:00 [v3,1/2] usb: misc: xapea00x: add driver for Xaptum ENF Access Card David R. Bild
2018-05-04 13:00 ` [PATCH v3 1/2] " David R. Bild
[not found] <20180430125418.31344-1-david.bild@xaptum.com>
2018-05-04 13:00 ` [PATCH v3 0/2] Add driver for Xaptum ENF Access card (XAP-EA-00x) David R. Bild
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAAi9uDsLmW3K=1UYsmJKOc6hsXqcJXFHyO_scMan5u8d94D9=Q@mail.gmail.com' \
--to=david.bild@xaptum.com \
--cc=James.Bottomley@hansenpartnership.com \
--cc=gregkh@linuxfoundation.org \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=philip.b.tricca@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.