From: "David R. Bild" <david.bild@xaptum.com> To: James Bottomley <James.Bottomley@hansenpartnership.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, philip.b.tricca@intel.com, Jason Gunthorpe <jgg@ziepe.ca>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Peter Huewe <peterhuewe@gmx.de>, linux-usb@vger.kernel.org, linux-integrity@vger.kernel.org Subject: [v3,2/2] usb: misc: xapea00x: perform platform initialization of TPM Date: Thu, 10 May 2018 09:25:03 -0500 [thread overview] Message-ID: <CAAi9uDsLmW3K=1UYsmJKOc6hsXqcJXFHyO_scMan5u8d94D9=Q@mail.gmail.com> (raw) On Tue, May 8, 2018 at 10:36 AM, James Bottomley <James.Bottomley@hansenpartnership.com> wrote: > > On Tue, 2018-05-08 at 10:29 -0500, David R. Bild wrote: > > On Tue, May 8, 2018 at 10:25 AM, James Bottomley > > <James.Bottomley@hansenpartnership.com> wrote: > > > > > > I don't see any reason to set an unreachable password for the > > > platform > > > hierarchy if the UEFI didn't. If the desire is to disable the > > > platform > > > hierarchy, then it should be disabled, not have a random password > > > set. > > > > "Set random password and throw away the key" was my way of disabling > > the platform hierarchy. Is there a better way of doing that? > > Well, yes, use TPM2_HierarchyControl to set phEnable to CLEAR. I'm not sure that will work for us. Let me give a little more detail about this card. The TPM holds access credentials for connecting to the Xaptum network. This approach enables secure, zero-touch provisioning for IoT devices: Xaptum pre-provisions the TPMs *before* they are assembled onto a device PCB. The device is shipped directly from factory to end customer. The first time it turns on, the TPM is used to authenticate the Xaptum network. Using a TPM protects the credentials from being copied or duplicated by someone in the manufacturing chain. These cards are designed for existing devices, like IoT gateways. You can't add a TPM to an existing PCB, but you can plug in a mini PCI-e card. We provision the credentials (the DAA secret key, specifically) under the platform hierarchy. The key can be used without platform authorization, but not removed. If we disable the platform hierarchy entirely, I think the credentials will no longer be available for use. > > > I'd also say this is probably the job of early boot based on > > > policy. > > > > Agreed. And since this card has no "early boot", the driver/kernel > > need to do it. > > Early boot means userspace. for a hot pluggable device, this would > probably be something in udev if you follow the no-daemon model and the > daemon could do it if you do follow the daemon model. Could you expand on the udev approach? I might not understand enough about udev (or the coming TPM resource manager changes) to follow the suggestion. This seems unsafe to me. There's a race between a malicious userspace program and the daemon to set the platform authorization. If the malicious program wins, it can reset the TPM, removing the credentials, and the device won't be able to connect to the Xaptum network. (This is a liveness concern, not safety. A denial-of-service attack, essentially.) Best, David --- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: "David R. Bild" <david.bild@xaptum.com> To: James Bottomley <James.Bottomley@hansenpartnership.com> Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, philip.b.tricca@intel.com, Jason Gunthorpe <jgg@ziepe.ca>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Peter Huewe <peterhuewe@gmx.de>, linux-usb@vger.kernel.org, linux-integrity@vger.kernel.org Subject: Re: [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM Date: Thu, 10 May 2018 09:25:03 -0500 [thread overview] Message-ID: <CAAi9uDsLmW3K=1UYsmJKOc6hsXqcJXFHyO_scMan5u8d94D9=Q@mail.gmail.com> (raw) In-Reply-To: <1525793785.3672.12.camel@HansenPartnership.com> On Tue, May 8, 2018 at 10:36 AM, James Bottomley <James.Bottomley@hansenpartnership.com> wrote: > > On Tue, 2018-05-08 at 10:29 -0500, David R. Bild wrote: > > On Tue, May 8, 2018 at 10:25 AM, James Bottomley > > <James.Bottomley@hansenpartnership.com> wrote: > > > > > > I don't see any reason to set an unreachable password for the > > > platform > > > hierarchy if the UEFI didn't. If the desire is to disable the > > > platform > > > hierarchy, then it should be disabled, not have a random password > > > set. > > > > "Set random password and throw away the key" was my way of disabling > > the platform hierarchy. Is there a better way of doing that? > > Well, yes, use TPM2_HierarchyControl to set phEnable to CLEAR. I'm not sure that will work for us. Let me give a little more detail about this card. The TPM holds access credentials for connecting to the Xaptum network. This approach enables secure, zero-touch provisioning for IoT devices: Xaptum pre-provisions the TPMs *before* they are assembled onto a device PCB. The device is shipped directly from factory to end customer. The first time it turns on, the TPM is used to authenticate the Xaptum network. Using a TPM protects the credentials from being copied or duplicated by someone in the manufacturing chain. These cards are designed for existing devices, like IoT gateways. You can't add a TPM to an existing PCB, but you can plug in a mini PCI-e card. We provision the credentials (the DAA secret key, specifically) under the platform hierarchy. The key can be used without platform authorization, but not removed. If we disable the platform hierarchy entirely, I think the credentials will no longer be available for use. > > > I'd also say this is probably the job of early boot based on > > > policy. > > > > Agreed. And since this card has no "early boot", the driver/kernel > > need to do it. > > Early boot means userspace. for a hot pluggable device, this would > probably be something in udev if you follow the no-daemon model and the > daemon could do it if you do follow the daemon model. Could you expand on the udev approach? I might not understand enough about udev (or the coming TPM resource manager changes) to follow the suggestion. This seems unsafe to me. There's a race between a malicious userspace program and the daemon to set the platform authorization. If the malicious program wins, it can reset the TPM, removing the credentials, and the device won't be able to connect to the Xaptum network. (This is a liveness concern, not safety. A denial-of-service attack, essentially.) Best, David
next reply other threads:[~2018-05-10 14:25 UTC|newest] Thread overview: 69+ messages / expand[flat|nested] mbox.gz Atom feed top 2018-05-10 14:25 David R. Bild [this message] 2018-05-10 14:25 ` [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM David R. Bild -- strict thread matches above, loose matches on Subject: below -- 2018-05-25 20:31 [v3,2/2] " Ken Goldman 2018-05-25 20:31 ` [PATCH v3 2/2] " Ken Goldman 2018-05-25 20:23 [v3,2/2] " Ken Goldman 2018-05-25 20:23 ` [PATCH v3 2/2] " Ken Goldman 2018-05-14 20:12 [v3,2/2] " David R. Bild 2018-05-14 20:12 ` [PATCH v3 2/2] " David R. Bild 2018-05-14 20:08 [v3,2/2] " Jason Gunthorpe 2018-05-14 20:08 ` [PATCH v3 2/2] " Jason Gunthorpe 2018-05-14 19:59 [v3,2/2] " David R. Bild 2018-05-14 19:59 ` [PATCH v3 2/2] " David R. Bild 2018-05-14 19:31 [v3,2/2] " Jason Gunthorpe 2018-05-14 19:31 ` [PATCH v3 2/2] " Jason Gunthorpe 2018-05-13 8:51 [v3,2/2] " Jarkko Sakkinen 2018-05-13 8:51 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-13 8:46 [v3,2/2] " Jarkko Sakkinen 2018-05-13 8:46 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-10 15:17 [v3,2/2] " David R. Bild 2018-05-10 15:17 ` [PATCH v3 2/2] " David R. Bild 2018-05-10 14:47 [v3,2/2] " James Bottomley 2018-05-10 14:47 ` [PATCH v3 2/2] " James Bottomley 2018-05-10 14:41 [v3,2/2] " David R. Bild 2018-05-10 14:41 ` [PATCH v3 2/2] " David R. Bild 2018-05-10 14:31 [v3,2/2] " David R. Bild 2018-05-10 14:31 ` [PATCH v3 2/2] " David R. Bild 2018-05-10 14:29 [v3,2/2] " David R. Bild 2018-05-10 14:29 ` [PATCH v3 2/2] " David R. Bild 2018-05-10 14:09 [v3,2/2] " David R. Bild 2018-05-10 14:09 ` [PATCH v3 2/2] " David R. Bild 2018-05-10 1:59 [v3,2/2] " Jarkko Sakkinen 2018-05-10 1:59 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-10 1:44 [v3,2/2] " Jarkko Sakkinen 2018-05-10 1:44 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-10 1:42 [v3,2/2] " Jarkko Sakkinen 2018-05-10 1:42 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-10 1:42 [v3,2/2] " Jarkko Sakkinen 2018-05-10 1:42 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-08 15:36 [v3,2/2] " James Bottomley 2018-05-08 15:36 ` [PATCH v3 2/2] " James Bottomley 2018-05-08 15:29 [v3,2/2] " David R. Bild 2018-05-08 15:29 ` [PATCH v3 2/2] " David R. Bild 2018-05-08 15:25 [v3,2/2] " James Bottomley 2018-05-08 15:25 ` [PATCH v3 2/2] " James Bottomley 2018-05-08 10:55 [v3,2/2] " Jarkko Sakkinen 2018-05-08 10:55 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-08 10:47 [v3,2/2] " Jarkko Sakkinen 2018-05-08 10:47 ` [PATCH v3 2/2] " Jarkko Sakkinen 2018-05-08 9:09 [v3,1/2] usb: misc: xapea00x: add driver for Xaptum ENF Access Card Oliver Neukum 2018-05-08 9:09 ` [PATCH v3 1/2] " Oliver Neukum 2018-05-07 14:12 EXTERNAL: [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM Jeremy Boone 2018-05-07 14:12 ` Jeremy Boone 2018-05-07 13:31 [v3,1/2] usb: misc: xapea00x: add driver for Xaptum ENF Access Card David R. Bild 2018-05-07 13:31 ` [PATCH v3 1/2] " David R. Bild 2018-05-07 9:58 [v3,1/2] " Oliver Neukum 2018-05-07 9:58 ` [PATCH v3 1/2] " Oliver Neukum 2018-05-06 15:02 [v3,2/2] usb: misc: xapea00x: perform platform initialization of TPM Jason Gunthorpe 2018-05-06 15:02 ` [PATCH v3 2/2] " Jason Gunthorpe 2018-05-04 20:19 [v3,2/2] " David R. Bild 2018-05-04 20:19 ` [PATCH v3 2/2] " David R. Bild 2018-05-04 19:56 [v3,2/2] " David R. Bild 2018-05-04 19:56 ` [PATCH v3 2/2] " David R. Bild 2018-05-04 19:06 [v3,2/2] " Jason Gunthorpe 2018-05-04 19:06 ` [PATCH v3 2/2] " Jason Gunthorpe 2018-05-04 13:00 [v3,2/2] " David R. Bild 2018-05-04 13:00 ` [PATCH v3 2/2] " David R. Bild 2018-05-04 13:00 [v3,1/2] usb: misc: xapea00x: add driver for Xaptum ENF Access Card David R. Bild 2018-05-04 13:00 ` [PATCH v3 1/2] " David R. Bild [not found] <20180430125418.31344-1-david.bild@xaptum.com> 2018-05-04 13:00 ` [PATCH v3 0/2] Add driver for Xaptum ENF Access card (XAP-EA-00x) David R. Bild
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to='CAAi9uDsLmW3K=1UYsmJKOc6hsXqcJXFHyO_scMan5u8d94D9=Q@mail.gmail.com' \ --to=david.bild@xaptum.com \ --cc=James.Bottomley@hansenpartnership.com \ --cc=gregkh@linuxfoundation.org \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=jgg@ziepe.ca \ --cc=linux-integrity@vger.kernel.org \ --cc=linux-usb@vger.kernel.org \ --cc=peterhuewe@gmx.de \ --cc=philip.b.tricca@intel.com \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.