All of lore.kernel.org
 help / color / mirror / Atom feed
From: Eric Biggers <ebiggers@kernel.org>
To: Evan Green <evgreen@chromium.org>
Cc: linux-kernel@vger.kernel.org, corbet@lwn.net,
	linux-integrity@vger.kernel.org, gwendal@chromium.org,
	dianders@chromium.org, apronin@chromium.org,
	Pavel Machek <pavel@ucw.cz>, Ben Boeckel <me@benboeckel.net>,
	rjw@rjwysocki.net, jejb@linux.ibm.com,
	Kees Cook <keescook@chromium.org>,
	dlunev@google.com, zohar@linux.ibm.com,
	Matthew Garrett <mgarrett@aurora.tech>,
	jarkko@kernel.org, linux-pm@vger.kernel.org,
	Matthew Garrett <mjg59@google.com>,
	Jason Gunthorpe <jgg@ziepe.ca>, Peter Huewe <peterhuewe@gmx.de>
Subject: Re: [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use
Date: Sun, 13 Nov 2022 12:46:40 -0800	[thread overview]
Message-ID: <Y3FXsPbBeZjAKv1/@sol.localdomain> (raw)
In-Reply-To: <20221111151451.v5.3.I9ded8c8caad27403e9284dfc78ad6cbd845bc98d@changeid>

On Fri, Nov 11, 2022 at 03:16:28PM -0800, Evan Green wrote:
> Introduce a new Kconfig, TCG_TPM_RESTRICT_PCR, which if enabled

TCG_TPM_RESTRICT_PCR => TCG_TPM2_RESTRICT_PCR

> For systems with TPM1 devices, having this Kconfig enabled completely
> restricts usermode's access to the TPM.

This doesn't appear to actually be the case.

> +config TCG_TPM2_RESTRICT_PCR
> +	bool "Restrict userland access to PCR 23 on TPM2 devices"
> +	depends on TCG_TPM

I assume you also considered making this a once-settable sysctl, or similar?
I guess this kconfig is fine for now, but IMO it does violate the concept of
"kernel provides mechanism, not policy".

> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 303ce2ea02a4b0..3bc5546fddc792 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -778,3 +778,25 @@ int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
>  
>  	return -1;
>  }
> +
> +#ifdef CONFIG_TCG_TPM2_RESTRICT_PCR
> +int tpm2_cmd_restricted(struct tpm_chip *chip, u8 *buffer, size_t size)
> +{
> +	int cc = tpm2_find_and_validate_cc(chip, NULL, buffer, size);
> +	__be32 *handle;
> +
> +	switch (cc) {
> +	case TPM2_CC_PCR_EXTEND:
> +	case TPM2_CC_PCR_RESET:
> +		if (size < (TPM_HEADER_SIZE + sizeof(u32)))
> +			return -EINVAL;
> +
> +		handle = (__be32 *)&buffer[TPM_HEADER_SIZE];
> +		if (be32_to_cpu(*handle) == TPM_RESTRICTED_PCR)
> +			return -EPERM;

get_unaligned_be32((__be32 *)&buffer[TPM_HEADER_SIZE]),
to avoid an unaligned memory access.

> +		break;
> +	}
> +
> +	return 0;

So, if tpm2_find_and_validate_cc() returns an error code, the command is *not*
restricted, even if it uses one of the forbidden command codes.  Are you sure
there are no loopholes here?

- Eric

  reply	other threads:[~2022-11-13 20:46 UTC|newest]

Thread overview: 61+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-11-11 23:16 [PATCH v5 00/11] Encrypted Hibernation Evan Green
2022-11-11 23:16 ` [PATCH v5 01/11] tpm: Add support for in-kernel resetting of PCRs Evan Green
2022-11-13 20:31   ` Eric Biggers
2022-11-27 16:06   ` Jarkko Sakkinen
2022-11-27 16:07     ` Jarkko Sakkinen
2022-11-11 23:16 ` [PATCH v5 02/11] tpm: Export and rename tpm2_find_and_validate_cc() Evan Green
2022-11-11 23:16 ` [PATCH v5 03/11] tpm: Allow PCR 23 to be restricted to kernel-only use Evan Green
2022-11-13 20:46   ` Eric Biggers [this message]
2022-11-14 17:11   ` James Bottomley
2022-11-27 16:33     ` Jarkko Sakkinen
2022-11-27 16:41       ` James Bottomley
2022-11-30 20:22         ` Dr. Greg
2022-11-30 21:34           ` Casey Schaufler
2022-12-02  1:10             ` Dr. Greg
2023-01-03 20:42     ` Matthew Garrett
2023-01-03 21:04       ` William Roberts
2023-01-03 21:10         ` Matthew Garrett
2023-01-14 14:55           ` James Bottomley
2023-01-14 15:11             ` William Roberts
2023-01-15  3:05             ` Matthew Garrett
2023-01-15 14:41               ` William Roberts
2023-01-17 21:26               ` James Bottomley
2023-01-21  3:29             ` Jarkko Sakkinen
2023-01-23 17:48               ` William Roberts
2023-01-24 11:51                 ` Dr. Greg
2023-01-24 12:38                 ` James Bottomley
2023-01-24 15:05                   ` William Roberts
2023-01-26 17:21                   ` Jarkko Sakkinen
2023-01-26 17:32                     ` William Roberts
2023-01-26 21:30                       ` Jarkko Sakkinen
2023-01-26 22:01                         ` William Roberts
2023-02-07 23:20                           ` Jarkko Sakkinen
2023-01-26 17:07                 ` Jarkko Sakkinen
2023-01-26 17:12                   ` Jarkko Sakkinen
2023-01-26 17:20                     ` William Roberts
2023-01-10 16:07       ` William Roberts
2022-11-27 16:29   ` Jarkko Sakkinen
2022-11-11 23:16 ` [PATCH v5 04/11] security: keys: trusted: Include TPM2 creation data Evan Green
2022-11-13 21:20   ` Eric Biggers
2022-11-14  3:32     ` James Bottomley
2022-11-14 16:32       ` Evan Green
2022-11-14 16:56         ` James Bottomley
2022-11-14 17:43           ` Evan Green
2022-11-14 18:00             ` James Bottomley
2022-12-02 21:03               ` James Bottomley
2022-12-05 18:43                 ` Evan Green
2022-11-11 23:16 ` [PATCH v5 05/11] security: keys: trusted: Allow storage of PCR values in " Evan Green
2022-11-13 22:01   ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 06/11] security: keys: trusted: Verify " Evan Green
2022-11-13 22:13   ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 07/11] PM: hibernate: Add kernel-based encryption Evan Green
2022-11-13 22:55   ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 08/11] PM: hibernate: Use TPM-backed keys to encrypt image Evan Green
2022-11-13 23:33   ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 09/11] PM: hibernate: Mix user key in encrypted hibernate Evan Green
2022-11-13 23:44   ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 10/11] PM: hibernate: Verify the digest encryption key Evan Green
2022-11-13 23:47   ` Eric Biggers
2022-11-11 23:16 ` [PATCH v5 11/11] PM: hibernate: seal the encryption key with a PCR policy Evan Green
2022-11-13 23:51   ` Eric Biggers
2022-12-07 23:54 ` [PATCH v5 00/11] Encrypted Hibernation Evan Green

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=Y3FXsPbBeZjAKv1/@sol.localdomain \
    --to=ebiggers@kernel.org \
    --cc=apronin@chromium.org \
    --cc=corbet@lwn.net \
    --cc=dianders@chromium.org \
    --cc=dlunev@google.com \
    --cc=evgreen@chromium.org \
    --cc=gwendal@chromium.org \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jgg@ziepe.ca \
    --cc=keescook@chromium.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-pm@vger.kernel.org \
    --cc=me@benboeckel.net \
    --cc=mgarrett@aurora.tech \
    --cc=mjg59@google.com \
    --cc=pavel@ucw.cz \
    --cc=peterhuewe@gmx.de \
    --cc=rjw@rjwysocki.net \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.