All of lore.kernel.org
 help / color / mirror / Atom feed
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Mimi Zohar <zohar@linux.ibm.com>
Cc: "Ahmad Fatoum" <a.fatoum@pengutronix.de>,
	"James Bottomley" <jejb@linux.ibm.com>,
	"Jarkko Sakkinen" <jarkko@kernel.org>,
	"David Howells" <dhowells@redhat.com>,
	kernel@pengutronix.de, "Sumit Garg" <sumit.garg@linaro.org>,
	"Pankaj Gupta" <pankaj.gupta@nxp.com>,
	"David Gstir" <david@sigma-star.at>,
	"Michael Walle" <michael@walle.cc>,
	"John Ernberg" <john.ernberg@actia.se>,
	"James Morris" <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	"Horia Geantă" <horia.geanta@nxp.com>,
	"Herbert Xu" <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"Jan Luebbe" <j.luebbe@pengutronix.de>,
	"Eric Biggers" <ebiggers@kernel.org>,
	"Richard Weinberger" <richard@nod.at>,
	"Franck LENORMAND" <franck.lenormand@nxp.com>,
	"Matthias Schiffer" <matthias.schiffer@ew.tq-group.com>,
	keyrings@vger.kernel.org, linux-crypto@vger.kernel.org,
	linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	"Pascal Van Leeuwen" <pvanleeuwen@verimatrix.com>
Subject: Re: [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material
Date: Tue, 17 May 2022 20:30:32 +0200	[thread overview]
Message-ID: <YoPpyDjn61AFqcZp@zx2c4.com> (raw)
In-Reply-To: <4fe5564e860eb3093a88528ba1d30364d57723e0.camel@linux.ibm.com>

Hi Mimi,

On Tue, May 17, 2022 at 02:21:08PM -0400, Mimi Zohar wrote:
> On Tue, 2022-05-17 at 19:38 +0200, Jason A. Donenfeld wrote:
> > On Tue, May 17, 2022 at 11:52:55AM -0400, Mimi Zohar wrote:
> > > On Fri, 2022-05-13 at 16:57 +0200, Ahmad Fatoum wrote:
> > > >  static int __init init_trusted(void)
> > > >  {
> > > > +       int (*get_random)(unsigned char *key, size_t key_len);
> > > >         int i, ret = 0;
> > > >  
> > > >         for (i = 0; i < ARRAY_SIZE(trusted_key_sources); i++) {
> > > > @@ -322,6 +333,28 @@ static int __init init_trusted(void)
> > > >                             strlen(trusted_key_sources[i].name)))
> > > >                         continue;
> > > >  
> > > > +               /*
> > > > +                * We always support trusted.rng="kernel" and "default" as
> > > > +                * well as trusted.rng=$trusted.source if the trust source
> > > > +                * defines its own get_random callback.
> > > > +                */
> > >  
> > > While TEE trusted keys support was upstreamed, there was a lot of
> > > discussion about using kernel RNG.  One of the concerns was lack of or
> > > insuffiencent entropy during early boot on embedded devices.  This
> > > concern needs to be clearly documented in both Documentation/admin-
> > > guide/kernel-parameters.txt and Documentation/security/keys/trusted-
> > > encrypted.rst.
> > 
> > Sounds like FUD. Use `get_random_bytes_wait()`, and you'll be fine.
> 
> As per the original discussion, there's also certification requirements
> [1].

As per countless conversations on this mailing list -- which I really
really really hope you will not attempt to drown me in again -- I'm not
too keen on the certification requirements. Let's just leave that
conversation there.

There *is* a cryptographic design reason why you might want certain keys
generated on a TPM rather than in the kernel though: so that the keys
can be marked as unexportable and never leave the hardware. In that case
-- I assume -- the kernel just operates on a handle to the key, rather
than possessing the key material itself. And this is probably a good
thing. (On the other hand, people who think the TPM might be backdoored
may prefer the kernel's open source RNG, which in theory is in a
position to aggregate entropy from many sources, so that one being
backdoored isn't a problem. So maybe that's the purpose of having this
switch?)

So to the extent that this driver (I haven't looked deeply at it) is
doing the thing where a TPM generates the key and just returns a
handle to it, that sounds good. But if actually you're implementing some
wrapper around a hardware rng, it'd be convenient if there was instead a
hw_random driver for this, so it can be one of the many sources that the
kernel rng aggregates.

Apologies in advance if I've missed the mark here; I'm not very familiar
with this thread or what it's driving at. If the simple question was
just "is get_random_bytes_wait() good to use?" the answer is just "yes"
and I can disappear and stop confusing things. :)

Jason

  reply	other threads:[~2022-05-17 18:30 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-05-13 14:56 [PATCH v10 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-05-13 14:56 ` [PATCH v10 1/7] KEYS: trusted: allow use of TEE as backend without TCG_TPM support Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 2/7] KEYS: trusted: allow use of kernel RNG for key material Ahmad Fatoum
2022-05-17 15:52   ` Mimi Zohar
2022-05-17 16:25     ` Ahmad Fatoum
2022-05-17 17:40       ` Jason A. Donenfeld
2022-05-17 17:38     ` Jason A. Donenfeld
2022-05-17 18:21       ` Mimi Zohar
2022-05-17 18:30         ` Jason A. Donenfeld [this message]
2022-05-17 19:49           ` Mimi Zohar
2022-05-18  4:31             ` Ahmad Fatoum
2022-05-17 17:27   ` Jason A. Donenfeld
2022-05-17 17:52     ` Ahmad Fatoum
2022-05-17 18:00       ` Jason A. Donenfeld
2022-05-17 18:27         ` Ahmad Fatoum
2022-05-17 18:10     ` Jarkko Sakkinen
2022-05-17 18:20       ` Ahmad Fatoum
2022-05-17 18:20       ` Jason A. Donenfeld
2022-05-13 14:57 ` [PATCH v10 3/7] crypto: caam - determine whether CAAM supports blob encap/decap Ahmad Fatoum
2022-05-17 10:03   ` [EXT] " Pankaj Gupta
2022-05-13 14:57 ` [PATCH v10 4/7] crypto: caam - add in-kernel interface for blob generator Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 5/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 6/7] doc: trusted-encrypted: describe new CAAM trust source Ahmad Fatoum
2022-05-13 14:57 ` [PATCH v10 7/7] MAINTAINERS: add KEYS-TRUSTED-CAAM Ahmad Fatoum
2022-05-16 18:36 ` [PATCH v10 0/7] KEYS: trusted: Introduce support for NXP CAAM-based trusted keys Jarkko Sakkinen
2022-05-17 12:44   ` Ahmad Fatoum
2022-05-18  1:08     ` Jarkko Sakkinen
2022-05-18  4:36       ` Ahmad Fatoum
2022-05-18 14:58         ` Jarkko Sakkinen
2022-05-19 23:41           ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=YoPpyDjn61AFqcZp@zx2c4.com \
    --to=jason@zx2c4.com \
    --cc=a.fatoum@pengutronix.de \
    --cc=davem@davemloft.net \
    --cc=david@sigma-star.at \
    --cc=dhowells@redhat.com \
    --cc=ebiggers@kernel.org \
    --cc=franck.lenormand@nxp.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=horia.geanta@nxp.com \
    --cc=j.luebbe@pengutronix.de \
    --cc=jarkko@kernel.org \
    --cc=jejb@linux.ibm.com \
    --cc=jmorris@namei.org \
    --cc=john.ernberg@actia.se \
    --cc=kernel@pengutronix.de \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=matthias.schiffer@ew.tq-group.com \
    --cc=michael@walle.cc \
    --cc=pankaj.gupta@nxp.com \
    --cc=pvanleeuwen@verimatrix.com \
    --cc=richard@nod.at \
    --cc=serge@hallyn.com \
    --cc=sumit.garg@linaro.org \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.