From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: William Roberts <bill.c.roberts@gmail.com>
Cc: linux-integrity@vger.kernel.org,
Jarkko Sakkinen <jarkko@kernel.org>,
keyrings@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH v4 00/13] add integrity and security to TPM2 transactions
Date: Tue, 04 Apr 2023 16:19:40 -0400 [thread overview]
Message-ID: <c025ff772580552ced343d88c608b41cd3e11889.camel@HansenPartnership.com> (raw)
In-Reply-To: <CAFftDdqeaRWvfvZfGwdXYaFcGBNirDV75JsuRR88FSdCrYmKpg@mail.gmail.com>
On Tue, 2023-04-04 at 14:42 -0500, William Roberts wrote:
> On Tue, Apr 4, 2023 at 2:18 PM James Bottomley
> <James.Bottomley@hansenpartnership.com> wrote:
> >
> > On Tue, 2023-04-04 at 13:43 -0500, William Roberts wrote:
> > [...]
> > > > The final part of the puzzle is that the machine owner must
> > > > have a fixed idea of the EK of their TPM and should have
> > > > certified this with the TPM manufacturer. On every boot, the
> > > > certified EK public key should be used to do a make
> > > > credential/activate credential attestation key insertion and
> > > > then the null key certified with the attestation key. We can
> > > > follow a trust on first use model where an OS installation will
> > > > extract and verify a public EK and save it to a read only file.
> > >
> > > Ahh I was wondering how you were going to bootstrap trust using
> > > the NULL hierarchy.
> >
> > Well, actually, I changed my mind on the details of this one: the
> > make credential/activate credential round trip is a huge faff given
> > that there's no privacy issue. I think what we should do is simply
> > store the name of a known signing EK on first install (using the
> > standard P-256 derivation of the EK template but with
> > TPMA_OBJECT_SIGN additionally set). Then you can use the signing
> > EK to certify the NULL key directly and merely check the signing EK
> > name against the stored value to prove everything is correct.
> >
>
> Yeah that model is much simpler. My guess is that on install it would
> persist this "Signing EK" to a specific address that is different
> from the typical EK Address?
Actually, since this is used to prove trust in the TPM, we can't have
the TPM store it; it's going to have to be somewhere in the root
filesystem, like /etc. Ideally it would be in the immutable part of
/etc so it is write once on install.
> Any particular reason for using the Endorsement Hierarchy outside of
> the lifespan of the seed only changing on revocation of the
> Manufacturers Cert? Ie why not Owner Hierarchy?
That's it really: it's the longest lived key of all those the TPM has.
If I'm deriving it once on install and keeping it immutable until
reinstall, I don't want tpm_clear upsetting the apple cart.
James
next prev parent reply other threads:[~2023-04-04 20:19 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-04-03 21:39 [PATCH v4 00/13] add integrity and security to TPM2 transactions James Bottomley
2023-04-03 21:39 ` [PATCH v4 01/13] crypto: lib - implement library version of AES in CFB mode James Bottomley
2023-04-23 3:34 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 02/13] tpm: move buffer handling from static inlines to real functions James Bottomley
2023-04-23 3:36 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 03/13] tpm: add kernel doc to buffer handling functions James Bottomley
2023-04-23 3:40 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 04/13] tpm: add buffer handling for TPM2B types James Bottomley
2023-04-23 4:12 ` Jarkko Sakkinen
2023-05-02 15:43 ` Stefan Berger
2023-05-03 11:29 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 05/13] tpm: add cursor based buffer functions for response parsing James Bottomley
2023-04-23 4:14 ` Jarkko Sakkinen
2023-05-02 13:54 ` Stefan Berger
2023-08-22 11:15 ` Jarkko Sakkinen
2023-08-22 13:51 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 06/13] tpm: add buffer function to point to returned parameters James Bottomley
2023-05-02 14:09 ` Stefan Berger
2023-05-03 11:31 ` Jarkko Sakkinen
2023-06-06 2:09 ` James Bottomley
2023-06-06 15:34 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 07/13] tpm: export the context save and load commands James Bottomley
2023-05-02 14:12 ` Stefan Berger
2023-04-03 21:39 ` [PATCH v4 08/13] tpm: Add full HMAC and encrypt/decrypt session handling code James Bottomley
2023-04-04 1:49 ` kernel test robot
2023-04-23 5:29 ` Jarkko Sakkinen
2023-11-26 3:39 ` Jarkko Sakkinen
2023-11-26 3:45 ` Jarkko Sakkinen
2023-11-26 15:07 ` James Bottomley
2023-11-26 15:05 ` James Bottomley
2023-12-04 2:29 ` Jarkko Sakkinen
2023-12-04 12:35 ` James Bottomley
2023-12-04 13:43 ` Mimi Zohar
2023-12-04 13:53 ` James Bottomley
2023-12-04 13:59 ` Mimi Zohar
2023-12-04 14:02 ` James Bottomley
2023-12-04 14:10 ` Mimi Zohar
2023-12-04 14:23 ` James Bottomley
2023-12-04 22:58 ` Jarkko Sakkinen
2023-12-04 22:46 ` Jarkko Sakkinen
2023-04-03 21:39 ` [PATCH v4 09/13] tpm: add hmac checks to tpm2_pcr_extend() James Bottomley
2023-04-23 5:32 ` Jarkko Sakkinen
2023-04-03 21:40 ` [PATCH v4 10/13] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2023-04-03 21:40 ` [PATCH v4 11/13] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2023-04-03 21:40 ` [PATCH v4 12/13] tpm: add the null key name as a sysfs export James Bottomley
2023-04-23 5:38 ` Jarkko Sakkinen
2023-04-03 21:40 ` [PATCH v4 13/13] Documentation: add tpm-security.rst James Bottomley
2023-04-04 18:43 ` [PATCH v4 00/13] add integrity and security to TPM2 transactions William Roberts
2023-04-04 19:18 ` James Bottomley
2023-04-04 19:42 ` William Roberts
2023-04-04 20:19 ` James Bottomley [this message]
2023-04-04 21:10 ` William Roberts
2023-04-04 21:33 ` James Bottomley
2023-04-04 21:44 ` William Roberts
2023-04-05 18:39 ` William Roberts
2023-04-05 19:41 ` James Bottomley
2023-04-07 14:40 ` William Roberts
2023-04-23 5:42 ` Jarkko Sakkinen
2023-12-04 18:56 ` Stefan Berger
2023-12-04 19:24 ` James Bottomley
2023-12-04 21:02 ` Stefan Berger
2023-12-05 13:50 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=c025ff772580552ced343d88c608b41cd3e11889.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=bill.c.roberts@gmail.com \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.