From: Jarkko Sakkinen <jarkko@kernel.org>
To: James Bottomley <James.Bottomley@hansenpartnership.com>
Cc: linux-integrity@vger.kernel.org, keyrings@vger.kernel.org,
Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH 08/12] tpm: add hmac checks to tpm2_pcr_extend()
Date: Mon, 27 Feb 2023 11:16:34 +0200 [thread overview]
Message-ID: <Y/x04S0a5+/eOCjf@kernel.org> (raw)
In-Reply-To: <20230216201410.15010-9-James.Bottomley@HansenPartnership.com>
On Thu, Feb 16, 2023 at 03:14:06PM -0500, James Bottomley wrote:
> We use tpm2_pcr_extend() in trusted keys to extend a PCR to prevent a
"Use tpm2_pcr_extend()"
> key from being re-loaded until the next reboot. To use this
> functionality securely, that extend must be protected by a session
> hmac.
There's no description of action taken. This is only motivation part.
>
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> ---
> drivers/char/tpm/tpm2-cmd.c | 27 ++++++++++-----------------
> 1 file changed, 10 insertions(+), 17 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 056dad3dd5c9..ef038cc71f9c 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -216,13 +216,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
> return rc;
> }
>
> -struct tpm2_null_auth_area {
> - __be32 handle;
> - __be16 nonce_size;
> - u8 attributes;
> - __be16 auth_size;
> -} __packed;
> -
> /**
> * tpm2_pcr_extend() - extend a PCR value
> *
> @@ -236,24 +229,22 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> struct tpm_digest *digests)
> {
> struct tpm_buf buf;
> - struct tpm2_null_auth_area auth_area;
> int rc;
> int i;
>
> - rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
> + rc = tpm2_start_auth_session(chip);
> if (rc)
> return rc;
>
> - tpm_buf_append_u32(&buf, pcr_idx);
> + rc = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
> + if (rc) {
> + tpm2_end_auth_session(chip);
> + return rc;
> + }
>
> - auth_area.handle = cpu_to_be32(TPM2_RS_PW);
> - auth_area.nonce_size = 0;
> - auth_area.attributes = 0;
> - auth_area.auth_size = 0;
> + tpm_buf_append_name(chip, &buf, pcr_idx, NULL);
> + tpm_buf_append_hmac_session(chip, &buf, 0, NULL, 0);
>
> - tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
> - tpm_buf_append(&buf, (const unsigned char *)&auth_area,
> - sizeof(auth_area));
> tpm_buf_append_u32(&buf, chip->nr_allocated_banks);
>
> for (i = 0; i < chip->nr_allocated_banks; i++) {
> @@ -262,7 +253,9 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> chip->allocated_banks[i].digest_size);
> }
>
> + tpm_buf_fill_hmac_session(chip, &buf);
> rc = tpm_transmit_cmd(chip, &buf, 0, "attempting extend a PCR value");
> + rc = tpm_buf_check_hmac_response(chip, &buf, rc);
>
> tpm_buf_destroy(&buf);
>
> --
> 2.35.3
>
BR, Jarkko
next prev parent reply other threads:[~2023-02-27 9:20 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-16 20:13 [PATCH 00/12] add integrity and security to TPM2 transactions James Bottomley
2023-02-16 20:13 ` [PATCH 01/12] crypto: lib - implement library version of AES in CFB mode James Bottomley
2023-02-27 7:47 ` Jarkko Sakkinen
2023-02-16 20:14 ` [PATCH 02/12] tpm: move buffer handling from static inlines to real functions James Bottomley
2023-02-27 8:18 ` Jarkko Sakkinen
2023-02-16 20:14 ` [PATCH 03/12] tpm: add buffer handling for TPM2B types James Bottomley
2023-02-27 8:31 ` Jarkko Sakkinen
2023-03-28 19:42 ` James Bottomley
2023-02-16 20:14 ` [PATCH 04/12] tpm: add cursor based buffer functions for response parsing James Bottomley
2023-02-27 8:34 ` Jarkko Sakkinen
2023-02-16 20:14 ` [PATCH 05/12] tpm: add buffer function to point to returned parameters James Bottomley
2023-02-27 8:36 ` Jarkko Sakkinen
2023-02-16 20:14 ` [PATCH 06/12] tpm: export the context save and load commands James Bottomley
2023-02-27 8:37 ` Jarkko Sakkinen
2023-04-03 16:54 ` James Bottomley
2023-02-16 20:14 ` [PATCH 07/12] tpm: Add full HMAC and encrypt/decrypt session handling code James Bottomley
2023-02-16 23:37 ` kernel test robot
2023-02-17 11:30 ` kernel test robot
2023-02-17 14:22 ` James Bottomley
2023-02-17 14:23 ` Ard Biesheuvel
2023-02-16 20:14 ` [PATCH 08/12] tpm: add hmac checks to tpm2_pcr_extend() James Bottomley
2023-02-27 9:16 ` Jarkko Sakkinen [this message]
2023-02-16 20:14 ` [PATCH 09/12] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2023-02-16 20:14 ` [PATCH 10/12] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2023-02-16 20:40 ` [PATCH 11/12] tpm: add the null key name as a sysfs export James Bottomley
2023-02-17 10:59 ` kernel test robot
2023-02-16 20:41 ` [PATCH 12/12] Documentation: add tpm-security.rst James Bottomley
2023-02-17 22:43 ` [PATCH 00/12] add integrity and security to TPM2 transactions Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y/x04S0a5+/eOCjf@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=ardb@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).