From: Pascal Van Leeuwen <pvanleeuwen@verimatrix.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
Ken Goldman <kgold@linux.ibm.com>
Cc: "Safford, David (GE Global Research, US)" <david.safford@ge.com>,
Mimi Zohar <zohar@linux.ibm.com>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"stable@vger.kernel.org" <stable@vger.kernel.org>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
"open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: RE: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
Date: Wed, 9 Oct 2019 07:10:08 +0000 [thread overview]
Message-ID: <MN2PR20MB2973D1DDDC1C0D41D449E4CCCA950@MN2PR20MB2973.namprd20.prod.outlook.com> (raw)
In-Reply-To: <20191008235339.GB13926@linux.intel.com>
> -----Original Message-----
> From: linux-crypto-owner@vger.kernel.org <linux-crypto-owner@vger.kernel.org> On Behalf Of
> Jarkko Sakkinen
> Sent: Wednesday, October 9, 2019 1:54 AM
> To: Ken Goldman <kgold@linux.ibm.com>
> Cc: Safford, David (GE Global Research, US) <david.safford@ge.com>; Mimi Zohar
> <zohar@linux.ibm.com>; linux-integrity@vger.kernel.org; stable@vger.kernel.org; open
> list:ASYMMETRIC KEYS <keyrings@vger.kernel.org>; open list:CRYPTO API <linux-
> crypto@vger.kernel.org>; open list <linux-kernel@vger.kernel.org>
> Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
>
> On Wed, Oct 09, 2019 at 02:49:35AM +0300, Jarkko Sakkinen wrote:
> > On Mon, Oct 07, 2019 at 06:13:01PM -0400, Ken Goldman wrote:
> > > The TPM library specification states that the TPM must comply with NIST
> > > SP800-90 A.
> > >
> > > https://trustedcomputinggroup.org/membership/certification/tpm-certified-products/
> > >
> > > shows that the TPMs get third party certification, Common Criteria EAL 4+.
> > >
> > > While it's theoretically possible that an attacker could compromise
> > > both the TPM vendors and the evaluation agencies, we do have EAL 4+
> > > assurance against both 1 and 2.
> >
> > Certifications do not equal to trust.
>
So having an implementation reviewed by a capable third party of
your choosing (as that's how certification usually works) is less
trustworthy than having random individuals hacking away at it?
(and trust me, _most_ people are not going to review that by
themselves - very few people on this planet are capable to do so)
> And for trusted keys the least trust solution is to do generation
> with the kernel assets and sealing with TPM. With TEE the least
> trust solution is equivalent.
>
> Are you proposing that the kernel random number generation should
> be removed? That would be my conclusion of this discussion if I
> would agree any of this (I don't).
>
Life is not that black and white.
If certification is _not_ a requirement you can use the kernel random
number generator, especially if you don't trust, say, the TPM one.
If you _do_ require certification - and in many industries this is
_mandatory_, you simply _must_ follow the certification rules (which
may impose restrictions how the random number generation is done),
and this should not be made impossible for such _existing_ use cases.
Having said all that, generating _true_ entropy (and, importantly,
ensuring it cannot be manipulated) is a very complicated subject and
considering how all encryption security ultimately depends on the
quality of the random numbers used for key material, I would not
trust any implementation that has not been certified or otherwise
carefully scrutinized by people _proven_ to have the expertise.
Regards,
Pascal van Leeuwen
Silicon IP Architect, Multi-Protocol Engines @ Verimatrix
www.insidesecure.com
next prev parent reply other threads:[~2019-10-09 7:10 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-26 17:16 [PATCH] KEYS: asym_tpm: Switch to get_random_bytes() Jarkko Sakkinen
2019-09-28 18:05 ` Jerry Snitselaar
2019-10-01 20:54 ` Jarkko Sakkinen
2019-10-02 14:00 ` Mimi Zohar
2019-10-03 11:41 ` Jarkko Sakkinen
2019-10-03 11:43 ` Jarkko Sakkinen
2019-10-03 13:02 ` Mimi Zohar
2019-10-03 17:58 ` Jarkko Sakkinen
2019-10-03 18:53 ` Mimi Zohar
2019-10-03 21:51 ` Jarkko Sakkinen
2019-10-03 21:57 ` Jarkko Sakkinen
2019-10-03 22:08 ` Mimi Zohar
2019-10-03 23:59 ` James Bottomley
2019-10-04 18:22 ` Jarkko Sakkinen
2019-10-04 18:24 ` James Bottomley
2019-10-04 18:33 ` Jerry Snitselaar
2019-10-04 18:42 ` James Bottomley
2019-10-04 20:07 ` Jerry Snitselaar
2019-10-04 20:11 ` Jerry Snitselaar
2019-10-04 22:11 ` James Bottomley
2019-10-06 0:38 ` Mimi Zohar
2019-10-06 23:52 ` Jarkko Sakkinen
2019-10-07 18:08 ` Mimi Zohar
2019-10-04 18:20 ` Jarkko Sakkinen
2019-10-03 22:10 ` Jarkko Sakkinen
2019-10-04 13:26 ` Safford, David (GE Global Research, US)
2019-10-04 18:27 ` Jarkko Sakkinen
2019-10-04 18:30 ` Jarkko Sakkinen
2019-10-04 19:56 ` Safford, David (GE Global Research, US)
2019-10-07 0:05 ` Jarkko Sakkinen
2019-10-07 22:13 ` Ken Goldman
2019-10-08 23:49 ` Jarkko Sakkinen
2019-10-08 23:53 ` Jarkko Sakkinen
2019-10-09 7:10 ` Pascal Van Leeuwen [this message]
2019-10-09 7:33 ` Jarkko Sakkinen
2019-10-09 7:41 ` Jarkko Sakkinen
2019-10-09 8:09 ` Pascal Van Leeuwen
2019-10-14 19:11 ` Jarkko Sakkinen
2019-10-09 8:02 ` Pascal Van Leeuwen
2019-10-09 12:11 ` Safford, David (GE Global Research, US)
2019-10-14 19:00 ` Jarkko Sakkinen
2019-10-14 19:29 ` Jarkko Sakkinen
2019-10-14 19:29 ` James Bottomley
2019-10-16 11:00 ` Jarkko Sakkinen
2019-10-16 12:34 ` James Bottomley
2019-10-16 16:25 ` Jarkko Sakkinen
2019-10-16 19:10 ` James Bottomley
2019-10-17 12:52 ` Sumit Garg
2019-10-17 12:58 ` James Bottomley
2019-10-17 18:04 ` Jarkko Sakkinen
2019-10-21 11:39 ` Jarkko Sakkinen
2019-10-29 8:42 ` Jarkko Sakkinen
2019-10-29 14:58 ` James Bottomley
2019-10-31 21:03 ` Jarkko Sakkinen
2019-10-18 7:32 ` Janne Karhunen
2019-10-03 18:02 ` Jarkko Sakkinen
2019-10-03 18:15 ` Jarkko Sakkinen
2019-10-07 10:33 ` Janne Karhunen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=MN2PR20MB2973D1DDDC1C0D41D449E4CCCA950@MN2PR20MB2973.namprd20.prod.outlook.com \
--to=pvanleeuwen@verimatrix.com \
--cc=david.safford@ge.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=keyrings@vger.kernel.org \
--cc=kgold@linux.ibm.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).