linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: Ken Goldman <kgold@linux.ibm.com>,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org,
	Ard Biesheuvel <ard.biesheuvel@linaro.org>
Subject: Re: [PATCH v4 0/7] add integrity and security to TPM2 transactions
Date: Wed, 24 Oct 2018 08:41:16 +0100	[thread overview]
Message-ID: <1540366876.3008.11.camel@HansenPartnership.com> (raw)
In-Reply-To: <alpine.DEB.2.21.1810240307080.8524@jsakkine-mobl1>

On Wed, 2018-10-24 at 03:13 +0300, Jarkko Sakkinen wrote:
> On Mon, 22 Oct 2018, James Bottomley wrote:
> > On Mon, 2018-10-22 at 09:53 -0400, Ken Goldman wrote:
> > > On 10/22/2018 3:33 AM, James Bottomley wrote:
> > > > By now, everybody knows we have a problem with the TPM2_RS_PW
> > > > easy button on TPM2 in that transactions on the TPM bus can be
> > > > intercepted and altered.  The way to fix this is to use real
> > > > sessions for HMAC capabilities to ensure integrity and to use
> > > > parameter and response encryption to ensure confidentiality of
> > > > the data flowing over the TPM bus.
> > > 
> > > Does this design assume that there was at time zero no
> > > monitoring? This would permit some shared secret to be
> > > established.
> > > 
> > > Or does it assume that the interception may have been present
> > > from the first boot?  If so, how is the first shared secret
> > > established. Salting using the EK is the usual method, but this
> > > requires walking the  EK certificate chain and embedding the TPM
> > > vendor CA certificates in the  kernel.
> > 
> > The design establishes the shared secret at start of day using an
> > EC derived key from the null seed.  This can obviously be spoofed
> > by a TPM Genie running before the system was rebooted.  However,
> > the computed key name is exposed to user space and TPM2_Certify
> > will fail when userspace checks the null seed so you will know
> > after the fact whether the communication channel established on
> > boot was secure or not.
> > 
> > It is possible to use either the EPS or SPS if we pass in the
> > public points as kernel parameters but this is getting rather
> > complicated for casual users.
> 
> Where was the code that exposes it to the user space?

It's patch 6/7.  It exposes the null ec primary name in sysfs:

jejb@jarvis~> cat /sys/class/tpm0/tpm/null_name
000ba4fa35ecfbf7c85e5407d07edc27f6a522c8b1a011bcb68c60b27baf21f9d9ec

The key certification gives you back a signed copy of the name which
you can verify against this.

James


  reply	other threads:[~2018-10-24  7:41 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-22  7:33 [PATCH v4 0/7] add integrity and security to TPM2 transactions James Bottomley
2018-10-22  7:35 ` [PATCH v4 1/7] tpm-buf: create new functions for handling TPM buffers James Bottomley
2018-10-23 19:12   ` Jarkko Sakkinen
2018-10-23 19:16   ` Jarkko Sakkinen
2018-10-22  7:36 ` [PATCH v4 2/7] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling James Bottomley
2018-10-22 22:19   ` Ard Biesheuvel
2018-10-23  7:01     ` James Bottomley
2018-10-23 10:08       ` Ard Biesheuvel
2018-10-24  8:40         ` Jarkko Sakkinen
2018-10-23 23:48   ` Jarkko Sakkinen
2018-10-24  9:31     ` James Bottomley
2018-10-25 15:56       ` Jarkko Sakkinen
2018-10-22  7:37 ` [PATCH v4 3/7] tpm2: add hmac checks to tpm2_pcr_extend() James Bottomley
2018-10-22  7:37 ` [PATCH v4 4/7] tpm2: add session encryption protection to tpm2_get_random() James Bottomley
2018-10-22  7:38 ` [PATCH v4 5/7] trusted keys: Add session encryption protection to the seal/unseal path James Bottomley
2018-10-24  0:03   ` Jarkko Sakkinen
2018-10-22  7:39 ` [PATCH v4 6/7] tpm: add the null key name as a tpm2 sysfs variable James Bottomley
2018-10-22  7:40 ` [PATCH v4 7/7] tpm2-sessions: NOT FOR COMMITTING add sessions testing James Bottomley
2018-10-22 13:53 ` [PATCH v4 0/7] add integrity and security to TPM2 transactions Ken Goldman
2018-10-22 14:18   ` James Bottomley
2018-10-22 15:50     ` Ken Goldman
2018-10-22 15:55       ` James Bottomley
2018-10-24  0:13     ` Jarkko Sakkinen
2018-10-24  7:41       ` James Bottomley [this message]
2018-10-25 15:39         ` Jarkko Sakkinen
2018-10-24  0:06   ` Jarkko Sakkinen
2018-10-24  7:34     ` James Bottomley
2018-10-25 16:53       ` Ken Goldman
2018-10-23 23:51 ` Jarkko Sakkinen
2018-10-24  7:43   ` James Bottomley
2018-10-25 15:42     ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1540366876.3008.11.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=ard.biesheuvel@linaro.org \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=kgold@linux.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).