linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Mimi Zohar <zohar@linux.ibm.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Cc: linux-integrity@vger.kernel.org, stable@vger.kernel.org,
	David Howells <dhowells@redhat.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
	"open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
Date: Thu, 03 Oct 2019 09:02:32 -0400	[thread overview]
Message-ID: <1570107752.4421.183.camel@linux.ibm.com> (raw)
In-Reply-To: <20191003114119.GF8933@linux.intel.com>

On Thu, 2019-10-03 at 14:41 +0300, Jarkko Sakkinen wrote:
> On Wed, Oct 02, 2019 at 10:00:19AM -0400, Mimi Zohar wrote:
> > On Thu, 2019-09-26 at 20:16 +0300, Jarkko Sakkinen wrote:
> > > Only the kernel random pool should be used for generating random numbers.
> > > TPM contributes to that pool among the other sources of entropy. In here it
> > > is not, agreed, absolutely critical because TPM is what is trusted anyway
> > > but in order to remove tpm_get_random() we need to first remove all the
> > > call sites.
> > 
> > At what point during boot is the kernel random pool available?  Does
> > this imply that you're planning on changing trusted keys as well?
> 
> Well trusted keys *must* be changed to use it. It is not a choice
> because using a proprietary random number generator instead of defacto
> one in the kernel can be categorized as a *regression*.

I really don't see how using the TPM random number for TPM trusted
keys would be considered a regression.  That by definition is a
trusted key.  If anything, changing what is currently being done would
be the regression. 

> Also, TEE trusted keys cannot use the TPM option.

That isn't a valid justification for changing the original definition
of trusted keys.  Just as the kernel supports different methods of
implementing the same function on different architectures, trusted
keys will need to support different methods of generating a random
number.   

> 
> If it was not initialized early enough we would need fix that too.

Shouldn't this be determined and fixed, before making any changes?

> 
> I don't think there should be a problem anyway since encrypted keys is
> already using get_random_bytes().

Encrypted keys has no bearing on trusted keys.

Mimi


  parent reply	other threads:[~2019-10-03 13:05 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-26 17:16 Jarkko Sakkinen
2019-09-28 18:05 ` Jerry Snitselaar
2019-10-01 20:54   ` Jarkko Sakkinen
2019-10-02 14:00 ` Mimi Zohar
2019-10-03 11:41   ` Jarkko Sakkinen
2019-10-03 11:43     ` Jarkko Sakkinen
2019-10-03 13:02     ` Mimi Zohar [this message]
2019-10-03 17:58       ` Jarkko Sakkinen
2019-10-03 18:53         ` Mimi Zohar
2019-10-03 21:51           ` Jarkko Sakkinen
2019-10-03 21:57             ` Jarkko Sakkinen
2019-10-03 22:08               ` Mimi Zohar
2019-10-03 23:59                 ` James Bottomley
2019-10-04 18:22                   ` Jarkko Sakkinen
2019-10-04 18:24                     ` James Bottomley
2019-10-04 18:33                       ` Jerry Snitselaar
2019-10-04 18:42                         ` James Bottomley
2019-10-04 20:07                           ` Jerry Snitselaar
2019-10-04 20:11                             ` Jerry Snitselaar
2019-10-04 22:11                               ` James Bottomley
2019-10-06  0:38                                 ` Mimi Zohar
2019-10-06 23:52                                   ` Jarkko Sakkinen
2019-10-07 18:08                                     ` Mimi Zohar
2019-10-04 18:20                 ` Jarkko Sakkinen
2019-10-03 22:10               ` Jarkko Sakkinen
2019-10-04 13:26           ` Safford, David (GE Global Research, US)
2019-10-04 18:27             ` Jarkko Sakkinen
2019-10-04 18:30               ` Jarkko Sakkinen
2019-10-04 19:56               ` Safford, David (GE Global Research, US)
2019-10-07  0:05                 ` Jarkko Sakkinen
2019-10-07 22:13                   ` Ken Goldman
2019-10-08 23:49                     ` Jarkko Sakkinen
2019-10-08 23:53                       ` Jarkko Sakkinen
2019-10-09  7:10                         ` Pascal Van Leeuwen
2019-10-09  7:33                         ` Jarkko Sakkinen
2019-10-09  7:41                           ` Jarkko Sakkinen
2019-10-09  8:09                             ` Pascal Van Leeuwen
2019-10-14 19:11                               ` Jarkko Sakkinen
2019-10-09  8:02                           ` Pascal Van Leeuwen
2019-10-09 12:11                         ` Safford, David (GE Global Research, US)
2019-10-14 19:00                           ` Jarkko Sakkinen
2019-10-14 19:29                             ` Jarkko Sakkinen
2019-10-14 19:29                             ` James Bottomley
2019-10-16 11:00                               ` Jarkko Sakkinen
2019-10-16 12:34                                 ` James Bottomley
2019-10-16 16:25                                   ` Jarkko Sakkinen
2019-10-16 19:10                                     ` James Bottomley
2019-10-17 12:52                                       ` Sumit Garg
2019-10-17 12:58                                         ` James Bottomley
2019-10-17 18:04                                       ` Jarkko Sakkinen
2019-10-21 11:39                                         ` Jarkko Sakkinen
2019-10-29  8:42                                           ` Jarkko Sakkinen
2019-10-29 14:58                                             ` James Bottomley
2019-10-31 21:03                                               ` Jarkko Sakkinen
2019-10-18  7:32                                   ` Janne Karhunen
2019-10-03 18:02       ` Jarkko Sakkinen
2019-10-03 18:15         ` Jarkko Sakkinen
2019-10-07 10:33     ` Janne Karhunen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1570107752.4421.183.camel@linux.ibm.com \
    --to=zohar@linux.ibm.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    --subject='Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).