linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>,
	linux-integrity@vger.kernel.org,
	linux-security-module@vger.kernel.org, monty.wiseman@ge.com,
	Monty Wiseman <montywiseman32@gmail.com>,
	Matthew Garrett <mjg59@google.com>
Subject: Re: Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks
Date: Wed, 21 Nov 2018 01:41:56 +0200	[thread overview]
Message-ID: <20181120234156.GJ8391@linux.intel.com> (raw)
In-Reply-To: <1542734279.2814.23.camel@HansenPartnership.com>

On Tue, Nov 20, 2018 at 09:17:59AM -0800, James Bottomley wrote:
> OK, the TPM is supposed to provide attestation of the correct
> environment on a device under someone else's control (the classic
> example is laptop provided by a company to an employee).  The device is
> under the physical control of the entity you don't entirely trust so
> the TPM is supposed to attest that they're running an approved OS ...
> we have whole TCG specs for that situation.

For me the classic scenario would be more like protecting the employee
that you have given confidential data from 3rd party adversaries.  If an
employee that you get confidential data is in fact an adversary, you are
screwed. Even if the device is untampered.

Having less likely untampered device would still be for better direction
against 3rd party adversaries but alone this does not really solve the
puzzle.

There are technologies like ARM TZ and Intel SGX to provide more secure
host side. But if you have such technologies available you can use them
to run the whole TPM and the problem is solved (at least TZ is used for
this today and you could use SGX to do the same).

/Jarkko

  parent reply	other threads:[~2018-11-20 23:42 UTC|newest]

Thread overview: 34+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-11-19 17:34 Documenting the proposal for TPM 2.0 security in the face of bus interposer attacks James Bottomley
2018-11-19 20:05 ` Jason Gunthorpe
2018-11-19 20:20   ` James Bottomley
2018-11-19 21:19     ` Jason Gunthorpe
2018-11-19 21:34       ` James Bottomley
2018-11-19 21:44         ` Jason Gunthorpe
2018-11-19 22:36           ` James Bottomley
2018-11-19 23:08             ` Jason Gunthorpe
2018-11-20  0:54               ` James Bottomley
2018-11-20  3:05                 ` Jason Gunthorpe
2018-11-20 17:17                   ` James Bottomley
2018-11-20 21:33                     ` Jason Gunthorpe
2018-11-20 22:34                       ` James Bottomley
2018-11-20 23:39                         ` Jason Gunthorpe
2018-11-21  2:24                           ` EXTERNAL: " Jeremy Boone
2018-11-21  5:16                             ` Jason Gunthorpe
2018-11-20 23:52                       ` Jarkko Sakkinen
2018-11-20 23:41                     ` Jarkko Sakkinen [this message]
2018-11-20 11:10 ` Jarkko Sakkinen
2018-11-20 12:41   ` Jarkko Sakkinen
2018-11-20 17:25     ` James Bottomley
2018-11-20 23:13       ` Jarkko Sakkinen
2018-11-20 23:58         ` James Bottomley
2018-11-21  0:33           ` EXTERNAL: " Jeremy Boone
2018-11-21  6:37           ` Jarkko Sakkinen
2018-11-21  5:42         ` Jason Gunthorpe
2018-11-21  7:18           ` Jarkko Sakkinen
     [not found]             ` <F10185EF-C618-45DC-B1F3-0053B8FE417F@gmail.com>
2018-11-21  9:07               ` Jarkko Sakkinen
2018-11-21  9:14             ` Jarkko Sakkinen
2018-11-20 17:23   ` James Bottomley
2018-11-20 23:12     ` Jarkko Sakkinen
2018-12-10 16:33 ` Ken Goldman
2018-12-10 17:30   ` James Bottomley
2018-12-11 21:47     ` Ken Goldman

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181120234156.GJ8391@linux.intel.com \
    --to=jarkko.sakkinen@linux.intel.com \
    --cc=James.Bottomley@HansenPartnership.com \
    --cc=jgg@ziepe.ca \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=mjg59@google.com \
    --cc=monty.wiseman@ge.com \
    --cc=montywiseman32@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).