From: Mimi Zohar <zohar@linux.ibm.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: linux-integrity@vger.kernel.org,
Elaine Palmer <erpalmer@us.ibm.com>,
sumit.garg@linaro.org, George Wilson <gcwilson@us.ibm.com>,
zgu@us.ibm.com
Subject: Re: [PATCH] doc: trusted-encrypted: updates with TEE as a new trust source (update)
Date: Fri, 11 Dec 2020 10:16:22 -0500 [thread overview]
Message-ID: <289450498f2ff2c8186d6ac72bc94f17d354e96d.camel@linux.ibm.com> (raw)
In-Reply-To: <20201211081454.GA5262@kernel.org>
[Response from Zohargshu Gu <zgu@us.ibm.com>, Elaine Palmer <
erpalmer@us.ibm.com>]
On Fri, 2020-12-11 at 10:14 +0200, Jarkko Sakkinen wrote:
> On Wed, Dec 09, 2020 at 11:42:49AM -0500, Mimi Zohar wrote:
> > From: Elaine Palmer <erpalmer@us.ibm.com>
> >
> > Update trusted key documentation with additional comparisons between
> > discrete TPMs and TEE.
> >
> > Signed-off-by: Elaine Palmer <erpalmer@us.ibm.com>
>
> Right, so OP-TEE is not the same as TEE. I did not know this and the
> patch set does not underline this.
>
> I re-checked the patches and none of them say explicitly that OP-TEE
> is an application living inside TEE.
>
> This essentially means that the backend needs to be renamed as "op_tee".
>
> All patches need to be rewritten according to this.
>
>
> > ---
> > .../security/keys/trusted-encrypted.rst | 73 +++++++++++++++++--
> > 1 file changed, 65 insertions(+), 8 deletions(-)
> >
> > diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
> > index 16042c8ff8ae..90c02105ab89 100644
> > --- a/Documentation/security/keys/trusted-encrypted.rst
> > +++ b/Documentation/security/keys/trusted-encrypted.rst
> > @@ -14,12 +14,14 @@ convenience, and are integrity verified.
> > Trust Source
> > ============
> >
> > -Trust Source provides the source of security for the Trusted Keys, on which
> > -basis Trusted Keys establishes a Trust model with its user. A Trust Source could
> > -differ from one system to another depending on its security requirements. It
> > -could be either an off-chip device or an on-chip device. Following section
> > -demostrates a list of supported devices along with their security properties/
> > -guarantees:
> > +A trust source provides the source of security for Trusted Keys. This
> > +section lists currently supported trust sources, along with their security
> > +considerations. Whether or not a trust source is sufficiently safe depends
> > +on the strength and correctness of its implementation, as well as the threat
> > +environment for a specific use case. Since the kernel doesn't know what the
> > +environment is, and there is no metric of trust, it is dependent on the
> > +consumer of the Trusted Keys to determine if the trust source is sufficiently
> > +safe.
> >
> > * Root of trust for storage
> >
> > @@ -116,6 +118,59 @@ guarantees:
> > Provides no protection by itself, relies on the underlying platform for
> > features such as tamper resistance.
> >
> > + * Provisioning - the trust source's unique and verifiable cryptographic
> > + identity is provisioned during manufacturing
> > +
> > + (1) TPM
> > +
> > + The unique and verifiable cryptographic identity is the endorsement
> > + key (EK) or its primary seed. A review of the generation of the EK
> > + and its accompanying certificate is part of the Common Criteria
> > + evaluation of the product's lifecycle processes (ALC_*). See "TCG
> > + Protection Profile for PC Client Specific TPM 2"
> > +
> > + (2) TEE
> > +
> > + A protection profile for TEEs does not yet exist. Therefore, the
> > + provisioning process that generates the Hardware Unique Key is not
> > + evaluated by an independent third party and is highly dependent on
> > + the manufacturing environment.
>
> Comparing TPM and TEE does not make logically any sense given that TPM
> is application and TEE a platfrom.
Thanks Jarkko for the response. The other suggestion we have is with
regard to the "on-chip versus off-chip" section. TPM can have
different implementations. That section only covers the traditional
discrete TPMs. However, TPM can also be an independent chip packaged
with processor, e.g., Microsoft Pluton. TPM can also be implemented in
system firmware, e.g., Intel Platform Trust Technology (PTT). We
suggest renaming this section "Packaging and integration" to cover
multiple chips, removable daughter cards, multi-chip modules, discrete
TPMs, fTPMs, exposed buses, etc.
Thank you.
Zhongshu, Elaine
next prev parent reply other threads:[~2020-12-11 16:04 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-09 16:42 [PATCH] doc: trusted-encrypted: updates with TEE as a new trust source (update) Mimi Zohar
2020-12-11 8:14 ` Jarkko Sakkinen
2020-12-11 15:16 ` Mimi Zohar [this message]
2021-01-04 12:36 ` Sumit Garg
2021-01-10 3:16 ` Jarkko Sakkinen
2021-01-12 5:25 ` Sumit Garg
2021-01-13 21:23 ` Jarkko Sakkinen
2021-01-15 23:15 ` Elaine Palmer
2021-01-18 6:53 ` Sumit Garg
2021-01-20 14:21 ` Jarkko Sakkinen
2021-01-20 14:25 ` Jarkko Sakkinen
2021-01-04 12:15 ` Sumit Garg
2021-01-10 3:14 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=289450498f2ff2c8186d6ac72bc94f17d354e96d.camel@linux.ibm.com \
--to=zohar@linux.ibm.com \
--cc=erpalmer@us.ibm.com \
--cc=gcwilson@us.ibm.com \
--cc=jarkko@kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=sumit.garg@linaro.org \
--cc=zgu@us.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).