linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: "Safford, David (GE Global Research, US)" <david.safford@ge.com>
To: Mimi Zohar <zohar@linux.ibm.com>,
	Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
	"Wiseman, Monty (GE Global Research, US)" <monty.wiseman@ge.com>
Cc: "linux-integrity@vger.kernel.org"
	<linux-integrity@vger.kernel.org>,
	"stable@vger.kernel.org" <stable@vger.kernel.org>,
	David Howells <dhowells@redhat.com>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	"David S. Miller" <davem@davemloft.net>,
	"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
	"open list:CRYPTO API" <linux-crypto@vger.kernel.org>,
	open list <linux-kernel@vger.kernel.org>
Subject: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
Date: Fri, 4 Oct 2019 13:26:58 +0000	[thread overview]
Message-ID: <BCA04D5D9A3B764C9B7405BBA4D4A3C035F2A22E@ALPMBAPA12.e2k.ad.ge.com> (raw)
In-Reply-To: <1570128827.5046.19.camel@linux.ibm.com>

> From: Mimi Zohar <zohar@linux.ibm.com>
> Sent: Thursday, October 3, 2019 2:54 PM
> To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>; Safford, David (GE
> Subject: EXT: Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()
> 
> [Cc'ing David Safford]
> 
> On Thu, 2019-10-03 at 20:58 +0300, Jarkko Sakkinen wrote:
> > On Thu, Oct 03, 2019 at 09:02:32AM -0400, Mimi Zohar wrote:
> > > On Thu, 2019-10-03 at 14:41 +0300, Jarkko Sakkinen wrote:
> > > > On Wed, Oct 02, 2019 at 10:00:19AM -0400, Mimi Zohar wrote:
> > > > > On Thu, 2019-09-26 at 20:16 +0300, Jarkko Sakkinen wrote:
> > > > > > Only the kernel random pool should be used for generating random
> numbers.
> > > > > > TPM contributes to that pool among the other sources of
> > > > > > entropy. In here it is not, agreed, absolutely critical
> > > > > > because TPM is what is trusted anyway but in order to remove
> > > > > > tpm_get_random() we need to first remove all the call sites.
> > > > >
> > > > > At what point during boot is the kernel random pool available?
> > > > > Does this imply that you're planning on changing trusted keys as well?
> > > >
> > > > Well trusted keys *must* be changed to use it. It is not a choice
> > > > because using a proprietary random number generator instead of
> > > > defacto one in the kernel can be categorized as a *regression*.
> > >
> > > I really don't see how using the TPM random number for TPM trusted
> > > keys would be considered a regression.  That by definition is a
> > > trusted key.  If anything, changing what is currently being done
> > > would be the regression.
> >
> > It is really not a TPM trusted key. It trusted key that gets sealed
> > with the TPM. The key itself is used in clear by kernel. The random
> > number generator exists in the kernel to for a reason.
> >
> > It is without doubt a regression.
> 
> You're misusing the term "regression" here.  A regression is something that
> previously worked and has stopped working.  In this case, trusted keys has
> always been based on the TPM random number generator.  Before changing
> this, there needs to be some guarantees that the kernel random number
> generator has a pool of random numbers early, on all systems including
> embedded devices, not just servers.
> 
> Mimi

As the original author of trusted keys, let me make a few comments.
First, trusted keys were specifically implemented and *documented* to
use the TPM to both generate and seal keys. Its kernel documentation
specifically states this as a promise to user space. If you want to have 
a different key system that uses the random pool to generate the keys,
fine, but don't change trusted keys, as that changes the existing promise
to user space. 

There are many good reasons for wanting the keys to be based on the
TPM generator.  As the source for the kernel random number generator
itself says, some systems lack good randomness at startup, and systems
should preserve and reload the pool across shutdown and startup.
There are use cases for trusted keys which need to generate keys 
before such scripts have run. Also, in some use cases, we need to show
that trusted keys are FIPS compliant, which is possible with TPM
generated keys.

Second, the TPM is hardly a "proprietary random number generator".
It is an open standard with multiple implementations, many of which are
FIPS certified.

Third, as Mimi states, using a TPM is not a "regression". It would be a
regression to change trusted keys _not_ to use the TPM, because that
is what trusted keys are documented to provide to user space.

dave


  parent reply	other threads:[~2019-10-04 13:27 UTC|newest]

Thread overview: 58+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-09-26 17:16 Jarkko Sakkinen
2019-09-28 18:05 ` Jerry Snitselaar
2019-10-01 20:54   ` Jarkko Sakkinen
2019-10-02 14:00 ` Mimi Zohar
2019-10-03 11:41   ` Jarkko Sakkinen
2019-10-03 11:43     ` Jarkko Sakkinen
2019-10-03 13:02     ` Mimi Zohar
2019-10-03 17:58       ` Jarkko Sakkinen
2019-10-03 18:53         ` Mimi Zohar
2019-10-03 21:51           ` Jarkko Sakkinen
2019-10-03 21:57             ` Jarkko Sakkinen
2019-10-03 22:08               ` Mimi Zohar
2019-10-03 23:59                 ` James Bottomley
2019-10-04 18:22                   ` Jarkko Sakkinen
2019-10-04 18:24                     ` James Bottomley
2019-10-04 18:33                       ` Jerry Snitselaar
2019-10-04 18:42                         ` James Bottomley
2019-10-04 20:07                           ` Jerry Snitselaar
2019-10-04 20:11                             ` Jerry Snitselaar
2019-10-04 22:11                               ` James Bottomley
2019-10-06  0:38                                 ` Mimi Zohar
2019-10-06 23:52                                   ` Jarkko Sakkinen
2019-10-07 18:08                                     ` Mimi Zohar
2019-10-04 18:20                 ` Jarkko Sakkinen
2019-10-03 22:10               ` Jarkko Sakkinen
2019-10-04 13:26           ` Safford, David (GE Global Research, US) [this message]
2019-10-04 18:27             ` Jarkko Sakkinen
2019-10-04 18:30               ` Jarkko Sakkinen
2019-10-04 19:56               ` Safford, David (GE Global Research, US)
2019-10-07  0:05                 ` Jarkko Sakkinen
2019-10-07 22:13                   ` Ken Goldman
2019-10-08 23:49                     ` Jarkko Sakkinen
2019-10-08 23:53                       ` Jarkko Sakkinen
2019-10-09  7:10                         ` Pascal Van Leeuwen
2019-10-09  7:33                         ` Jarkko Sakkinen
2019-10-09  7:41                           ` Jarkko Sakkinen
2019-10-09  8:09                             ` Pascal Van Leeuwen
2019-10-14 19:11                               ` Jarkko Sakkinen
2019-10-09  8:02                           ` Pascal Van Leeuwen
2019-10-09 12:11                         ` Safford, David (GE Global Research, US)
2019-10-14 19:00                           ` Jarkko Sakkinen
2019-10-14 19:29                             ` Jarkko Sakkinen
2019-10-14 19:29                             ` James Bottomley
2019-10-16 11:00                               ` Jarkko Sakkinen
2019-10-16 12:34                                 ` James Bottomley
2019-10-16 16:25                                   ` Jarkko Sakkinen
2019-10-16 19:10                                     ` James Bottomley
2019-10-17 12:52                                       ` Sumit Garg
2019-10-17 12:58                                         ` James Bottomley
2019-10-17 18:04                                       ` Jarkko Sakkinen
2019-10-21 11:39                                         ` Jarkko Sakkinen
2019-10-29  8:42                                           ` Jarkko Sakkinen
2019-10-29 14:58                                             ` James Bottomley
2019-10-31 21:03                                               ` Jarkko Sakkinen
2019-10-18  7:32                                   ` Janne Karhunen
2019-10-03 18:02       ` Jarkko Sakkinen
2019-10-03 18:15         ` Jarkko Sakkinen
2019-10-07 10:33     ` Janne Karhunen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=BCA04D5D9A3B764C9B7405BBA4D4A3C035F2A22E@ALPMBAPA12.e2k.ad.ge.com \
    --to=david.safford@ge.com \
    --cc=davem@davemloft.net \
    --cc=dhowells@redhat.com \
    --cc=herbert@gondor.apana.org.au \
    --cc=jarkko.sakkinen@linux.intel.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-crypto@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=monty.wiseman@ge.com \
    --cc=stable@vger.kernel.org \
    --cc=zohar@linux.ibm.com \
    --subject='Re: [PATCH] KEYS: asym_tpm: Switch to get_random_bytes()' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).