Linux-Security-Module Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH v6 00/12] add integrity and security to TPM2 transactions
@ 2019-09-09 12:16 James Bottomley
  2019-09-09 12:17 ` [PATCH v6 01/12] tpm-buf: move from static inlines to real functions James Bottomley
                   ` (12 more replies)
  0 siblings, 13 replies; 27+ messages in thread
From: James Bottomley @ 2019-09-09 12:16 UTC (permalink / raw)
  To: linux-integrity; +Cc: linux-crypto, linux-security-module, Jarkko Sakkinen

Link to previous cover letter:

https://lore.kernel.org/linux-integrity/1540193596.3202.7.camel@HansenPartnership.com/

This is marked v6 instead of v5 because I did a v5 after feedback on v4
but didn't get around to posting it and then had to rework the whole of
the kernel space handling while I was on holiday.  I also added the
documentation of how the whole thing works and the rationale for doing
it in tpm-security.rst (patch 11).  The main reason for doing this now
is so we have something to discuss at Plumbers.

The new patch set implements the various splits requested, but the main
changes are that the kernel space is gone and is replaced by a context
save and restore of the generated null seed.  This is easier to handle
than a full kernel space given the new threading for TPM spaces, but
conceptually it is still very like a space.  I've also made whether
integrity and encryption is turned on a Kconfig option.

James

---

James Bottomley (12):
  tpm-buf: move from static inlines to real functions
  tpm-buf: add handling for TPM2B types
  tpm-buf: add cursor based functions for response parsing
  tpm2-space: export the context save and load commands
  tpm2-sessions: Add full HMAC and encrypt/decrypt session handling
  tpm-buf: add tpm_buf_parameters()
  tpm2: add hmac checks to tpm2_pcr_extend()
  tpm2: add session encryption protection to tpm2_get_random()
  trusted keys: Add session encryption protection to the seal/unseal
    path
  tpm: add the null key name as a tpm2 sysfs variable
  Documentation: add tpm-security.rst
  tpm2-sessions: NOT FOR COMMITTING add sessions testing

 Documentation/security/tpm/tpm-security.rst |  204 +++++
 drivers/char/tpm/Kconfig                    |   11 +
 drivers/char/tpm/Makefile                   |    4 +
 drivers/char/tpm/tpm-buf.c                  |  202 +++++
 drivers/char/tpm/tpm-chip.c                 |    1 +
 drivers/char/tpm/tpm-sysfs.c                |   27 +-
 drivers/char/tpm/tpm.h                      |  117 +--
 drivers/char/tpm/tpm2-cmd.c                 |  202 +++--
 drivers/char/tpm/tpm2-sessions-test.c       |  795 ++++++++++++++++++
 drivers/char/tpm/tpm2-sessions.c            | 1204 +++++++++++++++++++++++++++
 drivers/char/tpm/tpm2-sessions.h            |  138 +++
 drivers/char/tpm/tpm2-space.c               |    8 +-
 include/linux/tpm.h                         |   29 +
 13 files changed, 2787 insertions(+), 155 deletions(-)
 create mode 100644 Documentation/security/tpm/tpm-security.rst
 create mode 100644 drivers/char/tpm/tpm-buf.c
 create mode 100644 drivers/char/tpm/tpm2-sessions-test.c
 create mode 100644 drivers/char/tpm/tpm2-sessions.c
 create mode 100644 drivers/char/tpm/tpm2-sessions.h

-- 
2.16.4


^ permalink raw reply	[flat|nested] 27+ messages in thread

end of thread, back to index

Thread overview: 27+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-09 12:16 [PATCH v6 00/12] add integrity and security to TPM2 transactions James Bottomley
2019-09-09 12:17 ` [PATCH v6 01/12] tpm-buf: move from static inlines to real functions James Bottomley
2019-09-20 14:06   ` Jarkko Sakkinen
2019-09-20 14:06     ` Jarkko Sakkinen
2019-09-20 15:53       ` James Bottomley
2019-09-09 12:18 ` [PATCH v6 02/12] tpm-buf: add handling for TPM2B types James Bottomley
2019-09-20 14:18   ` Jarkko Sakkinen
2019-09-24 11:12     ` James Bottomley
2019-09-25 12:34       ` Jarkko Sakkinen
2019-09-25 12:34         ` Jarkko Sakkinen
2019-09-09 12:19 ` [PATCH v6 03/12] tpm-buf: add cursor based functions for response parsing James Bottomley
2019-09-09 12:19 ` [PATCH v6 04/12] tpm2-space: export the context save and load commands James Bottomley
2019-09-09 12:20 ` [PATCH v6 05/12] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling James Bottomley
2019-09-20 14:34   ` Jarkko Sakkinen
2019-09-20 14:35     ` Jarkko Sakkinen
2019-09-24 11:18       ` James Bottomley
2019-09-09 12:21 ` [PATCH v6 06/12] tpm-buf: add tpm_buf_parameters() James Bottomley
2019-09-09 12:22 ` [PATCH v6 07/12] tpm2: add hmac checks to tpm2_pcr_extend() James Bottomley
2019-09-09 12:22 ` [PATCH v6 08/12] tpm2: add session encryption protection to tpm2_get_random() James Bottomley
2019-09-09 12:23 ` [PATCH v6 09/12] trusted keys: Add session encryption protection to the seal/unseal path James Bottomley
2019-09-09 12:24 ` [PATCH v6 10/12] tpm: add the null key name as a tpm2 sysfs variable James Bottomley
2019-09-09 12:25 ` [PATCH v6 11/12] Documentation: add tpm-security.rst James Bottomley
2019-09-09 12:26 ` [PATCH v6 12/12] tpm2-sessions: NOT FOR COMMITTING add sessions testing James Bottomley
2019-09-10 16:21 ` [PATCH v6 00/12] add integrity and security to TPM2 transactions Jarkko Sakkinen
2019-09-10 16:29   ` James Bottomley
2019-09-11  8:42   ` Jarkko Sakkinen
2019-09-11  9:40     ` Jarkko Sakkinen

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org
	public-inbox-index linux-security-module

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git