From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: linux-integrity@vger.kernel.org, linux-crypto@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v6 00/12] add integrity and security to TPM2 transactions
Date: Wed, 11 Sep 2019 10:40:52 +0100 [thread overview]
Message-ID: <20190911094052.GA22754@linux.intel.com> (raw)
In-Reply-To: <20190911084249.GA7436@linux.intel.com>
On Wed, Sep 11, 2019 at 09:42:49AM +0100, Jarkko Sakkinen wrote:
> On Tue, Sep 10, 2019 at 05:21:32PM +0100, Jarkko Sakkinen wrote:
> > On Mon, Sep 09, 2019 at 01:16:48PM +0100, James Bottomley wrote:
> > > Link to previous cover letter:
> > >
> > > https://lore.kernel.org/linux-integrity/1540193596.3202.7.camel@HansenPartnership.com/
> > >
> > > This is marked v6 instead of v5 because I did a v5 after feedback on v4
> > > but didn't get around to posting it and then had to rework the whole of
> > > the kernel space handling while I was on holiday. I also added the
> > > documentation of how the whole thing works and the rationale for doing
> > > it in tpm-security.rst (patch 11). The main reason for doing this now
> > > is so we have something to discuss at Plumbers.
> > >
> > > The new patch set implements the various splits requested, but the main
> > > changes are that the kernel space is gone and is replaced by a context
> > > save and restore of the generated null seed. This is easier to handle
> > > than a full kernel space given the new threading for TPM spaces, but
> > > conceptually it is still very like a space. I've also made whether
> > > integrity and encryption is turned on a Kconfig option.
> > >
> > > James
> >
> > So... is there a changelog for the revisions?
>
> This also desperately needs a cover letter with the full rationale and
> not just a link to an aged cover letter. I have bigger problems with the
> form than the function ATM.
>
> TPM's threat model does not cover hardware attacks. It is hardware
> designed to give some protection against software attacks. If I were
> sending these patches I would start to look for an angle from that
> perspective.
The rationale can be essentially just that since there is often lots of
*software* running outside the CPU on different cores all around the HW
platform, this will add to defense in depth. I'm not looking for
anything more rockety sciency than that.
I think that was the key lesson from TPM Genie.
/Jarkko
prev parent reply other threads:[~2019-09-11 9:40 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-09-09 12:16 [PATCH v6 00/12] add integrity and security to TPM2 transactions James Bottomley
2019-09-09 12:17 ` [PATCH v6 01/12] tpm-buf: move from static inlines to real functions James Bottomley
2019-09-20 14:06 ` Jarkko Sakkinen
2019-09-20 14:06 ` Jarkko Sakkinen
2019-09-20 15:53 ` James Bottomley
2019-09-09 12:18 ` [PATCH v6 02/12] tpm-buf: add handling for TPM2B types James Bottomley
2019-09-20 14:18 ` Jarkko Sakkinen
2019-09-24 11:12 ` James Bottomley
2019-09-25 12:34 ` Jarkko Sakkinen
2019-09-25 12:34 ` Jarkko Sakkinen
2019-09-09 12:19 ` [PATCH v6 03/12] tpm-buf: add cursor based functions for response parsing James Bottomley
2019-09-09 12:19 ` [PATCH v6 04/12] tpm2-space: export the context save and load commands James Bottomley
2019-09-09 12:20 ` [PATCH v6 05/12] tpm2-sessions: Add full HMAC and encrypt/decrypt session handling James Bottomley
2019-09-20 14:34 ` Jarkko Sakkinen
2019-09-20 14:35 ` Jarkko Sakkinen
2019-09-24 11:18 ` James Bottomley
2019-09-09 12:21 ` [PATCH v6 06/12] tpm-buf: add tpm_buf_parameters() James Bottomley
2019-09-09 12:22 ` [PATCH v6 07/12] tpm2: add hmac checks to tpm2_pcr_extend() James Bottomley
2019-09-09 12:22 ` [PATCH v6 08/12] tpm2: add session encryption protection to tpm2_get_random() James Bottomley
2019-09-09 12:23 ` [PATCH v6 09/12] trusted keys: Add session encryption protection to the seal/unseal path James Bottomley
2019-09-09 12:24 ` [PATCH v6 10/12] tpm: add the null key name as a tpm2 sysfs variable James Bottomley
2019-09-09 12:25 ` [PATCH v6 11/12] Documentation: add tpm-security.rst James Bottomley
2019-09-09 12:26 ` [PATCH v6 12/12] tpm2-sessions: NOT FOR COMMITTING add sessions testing James Bottomley
2019-09-10 16:21 ` [PATCH v6 00/12] add integrity and security to TPM2 transactions Jarkko Sakkinen
2019-09-10 16:29 ` James Bottomley
2019-09-11 8:42 ` Jarkko Sakkinen
2019-09-11 9:40 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190911094052.GA22754@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=linux-crypto@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).