From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751601AbdG0UwH (ORCPT <rfc822;w@1wt.eu>);
        Thu, 27 Jul 2017 16:52:07 -0400
Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:34955 "EHLO
        mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK)
        by vger.kernel.org with ESMTP id S1751454AbdG0UwD (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 27 Jul 2017 16:52:03 -0400
Subject: Re: [Linux-ima-devel] [RFC PATCH 1/5] ima: extend clone() with IMA
 namespace support
To: "Magalhaes, Guilherme (Brazil R&D-CL)" <guilherme.magalhaes@hpe.com>,
        Mimi Zohar <zohar@linux.vnet.ibm.com>,
        "Serge E. Hallyn" <serge@hallyn.com>
References: <20170720225033.21298-1-mkayaalp@linux.vnet.ibm.com>
 <20170720225033.21298-2-mkayaalp@linux.vnet.ibm.com>
 <20170725175317.GA727@mail.hallyn.com>
 <1501008554.3689.30.camel@HansenPartnership.com>
 <20170725190406.GA1883@mail.hallyn.com>
 <1501009739.3689.33.camel@HansenPartnership.com>
 <1501012082.27413.17.camel@linux.vnet.ibm.com>
 <645db815-7773-e351-5db7-89f38cd88c3d@linux.vnet.ibm.com>
 <20170725204622.GA4969@mail.hallyn.com>
 <1501016277.27413.50.camel@linux.vnet.ibm.com>
 <20170725210801.GA5628@mail.hallyn.com>
 <1501018134.27413.66.camel@linux.vnet.ibm.com>
 <TU4PR84MB03021F7FDF1B89ECAA8F7FFFFFBE0@TU4PR84MB0302.NAMPRD84.PROD.OUTLOOK.COM>
 <1501166369.28419.171.camel@linux.vnet.ibm.com>
 <TU4PR84MB03025AD26718A173FB3E3F94FFBE0@TU4PR84MB0302.NAMPRD84.PROD.OUTLOOK.COM>
 <3c3d8594-9958-5f53-ec0b-f33c36967f95@linux.vnet.ibm.com>
 <TU4PR84MB030243E7071B5A7455334886FFBE0@TU4PR84MB0302.NAMPRD84.PROD.OUTLOOK.COM>
Cc: Mehmet Kayaalp <mkayaalp@cs.binghamton.edu>,
        Yuqiong Sun <sunyuqiong1988@gmail.com>,
        containers <containers@lists.linux-foundation.org>,
        linux-kernel <linux-kernel@vger.kernel.org>,
        David Safford <david.safford@ge.com>,
        James Bottomley <James.Bottomley@HansenPartnership.com>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        ima-devel <linux-ima-devel@lists.sourceforge.net>,
        Yuqiong Sun <suny@us.ibm.com>
From: Stefan Berger <stefanb@linux.vnet.ibm.com>
Date: Thu, 27 Jul 2017 16:51:58 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
 Thunderbird/45.4.0
MIME-Version: 1.0
In-Reply-To: <TU4PR84MB030243E7071B5A7455334886FFBE0@TU4PR84MB0302.NAMPRD84.PROD.OUTLOOK.COM>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-TM-AS-GCONF: 00
x-cbid: 17072720-0024-0000-0000-000002B6A62D
X-IBM-SpamModules-Scores: 
X-IBM-SpamModules-Versions: BY=3.00007437; HX=3.00000241; KW=3.00000007;
 PH=3.00000004; SC=3.00000214; SDB=6.00893794; UDB=6.00446875; IPR=6.00673955;
 BA=6.00005495; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000;
 ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00016413; XFM=3.00000015;
 UTC=2017-07-27 20:52:01
X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused
x-cbparentid: 17072720-0025-0000-0000-000044E6390C
Message-Id: <e14c46d1-fbc9-bfc7-a078-288141371e67@linux.vnet.ibm.com>
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-07-27_12:,,
 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0
 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam
 adjust=0 reason=mlx scancount=1 engine=8.0.1-1706020000
 definitions=main-1707270323
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 07/27/2017 03:39 PM, Magalhaes, Guilherme (Brazil R&D-CL) wrote:
>
>> There's a vTPM proxy driver in the kernel that enables spawning a
>> frontend /dev/tpm%d and an anonymous backend file descriptor where a
>> vTPM can listen on for TPM commands. I integrated this with 'swtpm' and
>> I have been working on integrating this into runc. Currently each
>> container started with runc can get one (or multiple) vTPMs and
>> /dev/tpm0 [and /dev/tpmrm0 in case of TPM2] then appear inside the
>> container.
>>
> This is an interesting solution especially for nested namespaces with the
> recursive application of measurements and a having list per container.
>
> Following the TCG specs/requirements, what could we say about security
> guarantees of real TPMs Vs this vTPM implementation?


A non-root user may not be able to do access the (permanent) state of 
the vTPM state files since the container management stack would restrict 
access to the files using DAC. Access to runtime data is also prevented 
since the vTPM would not run under the account of the non-root user.

To protect the vTPM's permanent state file from access by a root user it 
comes down to preventing the root user from getting a hold of the key 
used for encrypting that file. Encrypting the state of the vTPM is 
probably the best we can do to approximate a temper-resistant chip, but 
preventing the root user from accessing the key may be more challenging.
Preventing root from accessing runtime data could be achieved by using 
XGS or a similar technology.

     Stefan