Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use

[PATCH 0/9] Enable hibernation when Lockdown is enabled · Matthew Garrett <hidden> · 2021-02-20
[PATCH 1/9] tpm: Add support for in-kernel resetting of PCRs · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 1/9] tpm: Add support for in-kernel resetting of PCRs · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
[PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-24
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · James Bottomley <hidden> · 2021-02-24
Re: [PATCH 2/9] tpm: Allow PCR 23 to be restricted to kernel-only use · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-28
[PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
Re: [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-22
Re: [PATCH 3/9] security: keys: trusted: Parse out individual components of the key blob · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-24
[PATCH 4/9] security: keys: trusted: Store the handle of a loaded key · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 4/9] security: keys: trusted: Store the handle of a loaded key · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
[PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Jarkko Sakkinen <jarkko@kernel.org> · 2021-02-20
Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Ben Boeckel <hidden> · 2021-02-21
Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-22
[PATCH 6/9] pm: hibernate: Optionally store and verify a hash of the image · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 6/9] pm: hibernate: Optionally store and verify a hash of the image · Evan Green <hidden> · 2021-05-05
[PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity · Randy Dunlap <hidden> · 2021-02-20
Re: [PATCH 7/9] pm: hibernate: Optionally use TPM-backed keys to protect image integrity · Matthew Garrett <mjg59@srcf.ucam.org> · 2021-02-22
[PATCH 8/9] pm: hibernate: Verify the digest encryption key · Matthew Garrett <hidden> · 2021-02-20
[PATCH 9/9] pm: hibernate: seal the encryption key with a PCR policy · Matthew Garrett <hidden> · 2021-02-20
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Evan Green <hidden> · 2021-05-04
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Jarkko Sakkinen <jarkko@kernel.org> · 2021-05-05
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Jarkko Sakkinen <jarkko@kernel.org> · 2021-05-05
Re: [PATCH 0/9] Enable hibernation when Lockdown is enabled · Evan Green <hidden> · 2021-05-05

From: Matthew Garrett <mjg59@srcf.ucam.org>
Date: 2021-02-28 08:00:05
Also in: keyrings, linux-pm, lkml

On Wed, Feb 24, 2021 at 10:00:53AM -0800, James Bottomley wrote:

On Sat, 2021-02-20 at 01:32 +0000, Matthew Garrett wrote:

quoted

Under certain circumstances it might be desirable to enable the
creation of TPM-backed secrets that are only accessible to the
kernel. In an ideal world this could be achieved by using TPM
localities, but these don't appear to be available on consumer
systems.

I don't understand this ... the localities seem to work fine on all the
systems I have ... is this some embedded thing?

I haven't made it work on an HP Z440 or a Lenovo P520. So now I'm
wondering whether having chipsets with TXT support (even if it's turned
off) confuse this point. Sigh. I'd really prefer to use localities than
a PCR, so if it works on client platforms I'd be inclined to say we'll
do a self-test and go for that, and workstation vendors can just
recommend their customers use UPSes or something.

quoted

 An alternative is to simply block userland from modifying one of the
resettable PCRs, leaving it available to the kernel. If the kernel
ensures that no userland can access the TPM while it is carrying out
work, it can reset PCR 23, extend it to an arbitrary value, create or
load a secret, and then reset the PCR again. Even if userland somehow
obtains the sealed material, it will be unable to unseal it since PCR
23 will never be in the appropriate state.

This seems a bit arbitrary: You're removing this PCR from user space
accessibility, but PCR 23 is defined as "Application Support" how can
we be sure no application will actually want to use it (and then fail)?

Absolutely no way of guaranteeing that, and enabling this option is
certainly an ABI break.

Since PCRs are very scarce, why not use a NV index instead.  They're
still a bounded resource, but most TPMs have far more of them than they
do PCRs, and the address space is much bigger so picking a nice
arbitrary 24 bit value reduces the chance of collisions.

How many write cycles do we expect the NV to survive? But I'll find a
client system with a TPM and play with locality support there - maybe we
can just avoid this problem anyway.

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help