Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the... | linux-security-module

[PATCH v5 0/7] tpm: retrieve digest size of unknown algorithms from TPM · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
[PATCH v5 1/7] tpm: dynamically allocate the allocated_banks array · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
Re: [PATCH v5 1/7] tpm: dynamically allocate the allocated_banks array · Jarkko Sakkinen <hidden> · 2018-11-16
[PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Jarkko Sakkinen <hidden> · 2018-11-16
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-28
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-28
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-29
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Jarkko Sakkinen <hidden> · 2018-11-30
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Jarkko Sakkinen <hidden> · 2018-11-30
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Jarkko Sakkinen <hidden> · 2018-11-30
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Roberto Sassu <roberto.sassu@huawei.com> · 2018-12-03
Re: [PATCH v5 2/7] tpm: remove definition of TPM2_ACTIVE_PCR_BANKS · Jarkko Sakkinen <hidden> · 2018-12-03
[PATCH v5 3/7] tpm: rename and export tpm2_digest and tpm2_algorithms · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
[PATCH v5 4/7] tpm: modify tpm_pcr_read() definition to pass a TPM hash algorithm · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
Re: [PATCH v5 4/7] tpm: modify tpm_pcr_read() definition to pass a TPM hash algorithm · Jarkko Sakkinen <hidden> · 2018-11-16
[PATCH v5 5/7] tpm: retrieve digest size of unknown algorithms with PCR read · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
[PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Jarkko Sakkinen <hidden> · 2018-11-16
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-16
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Jarkko Sakkinen <hidden> · 2018-11-18
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-19
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Jarkko Sakkinen <hidden> · 2018-11-19
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-19
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Jarkko Sakkinen <hidden> · 2018-11-19
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-28
Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size · Jarkko Sakkinen <hidden> · 2018-11-28
[PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-14
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Jarkko Sakkinen <hidden> · 2018-11-16
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-16
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Jarkko Sakkinen <hidden> · 2018-11-18
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Mimi Zohar <zohar@linux.ibm.com> · 2018-11-19
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-19
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Mimi Zohar <zohar@linux.ibm.com> · 2018-11-19
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Jarkko Sakkinen <hidden> · 2018-11-19
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Jarkko Sakkinen <hidden> · 2018-11-18
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Roberto Sassu <roberto.sassu@huawei.com> · 2018-11-19
Re: [PATCH v5 7/7] tpm: pass an array of tpm_bank_list structures to tpm_pcr_extend() · Jarkko Sakkinen <hidden> · 2018-11-19

Re: [PATCH v5 6/7] tpm: ensure that the output of PCR read contains the correct digest size

From: Roberto Sassu <roberto.sassu@huawei.com>
Date: 2018-11-19 08:14:19
Also in: linux-integrity, lkml, stable

On 11/18/2018 8:32 AM, Jarkko Sakkinen wrote:

On Fri, Nov 16, 2018 at 05:06:48PM +0100, Roberto Sassu wrote:

quoted

On 11/16/2018 2:41 PM, Jarkko Sakkinen wrote:

quoted

On Wed, Nov 14, 2018 at 04:31:07PM +0100, Roberto Sassu wrote:

quoted

This patch protects against data corruption that could happen in the bus,
by checking that that the digest size returned by the TPM during a PCR read
matches the size of the algorithm passed to tpm2_pcr_read().

This check is performed after information about the PCR banks has been
retrieved.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Reviewed-by: Jarkko Sakkinen <redacted>
Cc: stable@vger.kernel.org

Missing fixes tag.

Before this patch set, tpm2_pcr_extend() always copied 20 bytes from the
output sent by the TPM.

Roberto

Aah, right, of course. Well the patch set is ATM somewhat broken because
this would require a fixes tag that points to a patch insdie the patch
set.

Probably good way to fix the issue is to just merge this with the
earlier commit.

Unfortunately, it is not possible. The exact digest size has been
introduced with patch 5/7.

Roberto

/Jarkko

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help