[PATCH v4 0/7] add integrity and security to TPM2 transactions
James Bottomley
James.Bottomley at HansenPartnership.com
Mon Oct 22 15:55:08 UTC 2018
On Mon, 2018-10-22 at 11:50 -0400, Ken Goldman wrote:
> On 10/22/2018 10:18 AM, James Bottomley wrote:
> > > 1 - Any policy that requires a password (policypassword) can
> > > substitute
> > > an HMAC (policyauthvalue) at the callers discretion. They result
> > > in the same policy digest.
> >
> > Right but this requires the co-operation of the policy handle
> > creator, so it's an API change.
> >
>
> In case it wasn't clear: The choice is not made at the time the
> policy is calculated, nor is it made at startauthsession (when
> the policy is created).
>
> The choice is made when the policy is being satisfied.
>
> policypassword tells the TPM to expect a plaintext password, while
> policyauthvalue tells the TPM to expect an HMAC.
>
> It's subtle that either policy command results in the same policy
> digest.
I understand, but the API just has a policy handle from a fully
constructed policy passed in. There's no way to deconstruct this even
to know if it has auth requirements and what type. To get that info we
have to see the policy commands that go into building up the policy
session ... this means the API needs to change.
James
More information about the Linux-security-module-archive
mailing list