[PATCH v6 00/12] add integrity and security to TPM2 transactions
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Wed Sep 11 09:40:52 UTC 2019
On Wed, Sep 11, 2019 at 09:42:49AM +0100, Jarkko Sakkinen wrote:
> On Tue, Sep 10, 2019 at 05:21:32PM +0100, Jarkko Sakkinen wrote:
> > On Mon, Sep 09, 2019 at 01:16:48PM +0100, James Bottomley wrote:
> > > Link to previous cover letter:
> > >
> > > https://lore.kernel.org/linux-integrity/1540193596.3202.7.camel@HansenPartnership.com/
> > >
> > > This is marked v6 instead of v5 because I did a v5 after feedback on v4
> > > but didn't get around to posting it and then had to rework the whole of
> > > the kernel space handling while I was on holiday. I also added the
> > > documentation of how the whole thing works and the rationale for doing
> > > it in tpm-security.rst (patch 11). The main reason for doing this now
> > > is so we have something to discuss at Plumbers.
> > >
> > > The new patch set implements the various splits requested, but the main
> > > changes are that the kernel space is gone and is replaced by a context
> > > save and restore of the generated null seed. This is easier to handle
> > > than a full kernel space given the new threading for TPM spaces, but
> > > conceptually it is still very like a space. I've also made whether
> > > integrity and encryption is turned on a Kconfig option.
> > >
> > > James
> >
> > So... is there a changelog for the revisions?
>
> This also desperately needs a cover letter with the full rationale and
> not just a link to an aged cover letter. I have bigger problems with the
> form than the function ATM.
>
> TPM's threat model does not cover hardware attacks. It is hardware
> designed to give some protection against software attacks. If I were
> sending these patches I would start to look for an angle from that
> perspective.
The rationale can be essentially just that since there is often lots of
*software* running outside the CPU on different cores all around the HW
platform, this will add to defense in depth. I'm not looking for
anything more rockety sciency than that.
I think that was the key lesson from TPM Genie.
/Jarkko
More information about the Linux-security-module-archive
mailing list