On Sat May 18, 2024 at 7:31 AM EEST, Eric Biggers wrote:
> This is "normal" behavior when the crypto API instantiates a template:
>
> 1. drbg.c asks for "hmac(sha512)"
>
> 2. The crypto API looks for a direct implementation of "hmac(sha512)".
> This includes requesting a module with alias "crypto-hmac(sha512)".
>
> 3. If none is found, the "hmac" template is instantiated instead.
>
> There are two possible fixes for the bug. Either fix ecc_gen_privkey() to just
> use get_random_bytes() instead of the weird crypto API RNG, or make
> drbg_init_hash_kernel() pass the CRYPTO_NOLOAD flag to crypto_alloc_shash().
>
> Or if the TPM driver could be changed to not need to generate an ECC private key
> at probe time, that would also avoid this problem.
Issues:
- IMA extends PCR's. This requires encrypted communications path.
- HWRNG uses auth session (see tpm2_get_radom()).
- TPM trusted keys
Null key is required before any other legit use in initialization.
Even something like
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -36,6 +36,8 @@ config TCG_TPM2_HMAC
bool "Use HMAC and encrypted transactions on the TPM bus"
default y
+ select CRYPTO_DRBG
select CRYPTO_ECDH
+ select CRYPTO_HMAC
+ select CRYPTO_SHA512
select CRYPTO_LIB_AESCFB
select CRYPTO_LIB_SHA256
help
would be more decent.
>
> - Eric
BR, Jarkko
