Hi, Mimi, Answer your two questions: 1. Yes, I have verified trusted key works well without PCR policy protection as below: $ keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u 1055240928 $ keyctl list @u 1 keys in keyring: 1055240928: --alswrv 0 0 trusted: kmk $ keyctl pipe 1055240928 > kmk.blob $ cat kmk.blob 007f0020ff808bd8b7239194e89aac6a95b4d210114742c20afa33493f002dffd0685d510010c12d7ad51eb83d6d93895de066bf3d39718cc503adb4802cb087b88b2fff4b040fe3a2be6a3f87c6749d087c9fb6e8734cb23f438d64087581a13bc83d5dc3b026e77a894ece6620d0eb85df6449ff3c609fd77d5f0caf79b4535b002e0008000b000000400000001000209a5b00b0d558fcf9e8c029522715e6b5906366eaec5f34367b8ab16c0fb9009a0073000000000020e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b85501000b0022000bdcdb694e102e13a0fba5111081cb6cf616c118d404936cac3e84db24c71e47d50022000b04b5db1aa52635dfb242e76f6bde8e2176ae48fc682946c6c76d96f608079d1f0000002036b6fcca8206c7f722de85821d7ecb4785976fdd642bc7538505a2a818c8a23880214000000100202aedde4508f548d108193ec8fe166a7befde19113fe727ae2b29901bdece96e5 $ keyctl clear @u $ keyctl list @u keyring is empty $ keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001" @u 1022963731 $ keyctl print 1022963731 007f0020ff808bd8b7239194e89aac6a95b4d210114742c20afa33493f002dffd0685d510010c12d7ad51eb83d6d93895de066bf3d39718cc503adb4802cb087b88b2fff4b040fe3a2be6a3f87c6749d087c9fb6e8734cb23f438d64087581a13bc83d5dc3b026e77a894ece6620d0eb85df6449ff3c609fd77d5f0caf79b4535b002e0008000b000000400000001000209a5b00b0d558fcf9e8c029522715e6b5906366eaec5f34367b8ab16c0fb9009a0073000000000020e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b85501000b0022000bdcdb694e102e13a0fba5111081cb6cf616c118d404936cac3e84db24c71e47d50022000b04b5db1aa52635dfb242e76f6bde8e2176ae48fc682946c6c76d96f608079d1f0000002036b6fcca8206c7f722de85821d7ecb4785976fdd642bc7538505a2a818c8a23880214000000100202aedde4508f548d108193ec8fe166a7befde19113fe727ae2b29901bdece96e5 2. The following kernel file is related with this problem. /security/keys/keyctl.c /security/keys/key.c /security/keys/trusted-keys/trusted_tpm1.c /security/keys/trusted-keys/trusted_tpm2.c To load the PCR policy protection trusted key, the call stack is: SYSCALL_DEFINE5(add_key,...) --> key_create_or_update() --> __key_instantiate_and_link() --> trusted_instantiate() --> tpm2_unseal_trusted() --> tpm2_unseal_cmd(). Check dmesg, there will be error: [73336.351596] trusted_key: key_unseal failed (-1) - Shirley -----Original Message----- From: Mimi Zohar <zohar@xxxxxxxxxxxxx> Sent: Wednesday, November 27, 2019 3:28 AM To: Zhao, Shirley <shirley.zhao@xxxxxxxxx>; James Bottomley <jejb@xxxxxxxxxxxxx>; Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>; Jonathan Corbet <corbet@xxxxxxx> Cc: linux-integrity@xxxxxxxxxxxxxxx; keyrings@xxxxxxxxxxxxxxx; linux-doc@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx; 'Mauro Carvalho Chehab' <mchehab+samsung@xxxxxxxxxx>; Zhu, Bing <bing.zhu@xxxxxxxxx>; Chen, Luhai <luhai.chen@xxxxxxxxx> Subject: Re: One question about trusted key of keyring in Linux kernel. On Tue, 2019-11-26 at 07:32 +0000, Zhao, Shirley wrote: > Thanks for your feedback, Mimi. > But the document of dracut can't solve my problem. > > I did more test these days and try to descript my question in more detail. > > In my scenario, the trusted key will be sealed into TPM with PCR policy. > And there are some related options in manual like > hash= hash algorithm name as a string. For TPM 1.x the only > allowed value is sha1. For TPM 2.x the allowed values > are sha1, sha256, sha384, sha512 and sm3-256. > policydigest= digest for the authorization policy. must be calculated > with the same hash algorithm as specified by the 'hash=' > option. > policyhandle= handle to an authorization policy session that defines the > same policy and with the same hash algorithm as was used to > seal the key. > > Here is my test step. > Firstly, the pcr policy is generated as below: > $ tpm2_createpolicy --policy-pcr --pcr-list sha256:7 --policy > pcr7_bin.policy > pcr7.policy > > Pcr7.policy is the ascii hex of policy: > $ cat pcr7.policy > 321fbd28b60fcc23017d501b133bd5dbf2889814588e8a23510fe10105cb2cc9 > > Then generate the trusted key and configure policydigest and get the key ID: > $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha256 > policydigest=`cat pcr7.policy`" @u > 874117045 > > Save the trusted key. > $ keyctl pipe 874117045 > kmk.blob > > Reboot and load the key. > Start a auth session to generate the policy: > $ tpm2_startauthsession -S session.ctx > session-handle: 0x3000000 > $ tpm2_pcrlist -L sha256:7 -o pcr7.sha256 $ tpm2_policypcr -S > session.ctx -L sha256:7 -F pcr7.sha256 -f pcr7.policy > policy-digest: > 0x321FBD28B60FCC23017D501B133BD5DBF2889814588E8A23510FE10105CB2CC9 > > Input the policy handle to load trusted key: > $ keyctl add trusted kmk "load `cat kmk.blob` keyhandle=0x81000001 > policyhandle=0x3000000" @u > add_key: Operation not permitted > > The error should be policy check failed, because I use TPM command to unseal directly with error of policy check failed. > $ tpm2_unseal -c 0x81000001 -L sha256:7 ERROR on line: "81" in file: > "./lib/log.h": Tss2_Sys_Unseal(0x99D) - tpm:session(1):a policy check > failed ERROR on line: "213" in file: "tools/tpm2_unseal.c": Unseal failed! > ERROR on line: "166" in file: "tools/tpm2_tool.c": Unable to run > tpm2_unseal > > So my question is: > 1. How to use the option, policydigest, policyhandle?? Is there any example? > 2. What's wrong with my test step? When reporting a problem please state which kernel is experiencing this problem. Recently there was a trusted key regression. Refer to commit e13cd21ffd50 "tpm: Wrap the buffer from the caller to tpm_buf in tpm_send()" for the details. Before delving into this particular problem, first please make sure you are able to create, save, remove, and then reload a trusted key not sealed to a PCR. Mimi
