Re: MemoryOverwriteRequestControl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 04, 2016 at 07:58:51PM -0700, James Bottomley wrote:
> On Tue, 2016-07-05 at 03:40 +0100, Matthew Garrett wrote:
> > dm-crypt secrets are typically unrelated to the TPM, so I really 
> > don't think the TSS is the right layer to be solving this.
> 
> Not in theory: the MOR protocol is supposed to protect arbitrary
> unprotected secrets in memory.  I accept that in practice, it was
> designed to protect a single secret: the bitlocker encryption key.

I think we may be miscommunicating slightly. If MOR is intended to 
protect arbitrary secrets then it needs to protect secrets that are 
unrelated to the TPM - that means that TSS integration isn't sufficient. 
Unless we can guarantee that every piece of userspace is behaving 
correctly, that probably means setting MOR in kernel init and letting 
userspace turn it off if it's been audited to handle things 
appropriately (and having the kernel ignore that request if it has its 
own secrets it needs to protect)

-- 
Matthew Garrett | mjg59@xxxxxxxxxxxxx
--
To unsubscribe from this list: send the line "unsubscribe linux-efi" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux