On Sun, 2018-11-18 at 09:27 +0200, Jarkko Sakkinen wrote: > On Fri, Nov 16, 2018 at 04:55:36PM +0100, Roberto Sassu wrote: > > On 11/16/2018 4:03 PM, Jarkko Sakkinen wrote: > > > On Wed, Nov 14, 2018 at 04:31:08PM +0100, Roberto Sassu wrote: > > > > Currently, tpm_pcr_extend() accepts as an input only a SHA1 digest. > > > > > > > > This patch modifies the definition of tpm_pcr_extend() to allow other > > > > kernel subsystems to pass a digest for each algorithm supported by the TPM. > > > > All digests are processed by the TPM in one operation. > > > > > > > > If a tpm_pcr_extend() caller provides a subset of the supported algorithms, > > > > the TPM driver extends the remaining PCR banks with the first digest > > > > passed as an argument to the function. > > > > > > What is the legit use case for this? > > > > A subset could be chosen for better performance, or when a TPM algorithm > > is not supported by the crypto subsystem. > > Doesn't extending a subset a security concern? Right, so instead of extending a subset of the allocated banks, all of the allocated banks need to be extended, even for those banks that a digest was not included. This is no different than what is being done today. IMA is currently only calculating the SHA1 hash, padding the digest with 0's, and extending the padded value(s) into all of the allocated banks. If there is a vulnerability with the hash algorithm, then any bank extended with the padded/truncated digest would be susceptible. IMA will need to become TPM 2.0 aware, calculating and extending multiple banks and define a new measurement list format containing the multiple digests. Mimi