On Thu, Nov 03, 2022 at 11:01:11AM -0700, Evan Green wrote: > From: Matthew Garrett <matthewgarrett@xxxxxxxxxx> > > Introduce a new Kconfig, TCG_TPM_RESTRICT_PCR, which if enabled > restricts usermode's ability to extend or reset PCR 23. > > Under certain circumstances it might be desirable to enable the creation > of TPM-backed secrets that are only accessible to the kernel. In an > ideal world this could be achieved by using TPM localities, but these > don't appear to be available on consumer systems. An alternative is to > simply block userland from modifying one of the resettable PCRs, leaving > it available to the kernel. If the kernel ensures that no userland can > access the TPM while it is carrying out work, it can reset PCR 23, > extend it to an arbitrary value, create or load a secret, and then reset > the PCR again. Even if userland somehow obtains the sealed material, it > will be unable to unseal it since PCR 23 will never be in the > appropriate state. > > This Kconfig is only properly supported for systems with TPM2 devices. > For systems with TPM1 devices, having this Kconfig enabled completely > restricts usermode's access to the TPM. TPM1 contains support for > tunnelled transports, which usermode could use to smuggle commands > through that this Kconfig is attempting to restrict. > > Link: https://lore.kernel.org/lkml/20210220013255.1083202-3-matthewgarrett@xxxxxxxxxx/ > Signed-off-by: Matthew Garrett <mjg59@xxxxxxxxxx> > Signed-off-by: Evan Green <evgreen@xxxxxxxxxxxx> > --- > > Changes in v4: > - Augment the commit message (Jarkko) > > Changes in v3: > - Fix up commit message (Jarkko) > - tpm2_find_and_validate_cc() was split (Jarkko) > - Simply fully restrict TPM1 since v2 failed to account for tunnelled > transport sessions (Stefan and Jarkko). > > Changes in v2: > - Fixed sparse warnings Since you've changed this patch from the original, I would follow the same advice I gave here: https://lore.kernel.org/lkml/202209201620.A886373@keescook/ > -- Kees Cook
