On Sat, 2023-01-14 at 19:05 -0800, Matthew Garrett wrote: > On Sat, Jan 14, 2023 at 6:55 AM James Bottomley <jejb@xxxxxxxxxxxxx> > wrote: > > Can we go back again to why you can't use locality? It's exactly > > designed for this since locality is part of creation data. > > Currently everything only uses locality 0, so it's impossible for > > anyone on Linux to produce a key with anything other than 0 in the > > creation data for locality. However, the dynamic launch people are > > proposing that the Kernel should use Locality 2 for all its > > operations, which would allow you to distinguish a key created by > > the kernel from one created by a user by locality. > > > > I think the previous objection was that not all TPMs implement > > locality, but then not all laptops have TPMs either, so if you ever > > come across one which has a TPM but no locality, it's in a very > > similar security boat to one which has no TPM. > > It's not a question of TPM support, it's a question of platform > support. Intel chipsets that don't support TXT simply don't forward > requests with non-0 locality. Every Windows-sticker laptop since 2014 > has shipped with a TPM, but the number that ship with TXT support is > a very small percentage of that. I agree that locality is the obvious > solution for a whole bunch of problems, but it's just not usable in > the generic case. How sure are you of this statement? Of all the Laptops I have with TPM2 (a sample size of 2), my old Dell XPS-13 (a 9350 bought in 2016 with a TPM 1.2 that was firmware upgraded to 2.0) has a Nuvoton TIS TPM that doesn't respond on any locality other than 0. However, my more modern Inspiron 13 2-in-1 (a 7391 from 2019 recently bought refurbished) has an Intel PTT TPM using the CRB interface and responds fine on locality 1 and also indicates that locality in the creation data. Neither of these laptops has TXT nor the SMX extensions, so that would seem to indicate your statement above isn't universal. James
