Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2024-05-22 at 17:11 +0300, Jarkko Sakkinen wrote:
> For tpm_crb we should actually disable HMAC at some point. It is
> essentially a performance regression for it.

You'd think that, because of the shared buffer and no bus, but you
never quite know.  For instance several confidential computing early
implementations used the crb interface set up by qemu (i.e. over shared
buffers which are readable by the host).  For them the only way to get
security is with sessions.  Even with the default Intel CRB, the TPM
transaction isn't handled directly by the main CPU, it's offloaded to
the ME (which we all know google loves because of its tight security
boundary).  It is entirely possible to imagine a software interposer
running in the ME snooping the CRB buffer.  A very different type of
attack from the LPB interposer, but plausible non the less.

James





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux