Re: [PATCH 0/6] Add policy to sealed keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri May 24, 2024 at 4:04 PM EEST, James Bottomley wrote:
> TPM2 policy is much more complicated than the original TPM 1.2 which
> only supported PCR value binding.  TPM2 policy may be a sequence of
> policy statements each of which must be correctly executed and may
> include choices in which set of policy statements will execute
> correctly.  The actual policy is identified in the key by a single
> hash, which is the end result of extending all the policy statements.
> However, since it is impossible to reverse engineer the policy
> statements from the hash value, the ASN.1 key format is extended to
> give a broken out list of statements the kernel must execute to get
> the correct policy hash value.
>
> In order to create policy sessions (which are usable as HMAC sessions,
> but also respond to policy statements), the TPM HMAC code is reused to
> create the required policy sessions (while preserving bus security).
> However, because the session hash algorithm must match the name
> algorithm of the sealed data (which is used for the policy hash), the
> TPM session code is changed to use a variable hash algorithm.
>
> The first patch consolidates the hash definitions and conversion
> routines, the second adds both variable hash type and policy support
> and the remaining patches add specific policy statement
> implementations.
>
> James
>
> ---
>
> James Bottomley (6):
>   tpm: consolidate TPM to crypto hash algorithm conversion
>   tpm: add policy sessions
>   KEYS: trusted: add PCR policy to TPM2 keys
>   KEYS: trusted: add ability to specify arbitrary policy
>   KEYS: trusted: implement counter/timer policy
>   KEYS: trusted: add support for TPM keys with signed policy
>
>  .../security/keys/trusted-encrypted.rst       |  99 ++-
>  drivers/char/tpm/tpm2-cmd.c                   |   8 -
>  drivers/char/tpm/tpm2-sessions.c              | 313 ++++++---
>  include/keys/trusted-type.h                   |   8 +-
>  include/linux/tpm.h                           |  81 ++-
>  security/keys/trusted-keys/Kconfig            |   2 +
>  security/keys/trusted-keys/Makefile           |   3 +
>  security/keys/trusted-keys/tpm2-policy.c      | 662 ++++++++++++++++++
>  security/keys/trusted-keys/tpm2-policy.h      |  61 ++
>  security/keys/trusted-keys/tpm2key.asn1       |  21 +
>  security/keys/trusted-keys/trusted_core.c     |   7 +-
>  security/keys/trusted-keys/trusted_tpm1.c     |  15 +
>  security/keys/trusted-keys/trusted_tpm2.c     | 206 ++++--
>  13 files changed, 1314 insertions(+), 172 deletions(-)
>  create mode 100644 security/keys/trusted-keys/tpm2-policy.c
>  create mode 100644 security/keys/trusted-keys/tpm2-policy.h

I'd prefer to this postponed after asymmetric keys and also when
the issues have been fixed from HMAC.

Also I fixed myself some bugs like memory leak and useless WARN
from existing trusted keys code so those needs to be fixed too.

So NAK at the time can be rebased later on top.

BR, Jarkko





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux