When trying to verify signatures then verification may fail if the key id
derived from the subject key identifier (skid) is different from the one
that is being calculated from the public key. Therefore, first try to get
the key id from the skid of a certificate and only if this does not work
then
On Fri, 2024-02-23 at 17:51 +0200, Jarkko Sakkinen wrote:
> On Tue Feb 13, 2024 at 7:13 PM EET, James Bottomley wrote:
[...]
> > --- a/drivers/char/tpm/tpm.h
> > +++ b/drivers/char/tpm/tpm.h
> > @@ -321,4 +321,14 @@ void tpm_bios_log_setup(struct tpm_chip
> > *chip);
> > void tpm_bios_log_teardown
On Fri, 2024-02-23 at 19:02 +0200, Jarkko Sakkinen wrote:
> On Tue Feb 13, 2024 at 7:13 PM EET, James Bottomley wrote:
[...]
> > static int tpm2_parse_create_primary(struct tpm_chip *chip, struct
> > tpm_buf *buf,
> > u32 *nullkey)
>
>
> What
On Fri, 2024-02-23 at 19:06 +0200, Jarkko Sakkinen wrote:
> > +static inline enum tpm2_mso_type tpm2_handle_mso(u32 handle)
> > +{
> > + return handle >> 24;
>
> did we have macro for this (cannot recall)? like oppposite
> of BIT().
No, that's why I added this. inline functions are easier t
> OK, since there is multiple patches with KDF* dep the KDF functions
> should be their own separate patch not glued into any patch that uses
> them.
Well, I can do that if you insist, but it can't go into the kernel like
that because we'll then have a static function with no consumers which
will
The interest in securing the TPM against interposers, both active and
passive has risen to fever pitch with the demonstration of key
recovery against windows bitlocker:
https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-inside-the-company-network
And subsequently the same attack being succ
From: Jarkko Sakkinen
The helper function has no call sites. Thus, remove it.
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Bottomley
---
include/linux/tpm.h | 7 ---
1 file changed, 7 deletions(-)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 4ee9d13749ad..6588ca87c
From: Jarkko Sakkinen
Open code the last remaining call site for tpm_send().
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Bottomley
---
drivers/char/tpm/tpm-interface.c | 25 ---
include/linux/tpm.h | 5 -
security/keys/trusted-ke
separate out the tpm_buf_... handling functions from static inlines in
tpm.h and move them to their own tpm-buf.c file. This is a precursor
to adding new functions for other TPM type handling because the amount
of code will grow from the current 70 lines in tpm.h to about 200
lines when the additi
From: Jarkko Sakkinen
Remove deprecated portions and document enum values.
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Bottomley
---
include/linux/tpm.h | 9 -
1 file changed, 4 insertions(+), 5 deletions(-)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index bb0e871
From: Jarkko Sakkinen
TPM2B buffers, or sized buffers, have a two byte header, which contains the
length of the payload as a 16-bit big-endian number, without counting in
the space taken by the header. This differs from encoding in the TPM header
where the length includes also the bytes taken by
From: Jarkko Sakkinen
Declare reader functions for the instances of struct tpm_buf. If the read
goes out of boundary, TPM_BUF_BOUNDARY_ERROR is set, and subsequent read
will do nothing.
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Bottomley
---
drivers/char/tpm/tpm-buf.c | 79 +
From: Jarkko Sakkinen
Declare tpm_buf_init_sized() and tpm_buf_reset_sized() for creating TPM2B
formatted buffers. These buffers are also known as sized buffers in the
specifications and literature.
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Bottomley
---
drivers/char/tpm/tpm-buf.c |
From: Jarkko Sakkinen
Take advantage of the new sized buffer (TPM2B) mode of struct tpm_buf in
tpm2_seal_trusted(). This allows to add robustness to the command
construction without requiring to calculate buffer sizes manually.
Signed-off-by: Jarkko Sakkinen
Signed-off-by: James Bottomley
---
From: Ard Biesheuvel
Implement AES in CFB mode using the existing, mostly constant-time
generic AES library implementation. This will be used by the TPM code
to encrypt communications with TPM hardware, which is often a discrete
component connected using sniffable wires or traces.
While a CFB te
Replace all instances of &buf.data[TPM_HEADER_SIZE] with a new
function tpm_buf_parameters() because encryption sessions change
where the return parameters are located in the buffer since if a
return session is present they're 4 bytes beyond the header with those
4 bytes giving the parameter length
The TPM2 session HMAC and encryption handling code needs to save and
restore a single volatile context for the elliptic curve version of
the NULL seed, so export the APIs which do this for internal use.
Signed-off-by: James Bottomley
Reviewed-by: Stefan Berger
Reviewed-by: Jarkko Sakkinen
---
The session handling code uses a "salted" session, meaning a session
whose salt is encrypted to the public part of another TPM key so an
observer cannot obtain it (and thus deduce the session keys). This
patch creates and context saves in the tpm_chip area the primary key
of the NULL hierarchy for
The TCG mandates two Key derivation functions called KDFa and KDFe
used to derive keys from seeds and elliptic curve points respectively.
The definitions for these functions are found in the TPM 2.0 Library
Specification Part 1 - Architecture Guide
https://trustedcomputinggroup.org/resource/tpm-li
Add session based HMAC authentication plus parameter decryption and
response encryption using AES. The basic design is to segregate all
the nasty crypto, hash and hmac code into tpm2-sessions.c and export a
usable API. The API first of all starts off by gaining a session with
tpm2_start_auth
Add tpm2_append_name() for appending to the handle area of the TPM
command. When TPM_BUS_SECURITY is enabled and HMAC sessions are in
use this adds the standard u32 handle to the buffer but additionally
records the name of the object which must be used as part of the HMAC
computation. The name of
The final pieces of the HMAC API are for manipulating the session area
of the command. To add an authentication HMAC session
tpm_buf_append_hmac_session() is called where tpm2_append_auth() would
go. If a non empty password is passed in, this is correctly added to
the HMAC to prove knowledge of it
tpm2_pcr_extend() is used by trusted keys to extend a PCR to prevent a
key from being re-loaded until the next reboot. To use this
functionality securely, that extend must be protected by a session
hmac. This patch adds HMAC protection so tampering with the
tpm2_pcr_extend() command in flight is
If some entity is snooping the TPM bus, the can see the data going in
to be sealed and the data coming out as it is unsealed. Add parameter
and response encryption to these cases to ensure that no secrets are
leaked even if the bus is snooped.
As part of doing this conversion it was discovered th
If some entity is snooping the TPM bus, they can see the random
numbers we're extracting from the TPM and do prediction attacks
against their consumers. Foil this attack by using response
encryption to prevent the attacker from seeing the random sequence.
Signed-off-by: James Bottomley
Reviewed-
This is the last component of encrypted tpm2 session handling that
allows us to verify from userspace that the key derived from the NULL
seed genuinely belongs to the TPM and has not been spoofed.
The procedure for doing this involves creating an attestation identity
key (which requires verificati
Document how the new encrypted secure interface for TPM2 works and how
security can be assured after boot by certifying the NULL seed.
Signed-off-by: James Bottomley
Reviewed-by: Jarkko Sakkinen
---
v7: add review
---
Documentation/security/tpm/tpm-security.rst | 216
1 fi
Update tpm2_load_context() to return -EINVAL on integrity failures and
use this as a signal when loading the NULL context that something
might be wrong. If the signal fails, check the name of the NULL
primary against the one stored in the chip data and if there is a
mismatch disable the TPM becaus
On Mon Apr 29, 2024 at 11:27 PM EEST, James Bottomley wrote:
> The interest in securing the TPM against interposers, both active and
> passive has risen to fever pitch with the demonstration of key
> recovery against windows bitlocker:
>
> https://dolosgroup.io/blog/2021/7/9/from-stolen-laptop-to-i
On Tue Apr 30, 2024 at 1:22 AM EEST, Jarkko Sakkinen wrote:
> On Mon Apr 29, 2024 at 11:27 PM EEST, James Bottomley wrote:
> > The interest in securing the TPM against interposers, both active and
> > passive has risen to fever pitch with the demonstration of key
> > recovery against windows bitloc
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> The session handling code uses a "salted" session, meaning a session
> whose salt is encrypted to the public part of another TPM key so an
> observer cannot obtain it (and thus deduce the session keys). This
> patch creates and context
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> The TCG mandates two Key derivation functions called KDFa and KDFe
> used to derive keys from seeds and elliptic curve points respectively.
> The definitions for these functions are found in the TPM 2.0 Library
> Specification Part 1 -
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> Add session based HMAC authentication plus parameter decryption and
> response encryption using AES. The basic design is to segregate all
> the nasty crypto, hash and hmac code into tpm2-sessions.c and export a
> usable API. The
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> Add tpm2_append_name() for appending to the handle area of the TPM
> command. When TPM_BUS_SECURITY is enabled and HMAC sessions are in
> use this adds the standard u32 handle to the buffer but additionally
> records the name of the ob
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> The final pieces of the HMAC API are for manipulating the session area
> of the command. To add an authentication HMAC session
> tpm_buf_append_hmac_session() is called where tpm2_append_auth() would
> go. If a non empty password is pa
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> Update tpm2_load_context() to return -EINVAL on integrity failures and
> use this as a signal when loading the NULL context that something
> might be wrong. If the signal fails, check the name of the NULL
> primary against the one stor
On Mon Apr 29, 2024 at 11:28 PM EEST, James Bottomley wrote:
> + if (chip->flags & TPM_CHIP_FLAG_DISABLE)
> + return rc;
> +
s/DISABLE/ACCESS_DENIED/ as it is more to the point.
Further, tpm_open() should fail right off the bat after ending up to
this situation.
BR, Jarkko
On Tue Apr 30, 2024 at 1:26 AM EEST, Jarkko Sakkinen wrote:
> Right and obviously 3rd option is to send a PR to
> https://gitlab.com/jarkkojs/linux-tpmdd-test.
>
> I.e. patch file goes to patches/qemu (BR2_GLOBAL_PATCH_DIR
> points there).
Stefan, can I do a "zero QEMU changes" negative test for
c
38 matches
Mail list logo
