[0/8] Fix TPM 2.0 trusted keys

Message ID	1575781600.14069.8.camel@HansenPartnership.com (mailing list archive)
Headers	show Return-Path: <SRS0=uZbQ=Z6=vger.kernel.org=linux-integrity-owner@kernel.org> Message-ID: <1575781600.14069.8.camel@HansenPartnership.com> Subject: [PATCH 0/8] Fix TPM 2.0 trusted keys From: James Bottomley <James.Bottomley@HansenPartnership.com> To: linux-integrity@vger.kernel.org Cc: Mimi Zohar <zohar@linux.ibm.com>, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> Date: Sat, 07 Dec 2019 21:06:40 -0800 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk
Series	Fix TPM 2.0 trusted keys \| expand [0/8] Fix TPM 2.0 trusted keys [1/8] security: keys: trusted: flush the key handle after use [2/8] lib: add asn.1 encoder [3/8] oid_registry: Add TCG defined OIDS for TPM keys [4/8] security: keys: trusted: use ASN.1 tpm2 key format for the blobs [5/8] security: keys: trusted: Make sealed key properly interoperable [6/8] security: keys: trusted: add PCR policy to TPM2 keys [7/8] security: keys: trusted: add ability to specify arbitrary policy [8/8] security: keys: trusted: implement counter/timer policy

Message ID

1575781600.14069.8.camel@HansenPartnership.com (mailing list archive)

Headers

Message-ID: <1575781600.14069.8.camel@HansenPartnership.com>
Subject: [PATCH 0/8] Fix TPM 2.0 trusted keys
From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
        Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Date: Sat, 07 Dec 2019 21:06:40 -0800
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: linux-integrity-owner@vger.kernel.org
Precedence: bulk

Series

Fix TPM 2.0 trusted keys | expand

Message

James Bottomley Dec. 8, 2019, 5:06 a.m. UTC

This fixes a wide array of problems with the current TPM 2.0
implementation of trusted keys.  Since policy based trusted keys never
worked in the current implementation, I've rewritten the policy
implementation to make it easier to use and so the trusted key handler
can understand what elements of a policy are failing and why.

Apart from fixing bugs like volatile object leakage, I've changed the
output format to use the standardised ASN.1 coding for TPM2 keys,
meaning they should interoperate with userspace TPM2 key
implementations.  Apart from interoperability, another advantage of the
existing key format is that it carries all parameters like parent and
hash with it and it is capable of carrying policy directives in a way
that mean they're tied permanently to the key (no having to try to
remember what the policy was and reconstruct it from userspace).  This
actually allows us to support the TPM 1.2 commands like pcrinfo easily
in 2.0.

The big problem with this patch is still that we can't yet combine
policy with authorization because that requires proper session
handling, but at least with this rewrite it becomes possible (whereas
it was never possible with the old external policy session code). 
Thus, when we have the TPM 2.0 security patch upstream, we'll be able
to use the session logic from that patch to imlement authorizations.

James

---

James Bottomley (8):
  security: keys: trusted: flush the key handle after use
  lib: add asn.1 encoder
  oid_registry: Add TCG defined OIDS for TPM keys
  security: keys: trusted: use ASN.1 tpm2 key format for the blobs
  security: keys: trusted: Make sealed key properly interoperable
  security: keys: trusted: add PCR policy to TPM2 keys
  security: keys: trusted: add ability to specify arbitrary policy
  security: keys: trusted: implement counter/timer policy

 Documentation/security/keys/trusted-encrypted.rst |  70 +++-
 drivers/char/tpm/tpm.h                            |   1 -
 drivers/char/tpm/tpm2-cmd.c                       |   1 +
 include/keys/trusted-type.h                       |   6 +-
 include/linux/asn1_encoder.h                      |  21 ++
 include/linux/oid_registry.h                      |   5 +
 include/linux/tpm.h                               |   8 +
 lib/Makefile                                      |   2 +-
 lib/asn1_encoder.c                                | 201 +++++++++++
 security/keys/Kconfig                             |   2 +
 security/keys/trusted-keys/Makefile               |   2 +-
 security/keys/trusted-keys/tpm2-policy.c          | 409 ++++++++++++++++++++++
 security/keys/trusted-keys/tpm2-policy.h          |  31 ++
 security/keys/trusted-keys/tpm2key.asn1           |  23 ++
 security/keys/trusted-keys/trusted_tpm1.c         |  40 +--
 security/keys/trusted-keys/trusted_tpm2.c         | 285 +++++++++++++--
 16 files changed, 1050 insertions(+), 57 deletions(-)
 create mode 100644 include/linux/asn1_encoder.h
 create mode 100644 lib/asn1_encoder.c
 create mode 100644 security/keys/trusted-keys/tpm2-policy.c
 create mode 100644 security/keys/trusted-keys/tpm2-policy.h
 create mode 100644 security/keys/trusted-keys/tpm2key.asn1

Comments

Jarkko Sakkinen Dec. 9, 2019, 8:20 p.m. UTC | #1

On Sat, Dec 07, 2019 at 09:06:40PM -0800, James Bottomley wrote:
> The big problem with this patch is still that we can't yet combine
> policy with authorization because that requires proper session
> handling, but at least with this rewrite it becomes possible (whereas
> it was never possible with the old external policy session code). 
> Thus, when we have the TPM 2.0 security patch upstream, we'll be able
> to use the session logic from that patch to imlement authorizations.

This essentially means that this is an RFC, not something that can be
merged at this point before whatever you mean by proper has been landed.

/Jarkko

James Bottomley Dec. 9, 2019, 8:57 p.m. UTC | #2

On Mon, 2019-12-09 at 22:20 +0200, Jarkko Sakkinen wrote:
> On Sat, Dec 07, 2019 at 09:06:40PM -0800, James Bottomley wrote:
> > The big problem with this patch is still that we can't yet combine
> > policy with authorization because that requires proper session
> > handling, but at least with this rewrite it becomes possible
> > (whereas it was never possible with the old external policy session
> > code). Thus, when we have the TPM 2.0 security patch upstream,
> > we'll be able to use the session logic from that patch to imlement
> > authorizations.
> 
> This essentially means that this is an RFC, not something that can be
> merged at this point before whatever you mean by proper has been
> landed.

No it doesn't.  It just means we have a limitation in the keys that
needs to be removed at a later time when we have the authentication
mechanisms.  Since there will simply be a feature added with no
backward compat problems, it's not a merge blocker.

James