Re: [RFC PATCH v2 3/4] tsm: Map RTMRs to TCG TPM PCRs

All the mail mirrored from lore.kernel.org
 help / color / mirror / Atom feed

From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Kuppuswamy Sathyanarayanan
	<sathyanarayanan.kuppuswamy@linux.intel.com>,
	Samuel Ortiz <sameo@rivosinc.com>,
	Dan Williams <dan.j.williams@intel.com>
Cc: Qinkun Bao <qinkun@google.com>,
	"Yao, Jiewen" <jiewen.yao@intel.com>,
	 "Xing, Cedric" <cedric.xing@intel.com>,
	Dionna Amalie Glaze <dionnaglaze@google.com>,
	biao.lu@intel.com,  linux-coco@lists.linux.dev,
	linux-integrity@vger.kernel.org,  linux-kernel@vger.kernel.org
Subject: Re: [RFC PATCH v2 3/4] tsm: Map RTMRs to TCG TPM PCRs
Date: Fri, 02 Feb 2024 07:18:40 +0100	[thread overview]
Message-ID: <c291d11119295740b846a382ba6df4bd57bda03e.camel@HansenPartnership.com> (raw)
In-Reply-To: <0c396883-6eb7-4ee9-955b-42e365a737cf@linux.intel.com>

On Sun, 2024-01-28 at 14:44 -0800, Kuppuswamy Sathyanarayanan wrote:
> 
> On 1/28/24 1:25 PM, Samuel Ortiz wrote:
> > Many user space and internal kernel subsystems (e.g. the Linux IMA)
> > expect a Root of Trust for Storage (RTS) that allows for extending
> > and reading measurement registers that are compatible with the TCG
> > TPM PCRs layout, e.g. a TPM. In order to allow those components to
> > alternatively use a platform TSM as their RTS, a TVM could map the
> > available RTMRs to one or more TCG TPM PCRs. Once configured, those
> > PCR to RTMR mappings give the kernel TSM layer all the necessary
> > information to be a RTS for e.g. the Linux IMA or any other
> > components that expects a TCG compliant TPM PCRs layout.
> 
> Why expose the mapping to user space? IMO, the goal should be
> to let user space application work without any changes. So we should
> try to hide this conversion in kernel and let userspace code to use
> PCR as usual.

There's also the question about use case: if we're going to measure
into RTMRs as though they were PCRs, they will need to collect the
kernel measurements as well, which means the mapping will have to be
fixed in early boot when the first TPM measurement is done.

James

next prev parent reply	other threads:[~2024-02-02  6:18 UTC|newest]

Thread overview: 35+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-01-28 21:25 [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI Samuel Ortiz
2024-01-28 21:25 ` [RFC PATCH v2 1/4] tsm: Runtime measurement register support Samuel Ortiz
2024-01-29 16:57   ` Dionna Amalie Glaze
2024-02-01 22:03   ` Jarkko Sakkinen
2024-01-28 21:25 ` [RFC PATCH v2 2/4] tsm: Add RTMRs to the configfs-tsm hierarchy Samuel Ortiz
2024-01-28 22:38   ` Kuppuswamy Sathyanarayanan
2024-02-01 22:05   ` Jarkko Sakkinen
2024-02-21 16:16   ` Mikko Ylinen
2024-01-28 21:25 ` [RFC PATCH v2 3/4] tsm: Map RTMRs to TCG TPM PCRs Samuel Ortiz
2024-01-28 22:44   ` Kuppuswamy Sathyanarayanan
2024-02-02  6:18     ` James Bottomley [this message]
2024-01-28 21:25 ` [RFC PATCH v2 4/4] tsm: Allow for extending and reading configured RTMRs Samuel Ortiz
2024-02-01 22:02 ` [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI Jarkko Sakkinen
2024-02-02  6:24 ` James Bottomley
2024-02-02 23:07   ` Dan Middleton
2024-02-03  6:03     ` James Bottomley
2024-02-03  7:13       ` Kuppuswamy Sathyanarayanan
2024-02-03 10:27         ` James Bottomley
2024-02-06  8:34           ` Xing, Cedric
2024-02-06  8:57             ` James Bottomley
2024-02-07  2:02               ` Dan Williams
2024-02-07 20:16                 ` Xing, Cedric
2024-02-07 21:08                   ` Kuppuswamy Sathyanarayanan
2024-02-07 21:46                     ` James Bottomley
2024-02-09 20:58                       ` Dan Williams
2024-02-13  7:36                         ` Xing, Cedric
2024-02-13 16:05                           ` James Bottomley
2024-02-14  8:54                             ` Xing, Cedric
2024-02-15  6:14                               ` Dan Williams
2024-02-16  2:05                                 ` Xing, Cedric
2024-03-05  1:19                             ` Xing, Cedric
2024-04-17 20:23                               ` Dan Middleton
2024-02-13 16:54                           ` Mikko Ylinen
2024-02-15 22:44                           ` Dr. Greg
2024-02-22 15:45                       ` Lukas Wunner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=c291d11119295740b846a382ba6df4bd57bda03e.camel@HansenPartnership.com \
    --to=james.bottomley@hansenpartnership.com \
    --cc=biao.lu@intel.com \
    --cc=cedric.xing@intel.com \
    --cc=dan.j.williams@intel.com \
    --cc=dionnaglaze@google.com \
    --cc=jiewen.yao@intel.com \
    --cc=linux-coco@lists.linux.dev \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=qinkun@google.com \
    --cc=sameo@rivosinc.com \
    --cc=sathyanarayanan.kuppuswamy@linux.intel.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.