Re: [RFC PATCH 0/2] TPM derived keys

Linux-Integrity Archive mirror
 help / color / mirror / Atom feed

From: Ignat Korchagin <ignat@cloudflare.com>
To: Jarkko Sakkinen <jarkko@kernel.org>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>,
	Mimi Zohar <zohar@linux.ibm.com>,
	 David Howells <dhowells@redhat.com>,
	Paul Moore <paul@paul-moore.com>,
	 James Morris <jmorris@namei.org>,
	serge@hallyn.com, linux-integrity@vger.kernel.org,
	 keyrings@vger.kernel.org, linux-kernel@vger.kernel.org,
	 kernel-team@cloudflare.com
Subject: Re: [RFC PATCH 0/2] TPM derived keys
Date: Tue, 14 May 2024 17:08:56 +0100	[thread overview]
Message-ID: <CALrw=nF53qsmBp06qDerh3++0VYm-OZJ8k-Es3+2AAQFRjY-9w@mail.gmail.com> (raw)
In-Reply-To: <D19HDMZ1OKN9.2PX2FJVY4WZ09@kernel.org>

On Tue, May 14, 2024 at 4:43 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
>
> On Tue May 14, 2024 at 6:30 PM EEST, Ignat Korchagin wrote:
> > On Tue, May 14, 2024 at 4:26 PM Jarkko Sakkinen <jarkko@kernel.org> wrote:
> > >
> > > On Tue May 14, 2024 at 6:21 PM EEST, Jarkko Sakkinen wrote:
> > > > On Tue May 14, 2024 at 5:30 PM EEST, Jarkko Sakkinen wrote:
> > > > > On Tue May 14, 2024 at 5:00 PM EEST, Jarkko Sakkinen wrote:
> > > > > > On Tue May 14, 2024 at 4:11 PM EEST, Ignat Korchagin wrote:
> > > > > > > For example, a cheap NAS box with no internal storage (disks connected
> > > > > > > externally via USB). We want:
> > > > > > >   * disks to be encrypted and decryptable only by this NAS box
> > > > > >
> > > > > > So how this differs from LUKS2 style, which also systemd supports where
> > > > > > the encryption key is anchored to PCR's? If I took hard drive out of my
> > > > > > Linux box, I could not decrypt it in another machine because of this.
> > > > >
> > > > > Maybe you could replace the real LUKS2 header with a dummy LUKS2
> > > > > header, which would need to be able the describe "do not use this" and
> > > > > e.g. SHA256 of the actual header. And then treat the looked up header as
> > > > > the header when the drive is mounted.
> > > > >
> > > > > LUKS2 would also need to be able to have pre-defined (e.g. kernel
> > > > > command-line or bootconfig) small internal storage, which would be
> > > > > also encrypted with TPM's PRCs containing an array of LUKS2 header
> > > > > and then look up that with SHA256 as the key.
> > > > >
> > > > > Without knowing LUKS2 implementation to me these do not sound reaching
> > > > > the impossible engineer problems so maybe this would be worth of
> > > > > investigating...
> > > >
> > > > Or why you could not just encrypt the whole header with another key
> > > > that is only in that device? Then it would appear as random full
> > > > length.
> > > >
> > > > I.e. unsealing
> > > >
> > > > 1. Decrypt LUKS2 header with TPM2 key
> > > > 2. Use the new resulting header as it was in the place of encrypted
> > > >    stored to the external drive.
> > > > 3. Decrypt key from the LUK2S header etc.
> > >
> > > Maybe something like:
> > >
> > > 1. Asymmetric for LUKS2 (just like it is)
> > > 2. Additional symmetric key, which is created as non-migratable and stored
> > >    to the TPM2 chip. This deciphers the header, i.e. takes the random
> > >    away.
> >
> > This could work, but you still have the problem of - if the header
> > gets wiped, all the data is lost.
> > As for storing things on the TPM chip - that doesn't scale. Today you
> > only think about disk encryption, tomorrow there is a new application,
> > which wants to do the same thing and so on. One of the features of
> > derived keys - you don't store anything, just recreate/derive when
> > needed and it scales infinitely.
>
> OK, so now I know the problem at least and that is probably the
> most important thing in this discussion, right?

Yes, I think so.

> So make a better story, now you also probably have better idea,
> also split the patch properly by subsystem, send the patch set,

I'm actually not super clear on this part - I have two patches: one
for TPM header definitions and another one for the keyring subsystem?
Any other subsystems in play here?

> and I'll promise to revisit.

Thanks. Would probably take some time as I want to think more on the
open questions I raised in the description, try to address some
comments from James B from other replies (key rotation for example)
and rebase on recently merged TPM encrypted sessions. But since this
is an RFC I would like to continue the discussion and gather opinions
from folks here, if there are any more concerns.

> Fair enough? :-)
>
> BR, Jarkko

next prev parent reply	other threads:[~2024-05-14 16:09 UTC|newest]

Thread overview: 40+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2024-05-03 22:16 [RFC PATCH 0/2] TPM derived keys Ignat Korchagin
2024-05-03 22:16 ` [RFC PATCH 1/2] tpm: add some algorithm and constant definitions from the TPM spec Ignat Korchagin
2024-05-14 22:51   ` Jarkko Sakkinen
2024-05-14 22:52     ` Jarkko Sakkinen
2024-05-03 22:16 ` [RFC PATCH 2/2] KEYS: implement derived keys Ignat Korchagin
2024-05-14 23:10   ` Jarkko Sakkinen
2024-05-14 23:44     ` Jarkko Sakkinen
2024-05-15  0:00       ` Jarkko Sakkinen
2024-05-15  6:44       ` Ignat Korchagin
2024-05-15 12:00         ` Jarkko Sakkinen
2024-05-15 12:03           ` Jarkko Sakkinen
2024-05-15  7:26     ` Ignat Korchagin
2024-05-04  0:21 ` [RFC PATCH 0/2] TPM " Jarkko Sakkinen
2024-05-04 13:55   ` Ben Boeckel
2024-05-04 14:51     ` Jarkko Sakkinen
2024-05-04 15:35       ` Jarkko Sakkinen
2024-05-13 17:09         ` Ignat Korchagin
2024-05-13 22:33           ` James Bottomley
2024-05-14  9:50             ` Ignat Korchagin
2024-05-14 14:11               ` James Bottomley
2024-05-14 14:54                 ` Ignat Korchagin
2024-05-13 17:11 ` Ignat Korchagin
2024-05-14  0:28   ` Jarkko Sakkinen
2024-05-14 10:05     ` Ignat Korchagin
2024-05-14 12:09       ` Jarkko Sakkinen
2024-05-14 13:11         ` Ignat Korchagin
2024-05-14 14:00           ` Jarkko Sakkinen
2024-05-14 14:30             ` Jarkko Sakkinen
2024-05-14 15:21               ` Jarkko Sakkinen
2024-05-14 15:26                 ` Jarkko Sakkinen
2024-05-14 15:30                   ` Ignat Korchagin
2024-05-14 15:42                     ` Jarkko Sakkinen
2024-05-14 16:08                       ` Ignat Korchagin [this message]
2024-05-14 16:22                         ` Jarkko Sakkinen
2024-05-14 14:41             ` Ignat Korchagin
2024-05-14 14:45               ` Jarkko Sakkinen
2024-05-14 15:30           ` James Bottomley
2024-05-14 15:38             ` Ignat Korchagin
2024-05-14 15:54               ` James Bottomley
2024-05-14 16:01                 ` Ignat Korchagin

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CALrw=nF53qsmBp06qDerh3++0VYm-OZJ8k-Es3+2AAQFRjY-9w@mail.gmail.com' \
    --to=ignat@cloudflare.com \
    --cc=James.Bottomley@hansenpartnership.com \
    --cc=dhowells@redhat.com \
    --cc=jarkko@kernel.org \
    --cc=jmorris@namei.org \
    --cc=kernel-team@cloudflare.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=paul@paul-moore.com \
    --cc=serge@hallyn.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).