Jarkko Sakkinen
Posts
4992Following
329Followers
496OpenPGP: 3AB05486C7752FE1
Jarkko Sakkinen
jarkko
@Foxboron It felt then important but not as much now :-) I'm happy to take one step back on that. I wrote the whole 20'ish kSLOC in three(ish) months and your opinions tend to develop during that process, especially what you see as a priority and what not. Looking at those mails, I don't really get all what I said anymore.
As per policy encoding, a working implementation is already an argument (IMHO) :-) And I know the implementation that I have now would be workable model for kernel as the execute could be implemented in 500-1000 lines of C code. Not something where I fight and I'm happy to hear what e.g., Lennart has to say about policy encoding.
My only strong opinion at this point is that I want to be at least aware of where things turn out as per policy encoding :-)
As per policy encoding, a working implementation is already an argument (IMHO) :-) And I know the implementation that I have now would be workable model for kernel as the execute could be implemented in 500-1000 lines of C code. Not something where I fight and I'm happy to hear what e.g., Lennart has to say about policy encoding.
My only strong opinion at this point is that I want to be at least aware of where things turn out as per policy encoding :-)
2
0
0
@Foxboron
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-tpmkey.git/commit/?id=89902ad0be70c3bc86a7c20fa42af1802e2b9e69
I guess for the time being this will address the current issues :-)
As per policy encoding I follow what exist now as in detail and as closely as currently is possible. I think it is still quite useful to have at least one working implementation as PoC or reference model.
https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-tpmkey.git/commit/?id=89902ad0be70c3bc86a7c20fa42af1802e2b9e69
I guess for the time being this will address the current issues :-)
As per policy encoding I follow what exist now as in detail and as closely as currently is possible. I think it is still quite useful to have at least one working implementation as PoC or reference model.
1
0
1
full asn1 definition: https://git.kernel.org/pub/scm/linux/kernel/git/jarkko/tpm2-tpmkey.git/tree/src/asn1.rs
0
0
0
@Foxboron I don't necessarily agree anymore to the word how I saw things then :-) The claim of endangering securiy was definitely wrong or at least a bit weak argument.
It's mostly about convenience (not about security) of not having to specify parent explitly, definitely something I can consider to drop. I also tested that openssl and tpm2-tools can handle files generated with my tool despite having that field.
Things that were not in the spec:
1. PolicyOr: I fully open code this including PolicyRestart calls.
2. Policy handle: I zero out this field in the encoded data.
I even looked at tpm2-tools and it does not really have anything at all for encoding arbitrary policies so I had to work on "without better knowledge". And without better knowledge this is the encoding I will use as basis for any kernel patch reviews or my own possible contributions.
It's mostly about convenience (not about security) of not having to specify parent explitly, definitely something I can consider to drop. I also tested that openssl and tpm2-tools can handle files generated with my tool despite having that field.
Things that were not in the spec:
1. PolicyOr: I fully open code this including PolicyRestart calls.
2. Policy handle: I zero out this field in the encoded data.
I even looked at tpm2-tools and it does not really have anything at all for encoding arbitrary policies so I had to work on "without better knowledge". And without better knowledge this is the encoding I will use as basis for any kernel patch reviews or my own possible contributions.
2
0
0
So the story with tpm2sh is that I only started it in August so that link feels like ancient history me in this fast-phased timeline :-)
If you have something other in mind and have good rationale for it, I want to align with that.The point is that tpm2sh is a reference model for me how kernel will handle the ASN.1 format.
If you have something other in mind and have good rationale for it, I want to align with that.The point is that tpm2sh is a reference model for me how kernel will handle the ASN.1 format.
2
0
0
@Foxboron If possible, could you point out the part of the current version that don't right to you?
I'm proactively concerned about this because I need to know what we want for kernel in the long run.
We don't want two separate formats so it is better to address this issue rather sooner than later :-) I'm not hanging myself to my implementation. I'm just working without better information (perhaps).
Actually no need to even look at the source code (unless you really want to). Just describe what goes wrong and I'll check whether I need to address something or if it is already addressed.
I'm proactively concerned about this because I need to know what we want for kernel in the long run.
We don't want two separate formats so it is better to address this issue rather sooner than later :-) I'm not hanging myself to my implementation. I'm just working without better information (perhaps).
Actually no need to even look at the source code (unless you really want to). Just describe what goes wrong and I'll check whether I need to address something or if it is already addressed.
2
0
0
Jarkko Sakkinen
jarkko
@Foxboron I have exactly one optional field "parentPublic".
Other than I'm willing to consider changes if there is need. My tools has been built quite rapidly so maybe you are not in-sync with very latest version but it is otherwise in par with the spec :-)
E.g., in very first version it did handle e.g. PolicySecret incorrectly but as of today it follows correctly the ASN.1 definition.
Other than I'm willing to consider changes if there is need. My tools has been built quite rapidly so maybe you are not in-sync with very latest version but it is otherwise in par with the spec :-)
E.g., in very first version it did handle e.g. PolicySecret incorrectly but as of today it follows correctly the ASN.1 definition.
1
0
0
Jarkko Sakkinen
jarkko
@Foxboron I need to try that out against my tool. It already nicely operates with openssl and tpm2-tools.
tpm2sh can generate keys with policies.
The set of commands is fairly limited but it is a subset that I pick to maximize coverage for the time being: or, secret and pcr.
Unfortunately spec is quite incomplete when it comes to PolicyOr but my tool generates the full PolicyRestart dance to the file. That way e.g. kernel in future can implement a functional executor.
What executor needs to done with output data:
1. Fill policy handle with active session handle.
2. Resolve handles for PolicySecret calls.
It would be cool to maintain some kind of interoperatibility with sbctl given the state of spec and that way sort of "fill out the blanks" :-)
For auth values in the latest version I've ended up to "<handle>:<hex>" type of list of mappings. Linear list of values is quite difficult to map when you have both purely auth value authenticated object and policies referencing to handles.
tpm2sh can generate keys with policies.
The set of commands is fairly limited but it is a subset that I pick to maximize coverage for the time being: or, secret and pcr.
Unfortunately spec is quite incomplete when it comes to PolicyOr but my tool generates the full PolicyRestart dance to the file. That way e.g. kernel in future can implement a functional executor.
What executor needs to done with output data:
1. Fill policy handle with active session handle.
2. Resolve handles for PolicySecret calls.
It would be cool to maintain some kind of interoperatibility with sbctl given the state of spec and that way sort of "fill out the blanks" :-)
For auth values in the latest version I've ended up to "<handle>:<hex>" type of list of mappings. Linear list of values is quite difficult to map when you have both purely auth value authenticated object and policies referencing to handles.
1
0
0
Jarkko Sakkinen
jarkko
https://thenewstack.io/ffmpeg-to-google-fund-us-or-stop-sending-bugs/ :-----------------------)
0
1
2
Jarkko Sakkinen
jarkko
0
0
2
Jarkko Sakkinen
jarkko
1
0
1
Jarkko Sakkinen
jarkko
Edited 4 days ago
one aspect in security, which has been wrong even in some of the linux foundations pages from time to time is that they differentiate answers between "incorrect password" and "acount does not exist". this should be obviously opaque.
it allows to query which sites user has an account, which is useful information in wrong hands already.
#infosec #oracle
it allows to query which sites user has an account, which is useful information in wrong hands already.
#infosec #oracle
0
1
1