KEYS: trusted: Add session encryption protection to the seal/unseal path - kernel/linux.git

diff options

author	James Bottomley <James.Bottomley@HansenPartnership.com>	2024-04-29 23:28:08 +0300
committer	Jarkko Sakkinen <jarkko@kernel.org>	2024-05-09 22:30:51 +0300
commit	52ce7d9731ed8fada505b5ac33fb1df0190fb8c3 (patch)
tree	23cc7c17eb13330418a1a9274fa5c3a0ad08f61b /drivers
parent	1b6d7f9eb150305dcb0da4f7101a8d30dcdf0497 (diff)
download	linux-52ce7d9731ed8fada505b5ac33fb1df0190fb8c3.tar.xz

KEYS: trusted: Add session encryption protection to the seal/unseal path

If some entity is snooping the TPM bus, the can see the data going in to be sealed and the data coming out as it is unsealed. Add parameter and response encryption to these cases to ensure that no secrets are leaked even if the bus is snooped. As part of doing this conversion it was discovered that policy sessions can't work with HMAC protected authority because of missing pieces (the tpm Nonce). I've added code to work the same way as before, which will result in potential authority exposure (while still adding security for the command and the returned blob), and a fixme to redo the API to get rid of this security hole. Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org> Tested-by: Jarkko Sakkinen <jarkko@kernel.org> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>

Diffstat (limited to 'drivers')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: