Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails

From: Javier Martinez Canillas
Date: Mon Nov 20 2017 - 04:26:09 EST

Next message: Jiri Olsa: "Re: [PATCH v1 0/9] perf stat: Enable '--per-thread' on all threads"
Previous message: Michal Hocko: "Re: [PATCH 1/2] mm,vmscan: Kill global shrinker lock."
In reply to: Jason Gunthorpe: "Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails"
Next in thread: Roberts, William C: "RE: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 11/19/2017 04:27 PM, Jason Gunthorpe wrote:
> On Sat, Nov 18, 2017 at 01:53:49AM +0100, Javier Martinez Canillas wrote:
>
>> What I fail to understand is why that's not a problem when the TPM spaces
>> infrastructure isn't used, tpm_validate_command() function just returns
>> true if space is NULL. So when sending command to /dev/tpm0 directly, a
>> rogue user-space program can send any arbitrary data to the TPM.
>
> tpm spaces was designed to allow unprivileged user space access to

Ah, I didn't know about that design decision. This isn't documented anywhere
AFAICT, it would be nice to add some notes to Documentation/security/tpm/ so
people are aware of this.

> the TPM so it has additional protection designed to keep the TPM
> secure.
>
> Allowing unprivileged user space to send send garbage to the TPM seems
> like a good way to trigger a TPM bug in parsing.
>

Well, I don't think that unprivileged user-space should have any access to
the TPM. Since a rogue user-space can abuse the TPM anyway even when using
a well constructed command (which is the only validation that's done IIUC).

In other words, only trusted software should have access to the TPM device.

I thought the TPM spaces was about exposing a virtualized TPM that didn't
have the limitation of only allowing to store a small set of transient
objects (so user-space didn't have to deal with the handles flushing and
context save/load), rather than relaxing the access control to the TPM.

> When spaces are not used /dev/tpm0 is root only and has full
> unrestricted access.
>

The Linux motto is that it should provide mechanisms and not policy, so
I wonder if is up to user-space to decide who should access the devices.

For example on my Fedora machine, the /dev/tpm* char devices are owned by
the "tss" user and group. That's because the tpm2-abrmd package installs
an udev rule to change the permissions, since the resource manager is run
as the unprivileged tss user.

The /dev/tpmrm* on the other hand are owned by root. So on this distro
at least, is the opposite of what you described.

Having said that, I'm happy to implement the synthesized response when
the command is not supported, if that's the correct way to resolve this.

> Jason
>

Best regards,
--
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

Next message: Jiri Olsa: "Re: [PATCH v1 0/9] perf stat: Enable '--per-thread' on all threads"
Previous message: Michal Hocko: "Re: [PATCH 1/2] mm,vmscan: Kill global shrinker lock."
In reply to: Jason Gunthorpe: "Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails"
Next in thread: Roberts, William C: "RE: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]