Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data

From: Ben Boeckel
Date: Sun Feb 21 2021 - 14:46:36 EST

Next message: Luis Henriques: "[PATCH v7] vfs: fix copy_file_range regression in cross-fs copies"
Previous message: John Wood: "[PATCH v3 7/8] Documentation: Add documentation for the Brute LSM"
In reply to: Jarkko Sakkinen: "Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data"
Next in thread: Matthew Garrett: "Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, Feb 20, 2021 at 05:09:07 +0200, Jarkko Sakkinen wrote:
> Something popped into mind: could we make PCR 23 reservation dynamic
> instead of a config option.
>
> E.g. if the user space uses it, then it's dirty and hibernate will
> fail. I really dislike the static compilation time firewall on it.

I don't know the threat model here, but couldn't hibernation then be
blocked by userspace using PCR 23 in some way (thus becoming a Denial of
Service)? Are elevated permissions required to use PCR values?

--Ben

Next message: Luis Henriques: "[PATCH v7] vfs: fix copy_file_range regression in cross-fs copies"
Previous message: John Wood: "[PATCH v3 7/8] Documentation: Add documentation for the Brute LSM"
In reply to: Jarkko Sakkinen: "Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data"
Next in thread: Matthew Garrett: "Re: [PATCH 5/9] security: keys: trusted: Allow storage of PCR values in creation data"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]