From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail03.groups.io (mail03.groups.io [45.79.227.220]) by spool.mail.gandi.net (Postfix) with ESMTPS id EB99E740055 for ; Thu, 11 Apr 2024 06:52:37 +0000 (UTC) DKIM-Signature: a=rsa-sha256; bh=5KIkZcnvQVyepn+rzxsPbts70lozbPN/w6yL7bI71ck=; c=relaxed/simple; d=groups.io; h=MIME-Version:References:In-Reply-To:From:Date:Message-ID:Subject:To:Cc:Precedence:List-Subscribe:List-Help:Sender:List-Id:Mailing-List:Delivered-To:Resent-Date:Resent-From:Reply-To:List-Unsubscribe-Post:List-Unsubscribe:Content-Type:Content-Transfer-Encoding; s=20240206; t=1712818356; v=1; b=i3VVCimTK0Q3gdgKCpIm+Ju8Z7haqwiniejPfLJ2WBj4xmD56M3n6BqP22QI7UGl+IGL+Q2W fGiA+GTy8j7WB0y7EcRU3Pb96L9opl03suAQBwfv0RKDvrXGtOYODP6JBeN+tofB9XSVAw7U96x wQr72frz7ef0Gvbfpwx15JEq9Lcy8xzw/Xfn2f7wsWuRlY00G1mocxWgfFuUfHagIJgoKdZIxrZ 44cepk8PzHsa422YRLUyFA9+MlauJ2vEwjrBOpxXkvX1wshOiu6JXy9mUiwqZCfLkvanRTgiQRF QGynbkzqBEzjFhzW+ze82DrHWkxv1t4a4OCLexrLnDhwA== X-Received: by 127.0.0.2 with SMTP id XkyRYY7687511xtvCsPzECeD; Wed, 10 Apr 2024 23:52:36 -0700 X-Received: from sin.source.kernel.org (sin.source.kernel.org [145.40.73.55]) by mx.groups.io with SMTP id smtpd.web11.11506.1712818355443650136 for ; Wed, 10 Apr 2024 23:52:36 -0700 X-Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by sin.source.kernel.org (Postfix) with ESMTP id 3BFA5CE2F1F for ; Thu, 11 Apr 2024 06:52:32 +0000 (UTC) X-Received: by smtp.kernel.org (Postfix) with ESMTPSA id 42CC1C43330 for ; Thu, 11 Apr 2024 06:52:31 +0000 (UTC) X-Received: by mail-lj1-f174.google.com with SMTP id 38308e7fff4ca-2d4979cd8c8so5509421fa.0 for ; Wed, 10 Apr 2024 23:52:31 -0700 (PDT) X-Gm-Message-State: AIHMlWtiYAnxwMEvvdvu60TWx7686176AA= X-Google-Smtp-Source: AGHT+IFKDCw/NSdLmra/1Cj8XpPZCTo+x6Gzw8roXQU3rVSRa81n5/yBGik2741Mk2eI8JxzAOtNrJ7O3LQGGJkdBUE= X-Received: by 2002:a05:651c:4ca:b0:2d8:c9f:59fe with SMTP id e10-20020a05651c04ca00b002d80c9f59femr576484lji.12.1712818349369; Wed, 10 Apr 2024 23:52:29 -0700 (PDT) MIME-Version: 1.0 References: <94521f20aa2872c1b8f018b7db31eca4a2b8222d.1711039409.git.qinkun@google.com> In-Reply-To: From: "Ard Biesheuvel" Date: Thu, 11 Apr 2024 08:52:18 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [edk2-devel] [RFC PATCH] OvmfPkg/SecurityPkg: Add build option for coexistance of vTPM and RTMR. To: devel@edk2.groups.io, jiewen.yao@intel.com Cc: Dionna Amalie Glaze , Mikko Ylinen , Gerd Hoffmann , James Bottomley , Tom Lendacky , Michael Roth , qinkun Bao , "linux-coco@lists.linux.dev" , "Aktas, Erdem" , Peter Gonda , "Johnson, Simon P" , "Xiang, Qinglan" Precedence: Bulk List-Subscribe: List-Help: Sender: devel@edk2.groups.io List-Id: Mailing-List: list devel@edk2.groups.io; contact devel+owner@edk2.groups.io Resent-Date: Wed, 10 Apr 2024 23:52:36 -0700 Resent-From: ardb@kernel.org Reply-To: devel@edk2.groups.io,ardb@kernel.org List-Unsubscribe-Post: List-Unsubscribe=One-Click List-Unsubscribe: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-GND-Status: LEGIT Authentication-Results: spool.mail.gandi.net; dkim=pass header.d=groups.io header.s=20240206 header.b=i3VVCimT; dmarc=fail reason="SPF not aligned (relaxed), DKIM not aligned (relaxed)" header.from=kernel.org (policy=none); spf=pass (spool.mail.gandi.net: domain of bounce@groups.io designates 45.79.227.220 as permitted sender) smtp.mailfrom=bounce@groups.io Hello all, On Thu, 11 Apr 2024 at 03:20, Yao, Jiewen wrote: > > Hi Dionna/Qinkun > I am not sure if systemd is the last software in guest we need to patch t= o support coexistence to extend the measurement. > Are you aware of any other Linux guest software needs to be updated? Such= as Linux IMA (Integrity Measurement Architecture)? > > To move this forward. > > In Intel, we had discussed and we did see the potential security risk. As= I mentioned in the first email, "In case that any the guest component only= knows one of vTPM or RTMR, and only extends one of vTPM or RTMR, but the o= ther one only verifies the other, then the chain of trust is broken." > > At same time, we also respect that it might be a valid use case for Googl= e. > I would like to ask the opinion in the EDKII community, especially the OV= MF and CC maintainer and reviewer. > > > Hi Ard Biesheuvel > Do you think Kernel is OK with this coexistence proposal? > Are you willing to give "reviewed-by"? > I think it is a bad idea to go and apply changes all across the boot software ecosystem to measure the same assets into different measurement protocols. I'mm afraid it creates technical debt that will come and bite us in the future. Given that RTMR is a proper subset of vTPM (modulo the PCR/RTMR index conversion), I feel that it should be the CoCo firmware's responsibility to either: - expose RTMR and not vTPM - expose vTPM, and duplicate each measurement into RTMR as they are taken However, I understand that this is only viable for execution under the UEFI boot services, and after that, the vTPM and RTMR are exposed in different ways to the OS. Could someone explain how that piece of the puzzle is supposed to work? Do we measure into RTMR after ExitBootServices()? -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D- Groups.io Links: You receive all messages sent to this group. View/Reply Online (#117616): https://edk2.groups.io/g/devel/message/117616 Mute This Topic: https://groups.io/mt/105070442/7686176 Group Owner: devel+owner@edk2.groups.io Unsubscribe: https://edk2.groups.io/g/devel/unsub [rebecca@openfw.io] -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-