On Mon, Aug 05, 2019 at 04:50:35PM +0200, Roberto Sassu wrote:
> I also don't think it is a good idea to remove this functionality.
>
> Jarkko, we were discussing about this issue in another thread, and your
> answer then (https://lkml.org/lkml/2019/3/21/396) was that it is a
> priority to fix
On 2019-08-05 18:51:09, Roberto Sassu wrote:
> On 8/5/2019 6:04 PM, Tyler Hicks wrote:
> > On 2019-08-05 11:54:19, Mimi Zohar wrote:
> > > On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote:
> > > > Regarding Mimi's proposal to avoid the issue by extending the PCR with
> > > > zeros, I think
On 8/5/2019 6:04 PM, Tyler Hicks wrote:
On 2019-08-05 11:54:19, Mimi Zohar wrote:
On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote:
Regarding Mimi's proposal to avoid the issue by extending the PCR with
zeros, I think it also achieve the goal.
Roberto, removing the following code from
On 2019-08-05 11:54:19, Mimi Zohar wrote:
> On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote:
> > Regarding Mimi's proposal to avoid the issue by extending the PCR with
> > zeros, I think it also achieve the goal.
>
> Roberto, removing the following code from init_digests() would be the
>
On 8/5/2019 5:54 PM, Mimi Zohar wrote:
On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote:
Regarding Mimi's proposal to avoid the issue by extending the PCR with
zeros, I think it also achieve the goal.
Roberto, removing the following code from init_digests() would be the
equivalent to
On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote:
> Regarding Mimi's proposal to avoid the issue by extending the PCR with
> zeros, I think it also achieve the goal.
Roberto, removing the following code from init_digests() would be the
equivalent to the prior code, without needing to make
On 8/2/2019 10:23 PM, Tyler Hicks wrote:
On 2019-08-02 22:42:26, Jarkko Sakkinen wrote:
On Fri, Aug 02, 2019 at 09:27:22AM -0500, Tyler Hicks wrote:
On 2019-08-02 10:21:16, Roberto Sassu wrote:
On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto
On Sat, 2019-08-03 at 17:44 +0300, Jarkko Sakkinen wrote:
> On Fri, 2019-08-02 at 15:23 -0500, Tyler Hicks wrote:
> > That wasn't the conclusion that I came to. I prefer Robert's proposed
> > change to trusted.ko.
> >
> > How do you propose that this be fixed in eCryptfs?
> >
> > Removing
On Fri, 2019-08-02 at 15:23 -0500, Tyler Hicks wrote:
> That wasn't the conclusion that I came to. I prefer Robert's proposed
> change to trusted.ko.
>
> How do you propose that this be fixed in eCryptfs?
>
> Removing encrypted_key support from eCryptfs is the only way that I can
> see to fix
On 2019-07-09 12:31:45, Mimi Zohar wrote:
> On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote:
> > On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> > > Not a criticism of your patch, but can we please stop doing this.
> > > Single random number sources are horrendously
On 2019-08-02 15:23:43, Tyler Hicks wrote:
> On 2019-08-02 22:42:26, Jarkko Sakkinen wrote:
> > On Fri, Aug 02, 2019 at 09:27:22AM -0500, Tyler Hicks wrote:
> > > On 2019-08-02 10:21:16, Roberto Sassu wrote:
> > > > On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
> > > > > On Mon, Jul 15, 2019 at
On 2019-08-02 22:42:26, Jarkko Sakkinen wrote:
> On Fri, Aug 02, 2019 at 09:27:22AM -0500, Tyler Hicks wrote:
> > On 2019-08-02 10:21:16, Roberto Sassu wrote:
> > > On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
> > > > On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto Sassu wrote:
> > > > >
On Fri, Aug 02, 2019 at 09:27:22AM -0500, Tyler Hicks wrote:
> On 2019-08-02 10:21:16, Roberto Sassu wrote:
> > On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
> > > On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto Sassu wrote:
> > > > According to the bug report at
On Fri, Aug 02, 2019 at 10:21:16AM +0200, Roberto Sassu wrote:
> On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
> > On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto Sassu wrote:
> > > According to the bug report at https://bugs.archlinux.org/task/62678,
> > > the trusted module is a dependency of
On 2019-08-02 10:21:16, Roberto Sassu wrote:
> On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
> > On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto Sassu wrote:
> > > According to the bug report at https://bugs.archlinux.org/task/62678,
> > > the trusted module is a dependency of the ecryptfs module.
On 8/1/2019 6:32 PM, Jarkko Sakkinen wrote:
On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto Sassu wrote:
According to the bug report at https://bugs.archlinux.org/task/62678,
the trusted module is a dependency of the ecryptfs module. We should
load the trusted module even if the TPM is
On Mon, Jul 15, 2019 at 06:44:28PM +0200, Roberto Sassu wrote:
> According to the bug report at https://bugs.archlinux.org/task/62678,
> the trusted module is a dependency of the ecryptfs module. We should
> load the trusted module even if the TPM is inactive or deactivated.
>
> Given that commit
On 7/11/2019 9:48 PM, Jarkko Sakkinen wrote:
On Fri, Jul 05, 2019 at 06:37:35PM +0200, Roberto Sassu wrote:
Commit c78719203fc6 ("KEYS: trusted: allow trusted.ko to initialize w/o a
TPM") allows the trusted module to be loaded even a TPM is not found to
avoid module dependency problems.
On Fri, Jul 05, 2019 at 06:37:35PM +0200, Roberto Sassu wrote:
> Commit c78719203fc6 ("KEYS: trusted: allow trusted.ko to initialize w/o a
> TPM") allows the trusted module to be loaded even a TPM is not found to
> avoid module dependency problems.
>
> Unfortunately, this does not completely
On Tue, 2019-07-09 at 19:24 +0300, Jarkko Sakkinen wrote:
> On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> > Not a criticism of your patch, but can we please stop doing this.
> > Single random number sources are horrendously bad practice because it
> > gives an attacker a
On Mon, Jul 08, 2019 at 01:34:59PM -0700, James Bottomley wrote:
> Not a criticism of your patch, but can we please stop doing this.
> Single random number sources are horrendously bad practice because it
> gives an attacker a single target to subvert. We should ensure the TPM
> is plugged into
On Fri, 2019-07-05 at 18:37 +0200, Roberto Sassu wrote:
> Commit c78719203fc6 ("KEYS: trusted: allow trusted.ko to initialize
> w/o a
> TPM") allows the trusted module to be loaded even a TPM is not found
> to
> avoid module dependency problems.
>
> Unfortunately, this does not completely solve
On 2019-07-05 18:37:35, Roberto Sassu wrote:
> Commit c78719203fc6 ("KEYS: trusted: allow trusted.ko to initialize w/o a
> TPM") allows the trusted module to be loaded even a TPM is not found to
> avoid module dependency problems.
>
> Unfortunately, this does not completely solve the issue, as
Commit c78719203fc6 ("KEYS: trusted: allow trusted.ko to initialize w/o a
TPM") allows the trusted module to be loaded even a TPM is not found to
avoid module dependency problems.
Unfortunately, this does not completely solve the issue, as there could be
a case where a TPM is found but is not
24 matches
Mail list logo
