On Sat May 18, 2024 at 7:31 AM EEST, Eric Biggers wrote: > This is "normal" behavior when the crypto API instantiates a template: > > 1. drbg.c asks for "hmac(sha512)" > > 2. The crypto API looks for a direct implementation of "hmac(sha512)". > This includes requesting a module with alias "crypto-hmac(sha512)". > > 3. If none is found, the "hmac" template is instantiated instead. > > There are two possible fixes for the bug. Either fix ecc_gen_privkey() to > just > use get_random_bytes() instead of the weird crypto API RNG, or make > drbg_init_hash_kernel() pass the CRYPTO_NOLOAD flag to crypto_alloc_shash(). > > Or if the TPM driver could be changed to not need to generate an ECC private > key > at probe time, that would also avoid this problem.
Issues: - IMA extends PCR's. This requires encrypted communications path. - HWRNG uses auth session (see tpm2_get_radom()). - TPM trusted keys Null key is required before any other legit use in initialization. Even something like --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -36,6 +36,8 @@ config TCG_TPM2_HMAC bool "Use HMAC and encrypted transactions on the TPM bus" default y + select CRYPTO_DRBG select CRYPTO_ECDH + select CRYPTO_HMAC + select CRYPTO_SHA512 select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 help would be more decent. > > - Eric BR, Jarkko