TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
52ce7d9731
twx-linux/security
History
James Bottomley 52ce7d9731 KEYS: trusted: Add session encryption protection to the seal/unseal path 
If some entity is snooping the TPM bus, the can see the data going in
to be sealed and the data coming out as it is unsealed.  Add parameter
and response encryption to these cases to ensure that no secrets are
leaked even if the bus is snooped.

As part of doing this conversion it was discovered that policy
sessions can't work with HMAC protected authority because of missing
pieces (the tpm Nonce).  I've added code to work the same way as
before, which will result in potential authority exposure (while still
adding security for the command and the returned blob), and a fixme to
redo the API to get rid of this security hole.

Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Tested-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2024-05-09 22:30:51 +03:00
..
apparmor lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
bpf lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
integrity lsm/stable-6.9 PR 20240312 2024-03-12 20:03:34 -07:00
keys KEYS: trusted: Add session encryption protection to the seal/unseal path 2024-05-09 22:30:51 +03:00
landlock landlock: Use f_cred in security_file_open() hook 2024-03-08 18:22:16 +01:00
loadpin lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
lockdown LSM: Identify modules by more than name 2023-11-12 22:54:42 -05:00
safesetid lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
selinux selinux: avoid dereference of garbage after mount failure 2024-04-01 23:32:35 -04:00
smack lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
tomoyo tomoyo: fix UAF write bug in tomoyo_write_control() 2024-03-01 11:14:00 -08:00
yama lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
commoncap.c lsm: mark the lsm_id variables are marked as static 2023-11-12 22:54:42 -05:00
device_cgroup.c device_cgroup: Fix kernel-doc warnings in device_cgroup 2023-06-21 09:30:49 -04:00
inode.c security: convert to new timestamp accessors 2023-10-18 14:08:31 +02:00
Kconfig fortify: drop Clang version check for 12.0.1 or newer 2024-02-22 15:38:54 -08:00
Kconfig.hardening hardening: Move BUG_ON_DATA_CORRUPTION to hardening options 2023-08-15 14:57:25 -07:00
lsm_audit.c lsm: fix a number of misspellings 2023-05-25 17:52:15 -04:00
lsm_syscalls.c lsm: use 32-bit compatible data types in LSM syscalls 2024-03-14 11:31:26 -04:00
Makefile LSM: syscalls for current process attributes 2023-11-12 22:54:42 -05:00
min_addr.c
security.c security: Place security_path_post_mknod() where the original IMA call was 2024-04-03 10:21:32 -07:00