Linux Security Summit Europe 2023

Trusted Platform Modules provide a secure mechanism for generating and using secrets that are hidden from the entire operating system, and only exported in the form of encrypted blobs that can only be re-used on the same TPM. However, if a malicious actor is able to obtain a copy of one of these blobs, they will be able to load it into the same TPM and make use of it in the same way. This presentation describes a proposed mechanism for allowing secrets to be associated with specific processes or applications with effectively arbitrary granularity - for instance, a secret may be associated with a specific process such that it can never be used again after that process exits, or it may be associated with a namespace such that it is only available within a specific namespace. This functionality is enabled with a minimal amount of additional kernel functionality and can be made use of by existing TPM-aware applications with a minimal amount of additional code.