tpmdd-devel.lists.sourceforge.net archive mirror
 help / color / mirror / Atom feed
From: Josh Zimmerman via tpmdd-devel <tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
To: Jarkko Sakkinen
	<jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
	jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org
Subject: Re: [PATCH v7 0/2] Run TPM2_Shutdown on system shutdown
Date: Thu, 29 Jun 2017 08:18:13 -0700	[thread overview]
Message-ID: <CAHSjozC=QHx52oUpO8Vuf2-DusGAqHpxjo1W2TvmXmuaS7hgJg@mail.gmail.com> (raw)
In-Reply-To: <1498742891.30068.1.camel-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>

On Thu, Jun 29, 2017 at 6:28 AM, Jarkko Sakkinen
<jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> wrote:
> On Sun, 2017-06-25 at 14:53 -0700, Josh Zimmerman wrote:
>> This patchset causes all devices in the tpm class to issue TPM2_Shutdown
>> when the system is shutting down.
>>
>> As a prerequisite, it adds a "shutdown" method to "struct class".
>>
>> Since this bug can cause users to be locked out of their TPMs, I'd like
>> this patch included in at least 4.4 and 4.9. 4.1 is nice-to-have but not
>> essential.
>>
>> gregkh Acked the proposal for stable in v3 of this patch.
>>
>>  drivers/base/core.c          |  6 +++++-
>>  drivers/char/tpm/tpm-chip.c  | 34 ++++++++++++++++++++++++++++++++++
>>  drivers/char/tpm/tpm-sysfs.c |  3 +++
>>  include/linux/device.h       |  2 ++
>>  4 files changed, 44 insertions(+), 1 deletion(-
>
> Josh,
>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
>
> I'll rebase my next after testing (and add also Tested-by).
>
> I have one question as you are more familiar with the issue a hand.
> What if you just cut the power from the device, does this affect
> DA counter?

Just cut power without a TPM2_Shutdown, you mean? Yes, it does.

"To prevent this type of attack, at TPM2_Startup(), the TPM checks if
it is starting after an orderly shutdown. If not, and failedTries is
not already equal to maxTries, then the TPM will increment failedTries
by one"

The key, I think, is that shutdowns are assumed to be disorderly
unless there's an explicit TPM2_Shutdown that indicates otherwise.

(this is from 19.8.6 of
https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf)

> /Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

  parent reply	other threads:[~2017-06-29 15:18 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-25 21:53 [PATCH v7 0/2] Run TPM2_Shutdown on system shutdown Josh Zimmerman via tpmdd-devel
     [not found] ` <20170625215324.17467-1-joshz-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>
2017-06-25 21:53   ` [PATCH v7 1/2] Add "shutdown" to "struct class" Josh Zimmerman via tpmdd-devel
2017-06-25 21:53   ` [PATCH v7 2/2] tpm: Issue a TPM2_Shutdown for TPM2 devices Josh Zimmerman via tpmdd-devel
2017-06-29 13:28   ` [PATCH v7 0/2] Run TPM2_Shutdown on system shutdown Jarkko Sakkinen
     [not found]     ` <1498742891.30068.1.camel-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-06-29 15:18       ` Josh Zimmerman via tpmdd-devel [this message]
2017-06-29 19:54       ` Jarkko Sakkinen
     [not found]         ` <20170629195423.fmh5mxhwbh7aaexa-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-07-10 19:14           ` Josh Zimmerman via tpmdd-devel

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to='CAHSjozC=QHx52oUpO8Vuf2-DusGAqHpxjo1W2TvmXmuaS7hgJg@mail.gmail.com' \
    --to=tpmdd-devel-5nwgofrqmnerv+lv9mx5uipxlwaovq5f@public.gmane.org \
    --cc=jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
    --cc=jmorris-gx6/JNMH7DfYtjvyW6yDsg@public.gmane.org \
    --cc=joshz-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).