From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko@kernel.org>,
Lino Sanfilippo <l.sanfilippo@kunbus.com>,
Alexander Steffen <Alexander.Steffen@infineon.com>,
"Daniel P. Smith" <dpsmith@apertussolutions.com>,
Jason Gunthorpe <jgg@ziepe.ca>, Sasha Levin <sashal@kernel.org>,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Cc: Ross Philipson <ross.philipson@oracle.com>,
Kanth Ghatraju <kanth.ghatraju@oracle.com>,
Peter Huewe <peterhuewe@gmx.de>
Subject: Re: [PATCH 1/3] tpm: protect against locality counter underflow
Date: Thu, 22 Feb 2024 10:06:05 +0100 [thread overview]
Message-ID: <354bf802d27ea995858e41dd90d9a83ffc6739aa.camel@HansenPartnership.com> (raw)
In-Reply-To: <CZB0I9OAGNHT.1HTSJU3925RBY@seitikki>
On Wed, 2024-02-21 at 19:43 +0000, Jarkko Sakkinen wrote:
> On Wed Feb 21, 2024 at 12:37 PM UTC, James Bottomley wrote:
> > On Tue, 2024-02-20 at 22:31 +0000, Jarkko Sakkinen wrote:
[...]
> > > I cannot recall out of top of my head can
> > > you have two localities open at same time.
> >
> > I think there's a misunderstanding about what localities are:
> > they're effectively an additional platform supplied tag to a
> > command. Each command can therefore have one and only one
> > locality. The TPM doesn't
>
> Actually this was not unclear at all. I even read the chapters from
> Ariel Segall's yesterday as a refresher.
>
> I was merely asking that if TPM_ACCESS_X is not properly cleared and
> you se TPM_ACCESS_Y where Y < X how does the hardware react as the
> bug report is pretty open ended and not very clear of the steps
> leading to unwanted results.
So TPM_ACCESS_X is *not* a generic TPM thing, it's a TIS interface
specific thing. Now the TIS interface seems to be dominating, so
perhaps it is the correct programming model for us to follow, but not
all current TPMs adhere to it.
> With a quick check from [1] could not spot the conflict reaction but
> it is probably there.
The way platforms should handle localities is now detailed in the TCG
library code snippets (part 4 Supporting Routines - Code):
https://trustedcomputinggroup.org/resource/tpm-library-specification/
It's the _plat__LocalityGet/Set in Appendix C
The implementation documented there is what the TPM reference
implementation follows.
James
next prev parent reply other threads:[~2024-02-22 9:06 UTC|newest]
Thread overview: 49+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20240131170824.6183-1-dpsmith@apertussolutions.com>
2024-01-31 17:08 ` [PATCH 1/3] tpm: protect against locality counter underflow Daniel P. Smith
2024-02-01 22:21 ` Jarkko Sakkinen
2024-02-02 3:08 ` Lino Sanfilippo
2024-02-12 20:05 ` Jarkko Sakkinen
2024-02-19 17:54 ` Daniel P. Smith
2024-02-20 18:42 ` Alexander Steffen
2024-02-20 19:04 ` Jarkko Sakkinen
2024-02-20 20:54 ` Lino Sanfilippo
2024-02-20 22:23 ` Jarkko Sakkinen
2024-02-20 23:19 ` Lino Sanfilippo
2024-02-21 0:40 ` Jarkko Sakkinen
2024-02-23 1:58 ` Daniel P. Smith
2024-02-23 12:58 ` Jarkko Sakkinen
2024-02-25 11:23 ` Daniel P. Smith
2024-02-26 9:39 ` Jarkko Sakkinen
2024-02-20 22:26 ` Jarkko Sakkinen
2024-02-20 22:31 ` Jarkko Sakkinen
2024-02-20 23:26 ` Lino Sanfilippo
2024-02-21 0:42 ` Jarkko Sakkinen
2024-02-21 12:37 ` James Bottomley
2024-02-21 19:43 ` Jarkko Sakkinen
2024-02-21 19:45 ` Jarkko Sakkinen
2024-02-22 9:06 ` James Bottomley [this message]
2024-02-22 23:49 ` Jarkko Sakkinen
2024-02-23 1:57 ` Daniel P. Smith
2024-02-23 20:40 ` Jarkko Sakkinen
2024-02-23 20:42 ` Jarkko Sakkinen
2024-02-23 1:57 ` Daniel P. Smith
2024-02-23 20:50 ` Jarkko Sakkinen
2024-02-20 22:57 ` ross.philipson
2024-02-20 23:10 ` Jarkko Sakkinen
2024-02-20 23:13 ` Jarkko Sakkinen
2024-02-23 1:56 ` Daniel P. Smith
2024-02-23 20:44 ` Jarkko Sakkinen
2024-02-24 2:34 ` Lino Sanfilippo
2024-02-26 9:38 ` Jarkko Sakkinen
2024-02-23 1:55 ` Daniel P. Smith
2024-02-26 12:43 ` Alexander Steffen
2024-02-24 2:06 ` Lino Sanfilippo
2024-02-23 0:01 ` Jarkko Sakkinen
2024-01-31 17:08 ` [PATCH 2/3] tpm: ensure tpm is in known state at startup Daniel P. Smith
2024-02-01 22:33 ` Jarkko Sakkinen
2024-02-19 19:17 ` Daniel P. Smith
2024-02-19 20:17 ` Jarkko Sakkinen
2024-01-31 17:08 ` [PATCH 3/3] tpm: make locality request return value consistent Daniel P. Smith
2024-02-01 22:49 ` Jarkko Sakkinen
2024-02-19 20:29 ` Daniel P. Smith
2024-02-19 20:45 ` Jarkko Sakkinen
2024-02-20 18:57 ` Alexander Steffen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=354bf802d27ea995858e41dd90d9a83ffc6739aa.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=Alexander.Steffen@infineon.com \
--cc=dpsmith@apertussolutions.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=kanth.ghatraju@oracle.com \
--cc=l.sanfilippo@kunbus.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=sashal@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.