[PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Nayna Jain]

IMA extends its hash measurements in the TPM PCRs, based on policy.
The existing in-kernel TPM extend function extends only the SHA1
PCR bank. TPM 2.0 defines multiple PCR banks, to support different
hash algorithms. The TCG TPM 2.0 Specification[1] recommends
extending all active PCR banks to prevent malicious users from
setting unused PCR banks with fake measurements and quoting them.
This patch set adds support for extending all active PCR banks,
as recommended.

The first patch implements the TPM 2.0 capability to retrieve
the list of active PCR banks.

The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
interface to support extending multiple PCR banks. The existing
tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
extend all active PCR banks with differing digest sizes for TPM 2.0,
the SHA1 digest is padded with 0's as needed.

This approach is taken to maintain backwards compatibility for IMA
in order to continue working with both TPM 1.2 and TPM 2.0 without
any changes and still comply with TCG TPM 2.0 Specification[1].

[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"

Changelog v2:

- Patch "tpm: implement TPM 2.0 capability to get active PCR banks"
  - defined structs definition in tpm2-cmd.c.
  - no_of_active_banks field is removed. Instead, constant
  TPM2_MAX_PCR_BANKS is defined.
  - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation()
  - removed generic function tpm2_get_capability().

- Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks"
 - Removed tpm2.h, and defined structs common for extend and event log
  in tpm_eventlog.h
 - uses tpm_buf in tpm2_pcr_extend().

Nayna Jain (2):
  tpm: implement TPM 2.0 capability to get active PCR banks
  tpm: enhance TPM 2.0 PCR extend to support multiple banks

 drivers/char/tpm/tpm-interface.c |  16 ++++-
 drivers/char/tpm/tpm.h           |   8 ++-
 drivers/char/tpm/tpm2-cmd.c      | 146 +++++++++++++++++++++++++++++++--------
 drivers/char/tpm/tpm_eventlog.h  |  15 ++++
 4 files changed, 153 insertions(+), 32 deletions(-)

-- 
2.5.0

[PATCH v2 1/2] tpm: implement TPM 2.0 capability to get active PCR banks

[Nayna Jain]

This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm.h      |  5 +++
 drivers/char/tpm/tpm2-cmd.c | 79 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1ae9768..3d8121e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -43,6 +43,7 @@ enum tpm_const {
 	TPM_NUM_DEVICES = 65536,
 	TPM_RETRY = 50,		/* 5 seconds */
 	TPM_NUM_EVENT_LOG_FILES = 3,
+	TPM2_MAX_PCR_BANKS = 7,
 };
 
 enum tpm_timeout {
@@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
 };
 
 enum tpm2_capabilities {
+	TPM2_CAP_PCRS		= 5,
 	TPM2_CAP_TPM_PROPERTIES = 6,
 };
 
@@ -187,6 +189,8 @@ struct tpm_chip {
 
 	const struct attribute_group *groups[3];
 	unsigned int groups_cnt;
+
+	enum tpm2_algorithms active_banks[TPM2_MAX_PCR_BANKS];
 #ifdef CONFIG_ACPI
 	acpi_handle acpi_dev_handle;
 	char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -545,4 +549,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
 int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
 #endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6eda239..dd03fd8 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -83,6 +83,25 @@ struct tpm2_get_tpm_pt_out {
 	__be32	value;
 } __packed;
 
+struct tpm2_tpms_pcr_selection {
+	__be16  hash_alg;
+	u8  size_of_select;
+	u8  pcr_select[3];
+} __packed;
+
+struct tpm2_getcap_in {
+	__be32	cap_id;
+	__be32	property_id;
+	__be32	property_cnt;
+} __packed;
+
+struct tpm2_getcap_out {
+	u8	more_data;
+	__be32  subcap_id;
+	__be32  count;
+	char	cap_data[0];
+} __packed;
+
 struct tpm2_get_random_in {
 	__be16	size;
 } __packed;
@@ -100,6 +119,8 @@ union tpm2_cmd_params {
 	struct	tpm2_pcr_extend_in	pcrextend_in;
 	struct	tpm2_get_tpm_pt_in	get_tpm_pt_in;
 	struct	tpm2_get_tpm_pt_out	get_tpm_pt_out;
+	struct	tpm2_getcap_in		getcap_in;
+	struct	tpm2_getcap_out		getcap_out;
 	struct	tpm2_get_random_in	getrandom_in;
 	struct	tpm2_get_random_out	getrandom_out;
 };
@@ -993,8 +1014,66 @@ int tpm2_auto_startup(struct tpm_chip *chip)
 		}
 	}
 
+	rc = tpm2_get_pcr_allocation(chip);
+
 out:
 	if (rc > 0)
 		rc = -ENODEV;
 	return rc;
 }
+
+#define TPM2_GETCAP_IN_SIZE \
+	(sizeof(struct tpm_input_header) + sizeof(struct tpm2_getcap_in))
+
+static const struct tpm_input_header tpm2_getcap_header = {
+	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
+	.length = cpu_to_be32(TPM2_GETCAP_IN_SIZE),
+	.ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
+};
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+	struct tpm2_cmd cmd;
+	struct tpm2_tpms_pcr_selection pcr_selection;
+	void *marker;
+	unsigned int count = 0;
+	int rc;
+	int i;
+
+	cmd.header.in = tpm2_getcap_header;
+	cmd.params.getcap_in.cap_id = cpu_to_be32(TPM2_CAP_PCRS);
+	cmd.params.getcap_in.property_id = cpu_to_be32(0);
+	cmd.params.getcap_in.property_cnt = cpu_to_be32(1);
+
+	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+			      "get tpm pcr allocation");
+	if (rc < 0)
+		goto out;
+
+	count = be32_to_cpu(cmd.params.getcap_out.count);
+	if (count > TPM2_MAX_PCR_BANKS) {
+		dev_err(&chip->dev,
+			"%s: Error: Invalid active PCR banks count\n",
+			__func__);
+		return -ENODEV;
+	}
+
+	marker = &cmd.params.getcap_out.cap_data;
+	for (i = 0; i < count; i++) {
+		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
+		chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+		marker = marker + sizeof(struct tpm2_tpms_pcr_selection);
+	}
+
+out:
+	if (count < TPM2_MAX_PCR_BANKS)
+		chip->active_banks[count] = 0;
+	return rc;
+}
-- 
2.5.0

[PATCH v2 1/2] tpm: implement TPM 2.0 capability to get active PCR banks

[Nayna Jain]

This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
retrieve the active PCR banks from the TPM. This is needed
to enable extending all active banks as recommended by TPM 2.0
TCG Specification.

Signed-off-by: Nayna Jain <nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
---
 drivers/char/tpm/tpm.h      |  5 +++
 drivers/char/tpm/tpm2-cmd.c | 79 +++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 84 insertions(+)

diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 1ae9768..3d8121e 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -43,6 +43,7 @@ enum tpm_const {
 	TPM_NUM_DEVICES = 65536,
 	TPM_RETRY = 50,		/* 5 seconds */
 	TPM_NUM_EVENT_LOG_FILES = 3,
+	TPM2_MAX_PCR_BANKS = 7,
 };
 
 enum tpm_timeout {
@@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
 };
 
 enum tpm2_capabilities {
+	TPM2_CAP_PCRS		= 5,
 	TPM2_CAP_TPM_PROPERTIES = 6,
 };
 
@@ -187,6 +189,8 @@ struct tpm_chip {
 
 	const struct attribute_group *groups[3];
 	unsigned int groups_cnt;
+
+	enum tpm2_algorithms active_banks[TPM2_MAX_PCR_BANKS];
 #ifdef CONFIG_ACPI
 	acpi_handle acpi_dev_handle;
 	char ppi_version[TPM_PPI_VERSION_LEN + 1];
@@ -545,4 +549,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
 void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
 unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
 int tpm2_probe(struct tpm_chip *chip);
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
 #endif
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 6eda239..dd03fd8 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -83,6 +83,25 @@ struct tpm2_get_tpm_pt_out {
 	__be32	value;
 } __packed;
 
+struct tpm2_tpms_pcr_selection {
+	__be16  hash_alg;
+	u8  size_of_select;
+	u8  pcr_select[3];
+} __packed;
+
+struct tpm2_getcap_in {
+	__be32	cap_id;
+	__be32	property_id;
+	__be32	property_cnt;
+} __packed;
+
+struct tpm2_getcap_out {
+	u8	more_data;
+	__be32  subcap_id;
+	__be32  count;
+	char	cap_data[0];
+} __packed;
+
 struct tpm2_get_random_in {
 	__be16	size;
 } __packed;
@@ -100,6 +119,8 @@ union tpm2_cmd_params {
 	struct	tpm2_pcr_extend_in	pcrextend_in;
 	struct	tpm2_get_tpm_pt_in	get_tpm_pt_in;
 	struct	tpm2_get_tpm_pt_out	get_tpm_pt_out;
+	struct	tpm2_getcap_in		getcap_in;
+	struct	tpm2_getcap_out		getcap_out;
 	struct	tpm2_get_random_in	getrandom_in;
 	struct	tpm2_get_random_out	getrandom_out;
 };
@@ -993,8 +1014,66 @@ int tpm2_auto_startup(struct tpm_chip *chip)
 		}
 	}
 
+	rc = tpm2_get_pcr_allocation(chip);
+
 out:
 	if (rc > 0)
 		rc = -ENODEV;
 	return rc;
 }
+
+#define TPM2_GETCAP_IN_SIZE \
+	(sizeof(struct tpm_input_header) + sizeof(struct tpm2_getcap_in))
+
+static const struct tpm_input_header tpm2_getcap_header = {
+	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
+	.length = cpu_to_be32(TPM2_GETCAP_IN_SIZE),
+	.ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
+};
+
+/**
+ * tpm2_get_pcr_allocation() - get TPM active PCR banks.
+ *
+ * @chip: TPM chip to use.
+ *
+ * Return: Same as with tpm_transmit_cmd.
+ */
+ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
+{
+	struct tpm2_cmd cmd;
+	struct tpm2_tpms_pcr_selection pcr_selection;
+	void *marker;
+	unsigned int count = 0;
+	int rc;
+	int i;
+
+	cmd.header.in = tpm2_getcap_header;
+	cmd.params.getcap_in.cap_id = cpu_to_be32(TPM2_CAP_PCRS);
+	cmd.params.getcap_in.property_id = cpu_to_be32(0);
+	cmd.params.getcap_in.property_cnt = cpu_to_be32(1);
+
+	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+			      "get tpm pcr allocation");
+	if (rc < 0)
+		goto out;
+
+	count = be32_to_cpu(cmd.params.getcap_out.count);
+	if (count > TPM2_MAX_PCR_BANKS) {
+		dev_err(&chip->dev,
+			"%s: Error: Invalid active PCR banks count\n",
+			__func__);
+		return -ENODEV;
+	}
+
+	marker = &cmd.params.getcap_out.cap_data;
+	for (i = 0; i < count; i++) {
+		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
+		chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
+		marker = marker + sizeof(struct tpm2_tpms_pcr_selection);
+	}
+
+out:
+	if (count < TPM2_MAX_PCR_BANKS)
+		chip->active_banks[count] = 0;
+	return rc;
+}
-- 
2.5.0


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

[PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[Nayna Jain]

The current TPM 2.0 device driver extends only the SHA1 PCR bank
but the TCG Specification[1] recommends extending all active PCR
banks, to prevent malicious users from setting unused PCR banks with
fake measurements and quoting them.

The existing in-kernel interface(tpm_pcr_extend()) expects only a
SHA1 digest.  To extend all active PCR banks with differing
digest sizes, the SHA1 digest is padded with trailing 0's as needed.

[1] TPM 2.0 Specification referred here is "TCG PC Client Specific
Platform Firmware Profile for TPM 2.0"

Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm-interface.c | 16 +++++++++-
 drivers/char/tpm/tpm.h           |  3 +-
 drivers/char/tpm/tpm2-cmd.c      | 67 ++++++++++++++++++++++------------------
 drivers/char/tpm/tpm_eventlog.h  | 15 +++++++++
 4 files changed, 69 insertions(+), 32 deletions(-)

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 769d8b0..04aee1c 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -7,6 +7,7 @@
  * Dave Safford <safford@watson.ibm.com>
  * Reiner Sailer <sailer@watson.ibm.com>
  * Kylene Hall <kjhall@us.ibm.com>
+ * Nayna Jain <nayna@linux.vnet.ibm.com>
  *
  * Maintained by: <tpmdd-devel@lists.sourceforge.net>
  *
@@ -756,6 +757,7 @@ static const struct tpm_input_header pcrextend_header = {
 int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
 {
 	struct tpm_cmd_t cmd;
+	int i;
 	int rc;
 	struct tpm_chip *chip;
 
@@ -764,7 +766,19 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
 		return -ENODEV;
 
 	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
-		rc = tpm2_pcr_extend(chip, pcr_idx, hash);
+		struct tpml_digest_values d_values;
+
+		memset(&d_values, 0, sizeof(d_values));
+
+		for (i = 0; (chip->active_banks[i] != 0) &&
+		     (i < TPM2_MAX_PCR_BANKS); i++) {
+			d_values.digests[i].alg_id = chip->active_banks[i];
+			memcpy(d_values.digests[i].digest, hash,
+			       TPM_DIGEST_SIZE);
+			d_values.count++;
+		}
+
+		rc = tpm2_pcr_extend(chip, pcr_idx, &d_values);
 		tpm_put_ops(chip);
 		return rc;
 	}
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 3d8121e..1d44a52 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -534,7 +534,8 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
 #endif
 
 int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
+int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
+		    struct tpml_digest_values *digests);
 int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
 int tpm2_seal_trusted(struct tpm_chip *chip,
 		      struct trusted_key_payload *payload,
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index dd03fd8..93d07bf 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -64,9 +64,7 @@ struct tpm2_pcr_extend_in {
 	__be32				pcr_idx;
 	__be32				auth_area_size;
 	struct tpm2_null_auth_area	auth_area;
-	__be32				digest_cnt;
-	__be16				hash_alg;
-	u8				digest[TPM_DIGEST_SIZE];
+	struct tpml_digest_values       digests;
 } __packed;
 
 struct tpm2_get_tpm_pt_in {
@@ -311,46 +309,55 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
 	return rc;
 }
 
-#define TPM2_GET_PCREXTEND_IN_SIZE \
-	(sizeof(struct tpm_input_header) + \
-	 sizeof(struct tpm2_pcr_extend_in))
-
-static const struct tpm_input_header tpm2_pcrextend_header = {
-	.tag = cpu_to_be16(TPM2_ST_SESSIONS),
-	.length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
-	.ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
-};
-
 /**
  * tpm2_pcr_extend() - extend a PCR value
  *
  * @chip:	TPM chip to use.
  * @pcr_idx:	index of the PCR.
- * @hash:	hash value to use for the extend operation.
+ * @digests:	list of pcr banks and corresponding hash values to be extended.
  *
  * Return: Same as with tpm_transmit_cmd.
  */
-int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
+int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
+		    struct tpml_digest_values *digests)
 {
-	struct tpm2_cmd cmd;
+	struct tpm_buf buf;
+	struct tpm2_null_auth_area auth_area;
 	int rc;
+	int i;
+	int j;
+
+	tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
+	tpm_buf_append_u32(&buf, pcr_idx);
+
+	auth_area.handle = cpu_to_be32(TPM2_RS_PW);
+	auth_area.nonce_size = 0;
+	auth_area.attributes = 0;
+	auth_area.auth_size = 0;
+
+	tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
+	tpm_buf_append(&buf, (const unsigned char *)&auth_area,
+		       sizeof(auth_area));
+	tpm_buf_append_u32(&buf, digests->count);
+
+	for (i = 0; i < digests->count; i++) {
+		for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) {
+			if (digests->digests[i].alg_id !=
+			    tpm2_hash_map[j].tpm_id)
+				continue;
+
+			tpm_buf_append_u16(&buf, digests->digests[i].alg_id);
+			tpm_buf_append(&buf, (const unsigned char
+					      *)&digests->digests[i].digest,
+			       hash_digest_size[tpm2_hash_map[j].crypto_id]);
+		}
+	}
 
-	cmd.header.in = tpm2_pcrextend_header;
-	cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
-	cmd.params.pcrextend_in.auth_area_size =
-		cpu_to_be32(sizeof(struct tpm2_null_auth_area));
-	cmd.params.pcrextend_in.auth_area.handle =
-		cpu_to_be32(TPM2_RS_PW);
-	cmd.params.pcrextend_in.auth_area.nonce_size = 0;
-	cmd.params.pcrextend_in.auth_area.attributes = 0;
-	cmd.params.pcrextend_in.auth_area.auth_size = 0;
-	cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1);
-	cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
-	memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE);
-
-	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
+	rc = tpm_transmit_cmd(chip, buf.data, tpm_buf_length(&buf), 0,
 			      "attempting extend a PCR value");
 
+	tpm_buf_destroy(&buf);
+
 	return rc;
 }
 
diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
index 1660d74..7d97b51 100644
--- a/drivers/char/tpm/tpm_eventlog.h
+++ b/drivers/char/tpm/tpm_eventlog.h
@@ -2,9 +2,12 @@
 #ifndef __TPM_EVENTLOG_H__
 #define __TPM_EVENTLOG_H__
 
+#include <crypto/hash_info.h>
+
 #define TCG_EVENT_NAME_LEN_MAX	255
 #define MAX_TEXT_EVENT		1000	/* Max event string length */
 #define ACPI_TCPA_SIG		"TCPA"	/* 0x41504354 /'TCPA' */
+#define TPM2_ACTIVE_PCR_BANKS	3
 
 #ifdef CONFIG_PPC64
 #define do_endian_conversion(x) be32_to_cpu(x)
@@ -73,6 +76,18 @@ enum tcpa_pc_event_ids {
 	HOST_TABLE_OF_DEVICES,
 };
 
+/* TPM 2.0 Crypto agile algorithm and respective digest. */
+struct tpmt_ha {
+	u16 alg_id;
+	u8 digest[SHA384_DIGEST_SIZE];
+} __packed;
+
+/* TPM 2.0 Crypto agile digests list. */
+struct tpml_digest_values {
+	u32 count;
+	struct tpmt_ha digests[TPM2_ACTIVE_PCR_BANKS];
+} __packed;
+
 #if defined(CONFIG_ACPI)
 int tpm_read_log_acpi(struct tpm_chip *chip);
 #else
-- 
2.5.0

Re: [PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 4715 bytes --]

Hi Nayna,

[auto build test WARNING on next-20161224]
[also build test WARNING on v4.10-rc1]
[cannot apply to char-misc/char-misc-testing v4.9-rc8 v4.9-rc7 v4.9-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Nayna-Jain/tpm-enhance-TPM-2-0-extend-function-to-support-multiple-PCR-banks/20161231-033757
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gnu-gcc (Debian 6.1.1-9) 6.1.1 20160705
reproduce:
        wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=powerpc 

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   In file included from include/linux/byteorder/big_endian.h:4:0,
                    from arch/powerpc/include/uapi/asm/byteorder.h:13,
                    from include/asm-generic/bitops/le.h:5,
                    from arch/powerpc/include/asm/bitops.h:279,
                    from include/linux/bitops.h:36,
                    from include/linux/kernel.h:10,
                    from include/linux/list.h:8,
                    from include/linux/module.h:9,
                    from drivers/char/tpm/tpm.h:26,
                    from drivers/char/tpm/tpm2-cmd.c:18:
   drivers/char/tpm/tpm2-cmd.c: In function 'tpm2_pcr_extend':
>> include/uapi/linux/byteorder/big_endian.h:39:27: warning: 'buf.data' may be used uninitialized in this function [-Wmaybe-uninitialized]
    #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
                              ^
   drivers/char/tpm/tpm2-cmd.c:324:17: note: 'buf.data' was declared here
     struct tpm_buf buf;
                    ^~~

vim +39 include/uapi/linux/byteorder/big_endian.h

5921e6f8 David Howells  2012-10-13  23  #define __constant_le16_to_cpu(x) ___constant_swab16((__force __u16)(__le16)(x))
5921e6f8 David Howells  2012-10-13  24  #define __constant_cpu_to_be64(x) ((__force __be64)(__u64)(x))
5921e6f8 David Howells  2012-10-13  25  #define __constant_be64_to_cpu(x) ((__force __u64)(__be64)(x))
5921e6f8 David Howells  2012-10-13  26  #define __constant_cpu_to_be32(x) ((__force __be32)(__u32)(x))
5921e6f8 David Howells  2012-10-13  27  #define __constant_be32_to_cpu(x) ((__force __u32)(__be32)(x))
5921e6f8 David Howells  2012-10-13  28  #define __constant_cpu_to_be16(x) ((__force __be16)(__u16)(x))
5921e6f8 David Howells  2012-10-13  29  #define __constant_be16_to_cpu(x) ((__force __u16)(__be16)(x))
5921e6f8 David Howells  2012-10-13  30  #define __cpu_to_le64(x) ((__force __le64)__swab64((x)))
5921e6f8 David Howells  2012-10-13  31  #define __le64_to_cpu(x) __swab64((__force __u64)(__le64)(x))
5921e6f8 David Howells  2012-10-13  32  #define __cpu_to_le32(x) ((__force __le32)__swab32((x)))
5921e6f8 David Howells  2012-10-13  33  #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
5921e6f8 David Howells  2012-10-13  34  #define __cpu_to_le16(x) ((__force __le16)__swab16((x)))
5921e6f8 David Howells  2012-10-13  35  #define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
5921e6f8 David Howells  2012-10-13  36  #define __cpu_to_be64(x) ((__force __be64)(__u64)(x))
5921e6f8 David Howells  2012-10-13  37  #define __be64_to_cpu(x) ((__force __u64)(__be64)(x))
5921e6f8 David Howells  2012-10-13  38  #define __cpu_to_be32(x) ((__force __be32)(__u32)(x))
5921e6f8 David Howells  2012-10-13 @39  #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
5921e6f8 David Howells  2012-10-13  40  #define __cpu_to_be16(x) ((__force __be16)(__u16)(x))
5921e6f8 David Howells  2012-10-13  41  #define __be16_to_cpu(x) ((__force __u16)(__be16)(x))
5921e6f8 David Howells  2012-10-13  42  
bc27fb68 Denys Vlasenko 2016-03-17  43  static __always_inline __le64 __cpu_to_le64p(const __u64 *p)
5921e6f8 David Howells  2012-10-13  44  {
5921e6f8 David Howells  2012-10-13  45  	return (__force __le64)__swab64p(p);
5921e6f8 David Howells  2012-10-13  46  }
bc27fb68 Denys Vlasenko 2016-03-17  47  static __always_inline __u64 __le64_to_cpup(const __le64 *p)

:::::: The code at line 39 was first introduced by commit
:::::: 5921e6f8809b1616932ca4afd40fe449faa8fd88 UAPI: (Scripted) Disintegrate include/linux/byteorder

:::::: TO: David Howells <dhowells@redhat.com>
:::::: CC: David Howells <dhowells@redhat.com>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 51877 bytes --]

Re: [PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 4715 bytes --]

Hi Nayna,

[auto build test WARNING on next-20161224]
[also build test WARNING on v4.10-rc1]
[cannot apply to char-misc/char-misc-testing v4.9-rc8 v4.9-rc7 v4.9-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Nayna-Jain/tpm-enhance-TPM-2-0-extend-function-to-support-multiple-PCR-banks/20161231-033757
config: powerpc-allyesconfig (attached as .config)
compiler: powerpc64-linux-gnu-gcc (Debian 6.1.1-9) 6.1.1 20160705
reproduce:
        wget https://git.kernel.org/cgit/linux/kernel/git/wfg/lkp-tests.git/plain/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        make.cross ARCH=powerpc 

Note: it may well be a FALSE warning. FWIW you are at least aware of it now.
http://gcc.gnu.org/wiki/Better_Uninitialized_Warnings

All warnings (new ones prefixed by >>):

   In file included from include/linux/byteorder/big_endian.h:4:0,
                    from arch/powerpc/include/uapi/asm/byteorder.h:13,
                    from include/asm-generic/bitops/le.h:5,
                    from arch/powerpc/include/asm/bitops.h:279,
                    from include/linux/bitops.h:36,
                    from include/linux/kernel.h:10,
                    from include/linux/list.h:8,
                    from include/linux/module.h:9,
                    from drivers/char/tpm/tpm.h:26,
                    from drivers/char/tpm/tpm2-cmd.c:18:
   drivers/char/tpm/tpm2-cmd.c: In function 'tpm2_pcr_extend':
>> include/uapi/linux/byteorder/big_endian.h:39:27: warning: 'buf.data' may be used uninitialized in this function [-Wmaybe-uninitialized]
    #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
                              ^
   drivers/char/tpm/tpm2-cmd.c:324:17: note: 'buf.data' was declared here
     struct tpm_buf buf;
                    ^~~

vim +39 include/uapi/linux/byteorder/big_endian.h

5921e6f8 David Howells  2012-10-13  23  #define __constant_le16_to_cpu(x) ___constant_swab16((__force __u16)(__le16)(x))
5921e6f8 David Howells  2012-10-13  24  #define __constant_cpu_to_be64(x) ((__force __be64)(__u64)(x))
5921e6f8 David Howells  2012-10-13  25  #define __constant_be64_to_cpu(x) ((__force __u64)(__be64)(x))
5921e6f8 David Howells  2012-10-13  26  #define __constant_cpu_to_be32(x) ((__force __be32)(__u32)(x))
5921e6f8 David Howells  2012-10-13  27  #define __constant_be32_to_cpu(x) ((__force __u32)(__be32)(x))
5921e6f8 David Howells  2012-10-13  28  #define __constant_cpu_to_be16(x) ((__force __be16)(__u16)(x))
5921e6f8 David Howells  2012-10-13  29  #define __constant_be16_to_cpu(x) ((__force __u16)(__be16)(x))
5921e6f8 David Howells  2012-10-13  30  #define __cpu_to_le64(x) ((__force __le64)__swab64((x)))
5921e6f8 David Howells  2012-10-13  31  #define __le64_to_cpu(x) __swab64((__force __u64)(__le64)(x))
5921e6f8 David Howells  2012-10-13  32  #define __cpu_to_le32(x) ((__force __le32)__swab32((x)))
5921e6f8 David Howells  2012-10-13  33  #define __le32_to_cpu(x) __swab32((__force __u32)(__le32)(x))
5921e6f8 David Howells  2012-10-13  34  #define __cpu_to_le16(x) ((__force __le16)__swab16((x)))
5921e6f8 David Howells  2012-10-13  35  #define __le16_to_cpu(x) __swab16((__force __u16)(__le16)(x))
5921e6f8 David Howells  2012-10-13  36  #define __cpu_to_be64(x) ((__force __be64)(__u64)(x))
5921e6f8 David Howells  2012-10-13  37  #define __be64_to_cpu(x) ((__force __u64)(__be64)(x))
5921e6f8 David Howells  2012-10-13  38  #define __cpu_to_be32(x) ((__force __be32)(__u32)(x))
5921e6f8 David Howells  2012-10-13 @39  #define __be32_to_cpu(x) ((__force __u32)(__be32)(x))
5921e6f8 David Howells  2012-10-13  40  #define __cpu_to_be16(x) ((__force __be16)(__u16)(x))
5921e6f8 David Howells  2012-10-13  41  #define __be16_to_cpu(x) ((__force __u16)(__be16)(x))
5921e6f8 David Howells  2012-10-13  42  
bc27fb68 Denys Vlasenko 2016-03-17  43  static __always_inline __le64 __cpu_to_le64p(const __u64 *p)
5921e6f8 David Howells  2012-10-13  44  {
5921e6f8 David Howells  2012-10-13  45  	return (__force __le64)__swab64p(p);
5921e6f8 David Howells  2012-10-13  46  }
bc27fb68 Denys Vlasenko 2016-03-17  47  static __always_inline __u64 __le64_to_cpup(const __le64 *p)

:::::: The code at line 39 was first introduced by commit
:::::: 5921e6f8809b1616932ca4afd40fe449faa8fd88 UAPI: (Scripted) Disintegrate include/linux/byteorder

:::::: TO: David Howells <dhowells@redhat.com>
:::::: CC: David Howells <dhowells@redhat.com>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 51877 bytes --]

Re: [PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 913 bytes --]

Hi Nayna,

[auto build test ERROR on next-20161224]
[also build test ERROR on v4.10-rc1]
[cannot apply to char-misc/char-misc-testing v4.9-rc8 v4.9-rc7 v4.9-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Nayna-Jain/tpm-enhance-TPM-2-0-extend-function-to-support-multiple-PCR-banks/20161231-033757
config: x86_64-allyesdebian (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   drivers/built-in.o: In function `tpm2_pcr_extend':
>> (.text+0x1b2345): undefined reference to `hash_digest_size'

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 38083 bytes --]

Re: [PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[kbuild test robot]

[-- Attachment #1: Type: text/plain, Size: 913 bytes --]

Hi Nayna,

[auto build test ERROR on next-20161224]
[also build test ERROR on v4.10-rc1]
[cannot apply to char-misc/char-misc-testing v4.9-rc8 v4.9-rc7 v4.9-rc6]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Nayna-Jain/tpm-enhance-TPM-2-0-extend-function-to-support-multiple-PCR-banks/20161231-033757
config: x86_64-allyesdebian (attached as .config)
compiler: gcc-6 (Debian 6.2.0-3) 6.2.0 20160901
reproduce:
        # save the attached .config to linux build tree
        make ARCH=x86_64 

All errors (new ones prefixed by >>):

   drivers/built-in.o: In function `tpm2_pcr_extend':
>> (.text+0x1b2345): undefined reference to `hash_digest_size'

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 38083 bytes --]

Re: [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Jarkko Sakkinen]

On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> IMA extends its hash measurements in the TPM PCRs, based on policy.
> The existing in-kernel TPM extend function extends only the SHA1
> PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> extending all active PCR banks to prevent malicious users from
> setting unused PCR banks with fake measurements and quoting them.
> This patch set adds support for extending all active PCR banks,
> as recommended.
> 
> The first patch implements the TPM 2.0 capability to retrieve
> the list of active PCR banks.
> 
> The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> interface to support extending multiple PCR banks. The existing
> tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> extend all active PCR banks with differing digest sizes for TPM 2.0,
> the SHA1 digest is padded with 0's as needed.
> 
> This approach is taken to maintain backwards compatibility for IMA
> in order to continue working with both TPM 1.2 and TPM 2.0 without
> any changes and still comply with TCG TPM 2.0 Specification[1].

What is the plan to improve IMA so that it can use better hash
algorithms? For me this zero padding sounds like a hack.

> [1] TPM 2.0 Specification referred here is "TCG PC Client Specific
> Platform Firmware Profile for TPM 2.0"
> 
> Changelog v2:
> 
> - Patch "tpm: implement TPM 2.0 capability to get active PCR banks"
>   - defined structs definition in tpm2-cmd.c.
>   - no_of_active_banks field is removed. Instead, constant
>   TPM2_MAX_PCR_BANKS is defined.
>   - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation()
>   - removed generic function tpm2_get_capability().
> 
> - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks"
>  - Removed tpm2.h, and defined structs common for extend and event log
>   in tpm_eventlog.h
>  - uses tpm_buf in tpm2_pcr_extend().
> 
> Nayna Jain (2):
>   tpm: implement TPM 2.0 capability to get active PCR banks
>   tpm: enhance TPM 2.0 PCR extend to support multiple banks
> 
>  drivers/char/tpm/tpm-interface.c |  16 ++++-
>  drivers/char/tpm/tpm.h           |   8 ++-
>  drivers/char/tpm/tpm2-cmd.c      | 146 +++++++++++++++++++++++++++++++--------
>  drivers/char/tpm/tpm_eventlog.h  |  15 ++++
>  4 files changed, 153 insertions(+), 32 deletions(-)
> 
> -- 
> 2.5.0
> 

Re: [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Jarkko Sakkinen]

On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> IMA extends its hash measurements in the TPM PCRs, based on policy.
> The existing in-kernel TPM extend function extends only the SHA1
> PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> extending all active PCR banks to prevent malicious users from
> setting unused PCR banks with fake measurements and quoting them.
> This patch set adds support for extending all active PCR banks,
> as recommended.
> 
> The first patch implements the TPM 2.0 capability to retrieve
> the list of active PCR banks.
> 
> The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> interface to support extending multiple PCR banks. The existing
> tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> extend all active PCR banks with differing digest sizes for TPM 2.0,
> the SHA1 digest is padded with 0's as needed.
> 
> This approach is taken to maintain backwards compatibility for IMA
> in order to continue working with both TPM 1.2 and TPM 2.0 without
> any changes and still comply with TCG TPM 2.0 Specification[1].

What is the plan to improve IMA so that it can use better hash
algorithms? For me this zero padding sounds like a hack.

> [1] TPM 2.0 Specification referred here is "TCG PC Client Specific
> Platform Firmware Profile for TPM 2.0"
> 
> Changelog v2:
> 
> - Patch "tpm: implement TPM 2.0 capability to get active PCR banks"
>   - defined structs definition in tpm2-cmd.c.
>   - no_of_active_banks field is removed. Instead, constant
>   TPM2_MAX_PCR_BANKS is defined.
>   - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation()
>   - removed generic function tpm2_get_capability().
> 
> - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks"
>  - Removed tpm2.h, and defined structs common for extend and event log
>   in tpm_eventlog.h
>  - uses tpm_buf in tpm2_pcr_extend().
> 
> Nayna Jain (2):
>   tpm: implement TPM 2.0 capability to get active PCR banks
>   tpm: enhance TPM 2.0 PCR extend to support multiple banks
> 
>  drivers/char/tpm/tpm-interface.c |  16 ++++-
>  drivers/char/tpm/tpm.h           |   8 ++-
>  drivers/char/tpm/tpm2-cmd.c      | 146 +++++++++++++++++++++++++++++++--------
>  drivers/char/tpm/tpm_eventlog.h  |  15 ++++
>  4 files changed, 153 insertions(+), 32 deletions(-)
> 
> -- 
> 2.5.0
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

Re: [tpmdd-devel] [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Mimi Zohar]

On Tue, 2017-01-03 at 00:15 +0200, Jarkko Sakkinen wrote:
> On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > The existing in-kernel TPM extend function extends only the SHA1
> > PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> > hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> > extending all active PCR banks to prevent malicious users from
> > setting unused PCR banks with fake measurements and quoting them.
> > This patch set adds support for extending all active PCR banks,
> > as recommended.

For this reason, the change is needed whether we're extending the SHA1
bank or any of the other TPM 2.0 banks.

> > The first patch implements the TPM 2.0 capability to retrieve
> > the list of active PCR banks.
> > 
> > The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> > interface to support extending multiple PCR banks. The existing
> > tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> > extend all active PCR banks with differing digest sizes for TPM 2.0,
> > the SHA1 digest is padded with 0's as needed.
> > 
> > This approach is taken to maintain backwards compatibility for IMA
> > in order to continue working with both TPM 1.2 and TPM 2.0 without
> > any changes and still comply with TCG TPM 2.0 Specification[1].
> 
> What is the plan to improve IMA so that it can use better hash
> algorithms? For me this zero padding sounds like a hack.

In one case, we'll be padding the SHA1 hash, while in the other cases we
would be truncating the hash.   Unfortunately, the need to extend
multiple banks doesn't go away when IMA supports larger digests.

Nayna, could you remove this [unnecessary] paragraph?

Mimi

> > [1] TPM 2.0 Specification referred here is "TCG PC Client Specific
> > Platform Firmware Profile for TPM 2.0"
> > 
> > Changelog v2:
> > 
> > - Patch "tpm: implement TPM 2.0 capability to get active PCR banks"
> >   - defined structs definition in tpm2-cmd.c.
> >   - no_of_active_banks field is removed. Instead, constant
> >   TPM2_MAX_PCR_BANKS is defined.
> >   - renamed tpm2_get_active_pcr_banks() to tpm2_get_pcr_allocation()
> >   - removed generic function tpm2_get_capability().
> > 
> > - Patch "tpm: enchance TPM 2.0 PCR extend to support multiple banks"
> >  - Removed tpm2.h, and defined structs common for extend and event log
> >   in tpm_eventlog.h
> >  - uses tpm_buf in tpm2_pcr_extend().
> > 
> > Nayna Jain (2):
> >   tpm: implement TPM 2.0 capability to get active PCR banks
> >   tpm: enhance TPM 2.0 PCR extend to support multiple banks
> > 
> >  drivers/char/tpm/tpm-interface.c |  16 ++++-
> >  drivers/char/tpm/tpm.h           |   8 ++-
> >  drivers/char/tpm/tpm2-cmd.c      | 146 +++++++++++++++++++++++++++++++--------
> >  drivers/char/tpm/tpm_eventlog.h  |  15 ++++
> >  4 files changed, 153 insertions(+), 32 deletions(-)
> > 
> > -- 
> > 2.5.0
> > 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most 
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
> 

Re: [tpmdd-devel] [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Jarkko Sakkinen]

On Tue, Jan 03, 2017 at 12:15:50AM +0200, Jarkko Sakkinen wrote:
> On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > The existing in-kernel TPM extend function extends only the SHA1
> > PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> > hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> > extending all active PCR banks to prevent malicious users from
> > setting unused PCR banks with fake measurements and quoting them.
> > This patch set adds support for extending all active PCR banks,
> > as recommended.
> > 
> > The first patch implements the TPM 2.0 capability to retrieve
> > the list of active PCR banks.
> > 
> > The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> > interface to support extending multiple PCR banks. The existing
> > tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> > extend all active PCR banks with differing digest sizes for TPM 2.0,
> > the SHA1 digest is padded with 0's as needed.
> > 
> > This approach is taken to maintain backwards compatibility for IMA
> > in order to continue working with both TPM 1.2 and TPM 2.0 without
> > any changes and still comply with TCG TPM 2.0 Specification[1].
> 
> What is the plan to improve IMA so that it can use better hash
> algorithms? For me this zero padding sounds like a hack.

I'm fine with zero padding if there is also at minimum to improve the
situation. I do not want to apply these patches if they are ought to
become a bottlenek.

/Jarkko

Re: [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Jarkko Sakkinen]

On Tue, Jan 03, 2017 at 12:15:50AM +0200, Jarkko Sakkinen wrote:
> On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > The existing in-kernel TPM extend function extends only the SHA1
> > PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> > hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> > extending all active PCR banks to prevent malicious users from
> > setting unused PCR banks with fake measurements and quoting them.
> > This patch set adds support for extending all active PCR banks,
> > as recommended.
> > 
> > The first patch implements the TPM 2.0 capability to retrieve
> > the list of active PCR banks.
> > 
> > The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> > interface to support extending multiple PCR banks. The existing
> > tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> > extend all active PCR banks with differing digest sizes for TPM 2.0,
> > the SHA1 digest is padded with 0's as needed.
> > 
> > This approach is taken to maintain backwards compatibility for IMA
> > in order to continue working with both TPM 1.2 and TPM 2.0 without
> > any changes and still comply with TCG TPM 2.0 Specification[1].
> 
> What is the plan to improve IMA so that it can use better hash
> algorithms? For me this zero padding sounds like a hack.

I'm fine with zero padding if there is also at minimum to improve the
situation. I do not want to apply these patches if they are ought to
become a bottlenek.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

Re: [tpmdd-devel] [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Jarkko Sakkinen]

On Tue, Jan 03, 2017 at 07:27:49AM -0500, Mimi Zohar wrote:
> On Tue, 2017-01-03 at 00:15 +0200, Jarkko Sakkinen wrote:
> > On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > > The existing in-kernel TPM extend function extends only the SHA1
> > > PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> > > hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> > > extending all active PCR banks to prevent malicious users from
> > > setting unused PCR banks with fake measurements and quoting them.
> > > This patch set adds support for extending all active PCR banks,
> > > as recommended.
> 
> For this reason, the change is needed whether we're extending the SHA1
> bank or any of the other TPM 2.0 banks.
> 
> > > The first patch implements the TPM 2.0 capability to retrieve
> > > the list of active PCR banks.
> > > 
> > > The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> > > interface to support extending multiple PCR banks. The existing
> > > tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> > > extend all active PCR banks with differing digest sizes for TPM 2.0,
> > > the SHA1 digest is padded with 0's as needed.
> > > 
> > > This approach is taken to maintain backwards compatibility for IMA
> > > in order to continue working with both TPM 1.2 and TPM 2.0 without
> > > any changes and still comply with TCG TPM 2.0 Specification[1].
> > 
> > What is the plan to improve IMA so that it can use better hash
> > algorithms? For me this zero padding sounds like a hack.
> 
> In one case, we'll be padding the SHA1 hash, while in the other cases we
> would be truncating the hash.   Unfortunately, the need to extend
> multiple banks doesn't go away when IMA supports larger digests.
> 
> Nayna, could you remove this [unnecessary] paragraph?

OK, I think I got it. I'll try to test these patches before further
reviewing. Thank you.

> Mimi

/Jarkko

Re: [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

[Jarkko Sakkinen]

On Tue, Jan 03, 2017 at 07:27:49AM -0500, Mimi Zohar wrote:
> On Tue, 2017-01-03 at 00:15 +0200, Jarkko Sakkinen wrote:
> > On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > > The existing in-kernel TPM extend function extends only the SHA1
> > > PCR bank. TPM 2.0 defines multiple PCR banks, to support different
> > > hash algorithms. The TCG TPM 2.0 Specification[1] recommends
> > > extending all active PCR banks to prevent malicious users from
> > > setting unused PCR banks with fake measurements and quoting them.
> > > This patch set adds support for extending all active PCR banks,
> > > as recommended.
> 
> For this reason, the change is needed whether we're extending the SHA1
> bank or any of the other TPM 2.0 banks.
> 
> > > The first patch implements the TPM 2.0 capability to retrieve
> > > the list of active PCR banks.
> > > 
> > > The second patch modifies the tpm_pcr_extend() and tpm2_pcr_extend()
> > > interface to support extending multiple PCR banks. The existing
> > > tpm_pcr_extend() interface expects only a SHA1 digest. Hence, to
> > > extend all active PCR banks with differing digest sizes for TPM 2.0,
> > > the SHA1 digest is padded with 0's as needed.
> > > 
> > > This approach is taken to maintain backwards compatibility for IMA
> > > in order to continue working with both TPM 1.2 and TPM 2.0 without
> > > any changes and still comply with TCG TPM 2.0 Specification[1].
> > 
> > What is the plan to improve IMA so that it can use better hash
> > algorithms? For me this zero padding sounds like a hack.
> 
> In one case, we'll be padding the SHA1 hash, while in the other cases we
> would be truncating the hash.   Unfortunately, the need to extend
> multiple banks doesn't go away when IMA supports larger digests.
> 
> Nayna, could you remove this [unnecessary] paragraph?

OK, I think I got it. I'll try to test these patches before further
reviewing. Thank you.

> Mimi

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

Re: [PATCH v2 1/2] tpm: implement TPM 2.0 capability to get active PCR banks

[Jarkko Sakkinen]

On Fri, Dec 30, 2016 at 02:02:29PM -0500, Nayna Jain wrote:
> This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
> retrieve the active PCR banks from the TPM. This is needed
> to enable extending all active banks as recommended by TPM 2.0
> TCG Specification.
> 
> Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>
> ---
>  drivers/char/tpm/tpm.h      |  5 +++
>  drivers/char/tpm/tpm2-cmd.c | 79 +++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
> 
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 1ae9768..3d8121e 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -43,6 +43,7 @@ enum tpm_const {
>  	TPM_NUM_DEVICES = 65536,
>  	TPM_RETRY = 50,		/* 5 seconds */
>  	TPM_NUM_EVENT_LOG_FILES = 3,
> +	TPM2_MAX_PCR_BANKS = 7,

Remove and use ARRAY_SIZE().

>  };
>  
>  enum tpm_timeout {
> @@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
>  };
>  
>  enum tpm2_capabilities {
> +	TPM2_CAP_PCRS		= 5,
>  	TPM2_CAP_TPM_PROPERTIES = 6,
>  };
>  
> @@ -187,6 +189,8 @@ struct tpm_chip {
>  
>  	const struct attribute_group *groups[3];
>  	unsigned int groups_cnt;
> +
> +	enum tpm2_algorithms active_banks[TPM2_MAX_PCR_BANKS];

u16

>  #ifdef CONFIG_ACPI
>  	acpi_handle acpi_dev_handle;
>  	char ppi_version[TPM_PPI_VERSION_LEN + 1];
> @@ -545,4 +549,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
>  void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
>  unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
>  int tpm2_probe(struct tpm_chip *chip);
> +ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
>  #endif
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 6eda239..dd03fd8 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -83,6 +83,25 @@ struct tpm2_get_tpm_pt_out {
>  	__be32	value;
>  } __packed;
>  
> +struct tpm2_tpms_pcr_selection {
> +	__be16  hash_alg;
> +	u8  size_of_select;
> +	u8  pcr_select[3];
> +} __packed;
> +
> +struct tpm2_getcap_in {
> +	__be32	cap_id;
> +	__be32	property_id;
> +	__be32	property_cnt;
> +} __packed;
> +
> +struct tpm2_getcap_out {
> +	u8	more_data;
> +	__be32  subcap_id;
> +	__be32  count;
> +	char	cap_data[0];
> +} __packed;
> +

Use tpm_buf and remove tpm2_getcap_in.
Remove tpm2_getcap_out.
Remove alignment.

>  struct tpm2_get_random_in {
>  	__be16	size;
>  } __packed;
> @@ -100,6 +119,8 @@ union tpm2_cmd_params {
>  	struct	tpm2_pcr_extend_in	pcrextend_in;
>  	struct	tpm2_get_tpm_pt_in	get_tpm_pt_in;
>  	struct	tpm2_get_tpm_pt_out	get_tpm_pt_out;
> +	struct	tpm2_getcap_in		getcap_in;
> +	struct	tpm2_getcap_out		getcap_out;

Do not put anything into this union. It is deprecated.

>  	struct	tpm2_get_random_in	getrandom_in;
>  	struct	tpm2_get_random_out	getrandom_out;
>  };
> @@ -993,8 +1014,66 @@ int tpm2_auto_startup(struct tpm_chip *chip)
>  		}
>  	}
>  
> +	rc = tpm2_get_pcr_allocation(chip);
> +
>  out:
>  	if (rc > 0)
>  		rc = -ENODEV;
>  	return rc;
>  }
> +
> +#define TPM2_GETCAP_IN_SIZE \
> +	(sizeof(struct tpm_input_header) + sizeof(struct tpm2_getcap_in))
> +
> +static const struct tpm_input_header tpm2_getcap_header = {
> +	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
> +	.length = cpu_to_be32(TPM2_GETCAP_IN_SIZE),
> +	.ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
> +};
> +
> +/**
> + * tpm2_get_pcr_allocation() - get TPM active PCR banks.
> + *
> + * @chip: TPM chip to use.
> + *
> + * Return: Same as with tpm_transmit_cmd.
> + */
> +ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
> +{
> +	struct tpm2_cmd cmd;
> +	struct tpm2_tpms_pcr_selection pcr_selection;
> +	void *marker;
> +	unsigned int count = 0;
> +	int rc;
> +	int i;
> +
> +	cmd.header.in = tpm2_getcap_header;
> +	cmd.params.getcap_in.cap_id = cpu_to_be32(TPM2_CAP_PCRS);
> +	cmd.params.getcap_in.property_id = cpu_to_be32(0);
> +	cmd.params.getcap_in.property_cnt = cpu_to_be32(1);
> +
> +	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
> +			      "get tpm pcr allocation");
> +	if (rc < 0)
> +		goto out;
> +
> +	count = be32_to_cpu(cmd.params.getcap_out.count);
> +	if (count > TPM2_MAX_PCR_BANKS) {
> +		dev_err(&chip->dev,
> +			"%s: Error: Invalid active PCR banks count\n",

"Error:" is redundant.

> +			__func__);
> +		return -ENODEV;
> +	}
> +
> +	marker = &cmd.params.getcap_out.cap_data;
> +	for (i = 0; i < count; i++) {
> +		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
> +		chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
> +		marker = marker + sizeof(struct tpm2_tpms_pcr_selection);
> +	}
> +
> +out:
> +	if (count < TPM2_MAX_PCR_BANKS)
> +		chip->active_banks[count] = 0;
> +	return rc;
> +}
> -- 
> 2.5.0

/Jarkko

Re: [PATCH v2 1/2] tpm: implement TPM 2.0 capability to get active PCR banks

[Jarkko Sakkinen]

On Fri, Dec 30, 2016 at 02:02:29PM -0500, Nayna Jain wrote:
> This patch implements the TPM 2.0 capability TPM_CAP_PCRS to
> retrieve the active PCR banks from the TPM. This is needed
> to enable extending all active banks as recommended by TPM 2.0
> TCG Specification.
> 
> Signed-off-by: Nayna Jain <nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
> ---
>  drivers/char/tpm/tpm.h      |  5 +++
>  drivers/char/tpm/tpm2-cmd.c | 79 +++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 84 insertions(+)
> 
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 1ae9768..3d8121e 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -43,6 +43,7 @@ enum tpm_const {
>  	TPM_NUM_DEVICES = 65536,
>  	TPM_RETRY = 50,		/* 5 seconds */
>  	TPM_NUM_EVENT_LOG_FILES = 3,
> +	TPM2_MAX_PCR_BANKS = 7,

Remove and use ARRAY_SIZE().

>  };
>  
>  enum tpm_timeout {
> @@ -127,6 +128,7 @@ enum tpm2_permanent_handles {
>  };
>  
>  enum tpm2_capabilities {
> +	TPM2_CAP_PCRS		= 5,
>  	TPM2_CAP_TPM_PROPERTIES = 6,
>  };
>  
> @@ -187,6 +189,8 @@ struct tpm_chip {
>  
>  	const struct attribute_group *groups[3];
>  	unsigned int groups_cnt;
> +
> +	enum tpm2_algorithms active_banks[TPM2_MAX_PCR_BANKS];

u16

>  #ifdef CONFIG_ACPI
>  	acpi_handle acpi_dev_handle;
>  	char ppi_version[TPM_PPI_VERSION_LEN + 1];
> @@ -545,4 +549,5 @@ int tpm2_auto_startup(struct tpm_chip *chip);
>  void tpm2_shutdown(struct tpm_chip *chip, u16 shutdown_type);
>  unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
>  int tpm2_probe(struct tpm_chip *chip);
> +ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip);
>  #endif
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 6eda239..dd03fd8 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -83,6 +83,25 @@ struct tpm2_get_tpm_pt_out {
>  	__be32	value;
>  } __packed;
>  
> +struct tpm2_tpms_pcr_selection {
> +	__be16  hash_alg;
> +	u8  size_of_select;
> +	u8  pcr_select[3];
> +} __packed;
> +
> +struct tpm2_getcap_in {
> +	__be32	cap_id;
> +	__be32	property_id;
> +	__be32	property_cnt;
> +} __packed;
> +
> +struct tpm2_getcap_out {
> +	u8	more_data;
> +	__be32  subcap_id;
> +	__be32  count;
> +	char	cap_data[0];
> +} __packed;
> +

Use tpm_buf and remove tpm2_getcap_in.
Remove tpm2_getcap_out.
Remove alignment.

>  struct tpm2_get_random_in {
>  	__be16	size;
>  } __packed;
> @@ -100,6 +119,8 @@ union tpm2_cmd_params {
>  	struct	tpm2_pcr_extend_in	pcrextend_in;
>  	struct	tpm2_get_tpm_pt_in	get_tpm_pt_in;
>  	struct	tpm2_get_tpm_pt_out	get_tpm_pt_out;
> +	struct	tpm2_getcap_in		getcap_in;
> +	struct	tpm2_getcap_out		getcap_out;

Do not put anything into this union. It is deprecated.

>  	struct	tpm2_get_random_in	getrandom_in;
>  	struct	tpm2_get_random_out	getrandom_out;
>  };
> @@ -993,8 +1014,66 @@ int tpm2_auto_startup(struct tpm_chip *chip)
>  		}
>  	}
>  
> +	rc = tpm2_get_pcr_allocation(chip);
> +
>  out:
>  	if (rc > 0)
>  		rc = -ENODEV;
>  	return rc;
>  }
> +
> +#define TPM2_GETCAP_IN_SIZE \
> +	(sizeof(struct tpm_input_header) + sizeof(struct tpm2_getcap_in))
> +
> +static const struct tpm_input_header tpm2_getcap_header = {
> +	.tag = cpu_to_be16(TPM2_ST_NO_SESSIONS),
> +	.length = cpu_to_be32(TPM2_GETCAP_IN_SIZE),
> +	.ordinal = cpu_to_be32(TPM2_CC_GET_CAPABILITY)
> +};
> +
> +/**
> + * tpm2_get_pcr_allocation() - get TPM active PCR banks.
> + *
> + * @chip: TPM chip to use.
> + *
> + * Return: Same as with tpm_transmit_cmd.
> + */
> +ssize_t tpm2_get_pcr_allocation(struct tpm_chip *chip)
> +{
> +	struct tpm2_cmd cmd;
> +	struct tpm2_tpms_pcr_selection pcr_selection;
> +	void *marker;
> +	unsigned int count = 0;
> +	int rc;
> +	int i;
> +
> +	cmd.header.in = tpm2_getcap_header;
> +	cmd.params.getcap_in.cap_id = cpu_to_be32(TPM2_CAP_PCRS);
> +	cmd.params.getcap_in.property_id = cpu_to_be32(0);
> +	cmd.params.getcap_in.property_cnt = cpu_to_be32(1);
> +
> +	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
> +			      "get tpm pcr allocation");
> +	if (rc < 0)
> +		goto out;
> +
> +	count = be32_to_cpu(cmd.params.getcap_out.count);
> +	if (count > TPM2_MAX_PCR_BANKS) {
> +		dev_err(&chip->dev,
> +			"%s: Error: Invalid active PCR banks count\n",

"Error:" is redundant.

> +			__func__);
> +		return -ENODEV;
> +	}
> +
> +	marker = &cmd.params.getcap_out.cap_data;
> +	for (i = 0; i < count; i++) {
> +		memcpy(&pcr_selection, marker, sizeof(pcr_selection));
> +		chip->active_banks[i] = be16_to_cpu(pcr_selection.hash_alg);
> +		marker = marker + sizeof(struct tpm2_tpms_pcr_selection);
> +	}
> +
> +out:
> +	if (count < TPM2_MAX_PCR_BANKS)
> +		chip->active_banks[count] = 0;
> +	return rc;
> +}
> -- 
> 2.5.0

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

Re: [PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[Jarkko Sakkinen]

On Fri, Dec 30, 2016 at 02:02:30PM -0500, Nayna Jain wrote:
> The current TPM 2.0 device driver extends only the SHA1 PCR bank
> but the TCG Specification[1] recommends extending all active PCR
> banks, to prevent malicious users from setting unused PCR banks with
> fake measurements and quoting them.
> 
> The existing in-kernel interface(tpm_pcr_extend()) expects only a
> SHA1 digest.  To extend all active PCR banks with differing
> digest sizes, the SHA1 digest is padded with trailing 0's as needed.
> 
> [1] TPM 2.0 Specification referred here is "TCG PC Client Specific
> Platform Firmware Profile for TPM 2.0"
> 
> Signed-off-by: Nayna Jain <nayna@linux.vnet.ibm.com>

You have to fix the kbuild errors.

/Jarkko

> ---
>  drivers/char/tpm/tpm-interface.c | 16 +++++++++-
>  drivers/char/tpm/tpm.h           |  3 +-
>  drivers/char/tpm/tpm2-cmd.c      | 67 ++++++++++++++++++++++------------------
>  drivers/char/tpm/tpm_eventlog.h  | 15 +++++++++
>  4 files changed, 69 insertions(+), 32 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 769d8b0..04aee1c 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -7,6 +7,7 @@
>   * Dave Safford <safford@watson.ibm.com>
>   * Reiner Sailer <sailer@watson.ibm.com>
>   * Kylene Hall <kjhall@us.ibm.com>
> + * Nayna Jain <nayna@linux.vnet.ibm.com>
>   *
>   * Maintained by: <tpmdd-devel@lists.sourceforge.net>
>   *
> @@ -756,6 +757,7 @@ static const struct tpm_input_header pcrextend_header = {
>  int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  {
>  	struct tpm_cmd_t cmd;
> +	int i;
>  	int rc;
>  	struct tpm_chip *chip;
>  
> @@ -764,7 +766,19 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  		return -ENODEV;
>  
>  	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
> -		rc = tpm2_pcr_extend(chip, pcr_idx, hash);
> +		struct tpml_digest_values d_values;
> +
> +		memset(&d_values, 0, sizeof(d_values));
> +
> +		for (i = 0; (chip->active_banks[i] != 0) &&
> +		     (i < TPM2_MAX_PCR_BANKS); i++) {
> +			d_values.digests[i].alg_id = chip->active_banks[i];
> +			memcpy(d_values.digests[i].digest, hash,
> +			       TPM_DIGEST_SIZE);
> +			d_values.count++;
> +		}
> +
> +		rc = tpm2_pcr_extend(chip, pcr_idx, &d_values);
>  		tpm_put_ops(chip);
>  		return rc;
>  	}
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 3d8121e..1d44a52 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -534,7 +534,8 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
>  #endif
>  
>  int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
> -int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
> +int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
> +		    struct tpml_digest_values *digests);
>  int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
>  int tpm2_seal_trusted(struct tpm_chip *chip,
>  		      struct trusted_key_payload *payload,
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index dd03fd8..93d07bf 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -64,9 +64,7 @@ struct tpm2_pcr_extend_in {
>  	__be32				pcr_idx;
>  	__be32				auth_area_size;
>  	struct tpm2_null_auth_area	auth_area;
> -	__be32				digest_cnt;
> -	__be16				hash_alg;
> -	u8				digest[TPM_DIGEST_SIZE];
> +	struct tpml_digest_values       digests;
>  } __packed;
>  
>  struct tpm2_get_tpm_pt_in {
> @@ -311,46 +309,55 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
>  	return rc;
>  }
>  
> -#define TPM2_GET_PCREXTEND_IN_SIZE \
> -	(sizeof(struct tpm_input_header) + \
> -	 sizeof(struct tpm2_pcr_extend_in))
> -
> -static const struct tpm_input_header tpm2_pcrextend_header = {
> -	.tag = cpu_to_be16(TPM2_ST_SESSIONS),
> -	.length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
> -	.ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
> -};
> -
>  /**
>   * tpm2_pcr_extend() - extend a PCR value
>   *
>   * @chip:	TPM chip to use.
>   * @pcr_idx:	index of the PCR.
> - * @hash:	hash value to use for the extend operation.
> + * @digests:	list of pcr banks and corresponding hash values to be extended.
>   *
>   * Return: Same as with tpm_transmit_cmd.
>   */
> -int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
> +int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
> +		    struct tpml_digest_values *digests)
>  {
> -	struct tpm2_cmd cmd;
> +	struct tpm_buf buf;
> +	struct tpm2_null_auth_area auth_area;
>  	int rc;
> +	int i;
> +	int j;
> +
> +	tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
> +	tpm_buf_append_u32(&buf, pcr_idx);
> +
> +	auth_area.handle = cpu_to_be32(TPM2_RS_PW);
> +	auth_area.nonce_size = 0;
> +	auth_area.attributes = 0;
> +	auth_area.auth_size = 0;
> +
> +	tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
> +	tpm_buf_append(&buf, (const unsigned char *)&auth_area,
> +		       sizeof(auth_area));
> +	tpm_buf_append_u32(&buf, digests->count);
> +
> +	for (i = 0; i < digests->count; i++) {
> +		for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) {
> +			if (digests->digests[i].alg_id !=
> +			    tpm2_hash_map[j].tpm_id)
> +				continue;
> +
> +			tpm_buf_append_u16(&buf, digests->digests[i].alg_id);
> +			tpm_buf_append(&buf, (const unsigned char
> +					      *)&digests->digests[i].digest,
> +			       hash_digest_size[tpm2_hash_map[j].crypto_id]);
> +		}
> +	}
>  
> -	cmd.header.in = tpm2_pcrextend_header;
> -	cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
> -	cmd.params.pcrextend_in.auth_area_size =
> -		cpu_to_be32(sizeof(struct tpm2_null_auth_area));
> -	cmd.params.pcrextend_in.auth_area.handle =
> -		cpu_to_be32(TPM2_RS_PW);
> -	cmd.params.pcrextend_in.auth_area.nonce_size = 0;
> -	cmd.params.pcrextend_in.auth_area.attributes = 0;
> -	cmd.params.pcrextend_in.auth_area.auth_size = 0;
> -	cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1);
> -	cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
> -	memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE);
> -
> -	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
> +	rc = tpm_transmit_cmd(chip, buf.data, tpm_buf_length(&buf), 0,
>  			      "attempting extend a PCR value");
>  
> +	tpm_buf_destroy(&buf);
> +
>  	return rc;
>  }
>  
> diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
> index 1660d74..7d97b51 100644
> --- a/drivers/char/tpm/tpm_eventlog.h
> +++ b/drivers/char/tpm/tpm_eventlog.h
> @@ -2,9 +2,12 @@
>  #ifndef __TPM_EVENTLOG_H__
>  #define __TPM_EVENTLOG_H__
>  
> +#include <crypto/hash_info.h>
> +
>  #define TCG_EVENT_NAME_LEN_MAX	255
>  #define MAX_TEXT_EVENT		1000	/* Max event string length */
>  #define ACPI_TCPA_SIG		"TCPA"	/* 0x41504354 /'TCPA' */
> +#define TPM2_ACTIVE_PCR_BANKS	3
>  
>  #ifdef CONFIG_PPC64
>  #define do_endian_conversion(x) be32_to_cpu(x)
> @@ -73,6 +76,18 @@ enum tcpa_pc_event_ids {
>  	HOST_TABLE_OF_DEVICES,
>  };
>  
> +/* TPM 2.0 Crypto agile algorithm and respective digest. */
> +struct tpmt_ha {
> +	u16 alg_id;
> +	u8 digest[SHA384_DIGEST_SIZE];
> +} __packed;
> +
> +/* TPM 2.0 Crypto agile digests list. */
> +struct tpml_digest_values {
> +	u32 count;
> +	struct tpmt_ha digests[TPM2_ACTIVE_PCR_BANKS];
> +} __packed;
> +
>  #if defined(CONFIG_ACPI)
>  int tpm_read_log_acpi(struct tpm_chip *chip);
>  #else
> -- 
> 2.5.0
> 

Re: [PATCH v2 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

[Jarkko Sakkinen]

On Fri, Dec 30, 2016 at 02:02:30PM -0500, Nayna Jain wrote:
> The current TPM 2.0 device driver extends only the SHA1 PCR bank
> but the TCG Specification[1] recommends extending all active PCR
> banks, to prevent malicious users from setting unused PCR banks with
> fake measurements and quoting them.
> 
> The existing in-kernel interface(tpm_pcr_extend()) expects only a
> SHA1 digest.  To extend all active PCR banks with differing
> digest sizes, the SHA1 digest is padded with trailing 0's as needed.
> 
> [1] TPM 2.0 Specification referred here is "TCG PC Client Specific
> Platform Firmware Profile for TPM 2.0"
> 
> Signed-off-by: Nayna Jain <nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>

You have to fix the kbuild errors.

/Jarkko

> ---
>  drivers/char/tpm/tpm-interface.c | 16 +++++++++-
>  drivers/char/tpm/tpm.h           |  3 +-
>  drivers/char/tpm/tpm2-cmd.c      | 67 ++++++++++++++++++++++------------------
>  drivers/char/tpm/tpm_eventlog.h  | 15 +++++++++
>  4 files changed, 69 insertions(+), 32 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 769d8b0..04aee1c 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -7,6 +7,7 @@
>   * Dave Safford <safford-aZOuKsOsJu3MbYB6QlFGEg@public.gmane.org>
>   * Reiner Sailer <sailer-aZOuKsOsJu3MbYB6QlFGEg@public.gmane.org>
>   * Kylene Hall <kjhall-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
> + * Nayna Jain <nayna-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
>   *
>   * Maintained by: <tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
>   *
> @@ -756,6 +757,7 @@ static const struct tpm_input_header pcrextend_header = {
>  int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  {
>  	struct tpm_cmd_t cmd;
> +	int i;
>  	int rc;
>  	struct tpm_chip *chip;
>  
> @@ -764,7 +766,19 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  		return -ENODEV;
>  
>  	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
> -		rc = tpm2_pcr_extend(chip, pcr_idx, hash);
> +		struct tpml_digest_values d_values;
> +
> +		memset(&d_values, 0, sizeof(d_values));
> +
> +		for (i = 0; (chip->active_banks[i] != 0) &&
> +		     (i < TPM2_MAX_PCR_BANKS); i++) {
> +			d_values.digests[i].alg_id = chip->active_banks[i];
> +			memcpy(d_values.digests[i].digest, hash,
> +			       TPM_DIGEST_SIZE);
> +			d_values.count++;
> +		}
> +
> +		rc = tpm2_pcr_extend(chip, pcr_idx, &d_values);
>  		tpm_put_ops(chip);
>  		return rc;
>  	}
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index 3d8121e..1d44a52 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -534,7 +534,8 @@ static inline void tpm_add_ppi(struct tpm_chip *chip)
>  #endif
>  
>  int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf);
> -int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
> +int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
> +		    struct tpml_digest_values *digests);
>  int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max);
>  int tpm2_seal_trusted(struct tpm_chip *chip,
>  		      struct trusted_key_payload *payload,
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index dd03fd8..93d07bf 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -64,9 +64,7 @@ struct tpm2_pcr_extend_in {
>  	__be32				pcr_idx;
>  	__be32				auth_area_size;
>  	struct tpm2_null_auth_area	auth_area;
> -	__be32				digest_cnt;
> -	__be16				hash_alg;
> -	u8				digest[TPM_DIGEST_SIZE];
> +	struct tpml_digest_values       digests;
>  } __packed;
>  
>  struct tpm2_get_tpm_pt_in {
> @@ -311,46 +309,55 @@ int tpm2_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf)
>  	return rc;
>  }
>  
> -#define TPM2_GET_PCREXTEND_IN_SIZE \
> -	(sizeof(struct tpm_input_header) + \
> -	 sizeof(struct tpm2_pcr_extend_in))
> -
> -static const struct tpm_input_header tpm2_pcrextend_header = {
> -	.tag = cpu_to_be16(TPM2_ST_SESSIONS),
> -	.length = cpu_to_be32(TPM2_GET_PCREXTEND_IN_SIZE),
> -	.ordinal = cpu_to_be32(TPM2_CC_PCR_EXTEND)
> -};
> -
>  /**
>   * tpm2_pcr_extend() - extend a PCR value
>   *
>   * @chip:	TPM chip to use.
>   * @pcr_idx:	index of the PCR.
> - * @hash:	hash value to use for the extend operation.
> + * @digests:	list of pcr banks and corresponding hash values to be extended.
>   *
>   * Return: Same as with tpm_transmit_cmd.
>   */
> -int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash)
> +int tpm2_pcr_extend(struct tpm_chip *chip, int pcr_idx,
> +		    struct tpml_digest_values *digests)
>  {
> -	struct tpm2_cmd cmd;
> +	struct tpm_buf buf;
> +	struct tpm2_null_auth_area auth_area;
>  	int rc;
> +	int i;
> +	int j;
> +
> +	tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_PCR_EXTEND);
> +	tpm_buf_append_u32(&buf, pcr_idx);
> +
> +	auth_area.handle = cpu_to_be32(TPM2_RS_PW);
> +	auth_area.nonce_size = 0;
> +	auth_area.attributes = 0;
> +	auth_area.auth_size = 0;
> +
> +	tpm_buf_append_u32(&buf, sizeof(struct tpm2_null_auth_area));
> +	tpm_buf_append(&buf, (const unsigned char *)&auth_area,
> +		       sizeof(auth_area));
> +	tpm_buf_append_u32(&buf, digests->count);
> +
> +	for (i = 0; i < digests->count; i++) {
> +		for (j = 0; j < ARRAY_SIZE(tpm2_hash_map); j++) {
> +			if (digests->digests[i].alg_id !=
> +			    tpm2_hash_map[j].tpm_id)
> +				continue;
> +
> +			tpm_buf_append_u16(&buf, digests->digests[i].alg_id);
> +			tpm_buf_append(&buf, (const unsigned char
> +					      *)&digests->digests[i].digest,
> +			       hash_digest_size[tpm2_hash_map[j].crypto_id]);
> +		}
> +	}
>  
> -	cmd.header.in = tpm2_pcrextend_header;
> -	cmd.params.pcrextend_in.pcr_idx = cpu_to_be32(pcr_idx);
> -	cmd.params.pcrextend_in.auth_area_size =
> -		cpu_to_be32(sizeof(struct tpm2_null_auth_area));
> -	cmd.params.pcrextend_in.auth_area.handle =
> -		cpu_to_be32(TPM2_RS_PW);
> -	cmd.params.pcrextend_in.auth_area.nonce_size = 0;
> -	cmd.params.pcrextend_in.auth_area.attributes = 0;
> -	cmd.params.pcrextend_in.auth_area.auth_size = 0;
> -	cmd.params.pcrextend_in.digest_cnt = cpu_to_be32(1);
> -	cmd.params.pcrextend_in.hash_alg = cpu_to_be16(TPM2_ALG_SHA1);
> -	memcpy(cmd.params.pcrextend_in.digest, hash, TPM_DIGEST_SIZE);
> -
> -	rc = tpm_transmit_cmd(chip, &cmd, sizeof(cmd), 0,
> +	rc = tpm_transmit_cmd(chip, buf.data, tpm_buf_length(&buf), 0,
>  			      "attempting extend a PCR value");
>  
> +	tpm_buf_destroy(&buf);
> +
>  	return rc;
>  }
>  
> diff --git a/drivers/char/tpm/tpm_eventlog.h b/drivers/char/tpm/tpm_eventlog.h
> index 1660d74..7d97b51 100644
> --- a/drivers/char/tpm/tpm_eventlog.h
> +++ b/drivers/char/tpm/tpm_eventlog.h
> @@ -2,9 +2,12 @@
>  #ifndef __TPM_EVENTLOG_H__
>  #define __TPM_EVENTLOG_H__
>  
> +#include <crypto/hash_info.h>
> +
>  #define TCG_EVENT_NAME_LEN_MAX	255
>  #define MAX_TEXT_EVENT		1000	/* Max event string length */
>  #define ACPI_TCPA_SIG		"TCPA"	/* 0x41504354 /'TCPA' */
> +#define TPM2_ACTIVE_PCR_BANKS	3
>  
>  #ifdef CONFIG_PPC64
>  #define do_endian_conversion(x) be32_to_cpu(x)
> @@ -73,6 +76,18 @@ enum tcpa_pc_event_ids {
>  	HOST_TABLE_OF_DEVICES,
>  };
>  
> +/* TPM 2.0 Crypto agile algorithm and respective digest. */
> +struct tpmt_ha {
> +	u16 alg_id;
> +	u8 digest[SHA384_DIGEST_SIZE];
> +} __packed;
> +
> +/* TPM 2.0 Crypto agile digests list. */
> +struct tpml_digest_values {
> +	u32 count;
> +	struct tpmt_ha digests[TPM2_ACTIVE_PCR_BANKS];
> +} __packed;
> +
>  #if defined(CONFIG_ACPI)
>  int tpm_read_log_acpi(struct tpm_chip *chip);
>  #else
> -- 
> 2.5.0
> 

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot