From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754653AbdCFVIV (ORCPT ); Mon, 6 Mar 2017 16:08:21 -0500 Received: from mga06.intel.com ([134.134.136.31]:57288 "EHLO mga06.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754659AbdCFVIK (ORCPT ); Mon, 6 Mar 2017 16:08:10 -0500 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.35,255,1484035200"; d="scan'208";a="1138701440" Date: Mon, 6 Mar 2017 23:07:44 +0200 From: Jarkko Sakkinen To: tpmdd-devel@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org, James.Bottomley@HansenPartnership.com, dhowells@redhat.com, Jason Gunthorpe , open list Subject: Re: [PATCH v3 0/7] in-kernel resource manager Message-ID: <20170306210744.sqc6xcursbcerfsl@intel.com> References: <20170303151912.14752-1-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170303151912.14752-1-jarkko.sakkinen@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.6.2-neo (2016-08-21) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 03, 2017 at 05:19:01PM +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide an isolated > execution context for transient objects and HMAC and policy sessions. A > space is swapped into TPM volatile memory only when it is used and > swapped out after the use. > > There's a test script for trying out TPM spaces in > > git://git.infradead.org/users/jjs/tpm2-scripts.git > > A simple smoke test suite can be run by > > sudo python -m unittest -v tpm2_smoke.SpaceTest > > v3: > * Reverted back to /dev/tpmrm0 that was actually James' original > proposal. It's the most pragmatic choice as it cannot be mixed > with other TPM 2.0 and kernel idioms easily. > > v2: > * Substitute virtual handle in ContextSave. > * Substitute virtual handles in GetCapability. > * Validate that the real response length and the one reported in the > header match in tpm_transmit(). > > > James Bottomley (3): > tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c > tpm: expose spaces via a device link /dev/tpmrm > tpm2: add session handle context saving and restoring to the space > code > > Jarkko Sakkinen (4): > tpm: move length validation to tpm_transmit() > tpm: validate TPM 2.0 commands > tpm: export tpm2_flush_context_cmd > tpm: infrastructure for TPM spaces > > drivers/char/tpm/Makefile | 3 +- > drivers/char/tpm/tpm-chip.c | 71 ++++- > drivers/char/tpm/tpm-dev-common.c | 148 +++++++++++ > drivers/char/tpm/tpm-dev.c | 143 +--------- > drivers/char/tpm/tpm-dev.h | 27 ++ > drivers/char/tpm/tpm-interface.c | 131 +++++++--- > drivers/char/tpm/tpm-sysfs.c | 2 +- > drivers/char/tpm/tpm.h | 49 +++- > drivers/char/tpm/tpm2-cmd.c | 173 +++++++++---- > drivers/char/tpm/tpm2-space.c | 532 ++++++++++++++++++++++++++++++++++++++ > drivers/char/tpm/tpmrm-dev.c | 65 +++++ > 11 files changed, 1123 insertions(+), 221 deletions(-) > create mode 100644 drivers/char/tpm/tpm-dev-common.c > create mode 100644 drivers/char/tpm/tpm-dev.h > create mode 100644 drivers/char/tpm/tpm2-space.c > create mode 100644 drivers/char/tpm/tpmrm-dev.c > > -- > 2.9.3 > Should I put this available to linux-next? I would think it would make sense. I'm still looking forward to get more reviewed-by's and tested-by's but that way it might be easier to get those... /Jarkko From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jarkko Sakkinen Subject: Re: [PATCH v3 0/7] in-kernel resource manager Date: Mon, 6 Mar 2017 23:07:44 +0200 Message-ID: <20170306210744.sqc6xcursbcerfsl@intel.com> References: <20170303151912.14752-1-jarkko.sakkinen@linux.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20170303151912.14752-1-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Cc: James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org, dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org, linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, open list List-Id: tpmdd-devel@lists.sourceforge.net On Fri, Mar 03, 2017 at 05:19:01PM +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide an isolated > execution context for transient objects and HMAC and policy sessions. A > space is swapped into TPM volatile memory only when it is used and > swapped out after the use. > > There's a test script for trying out TPM spaces in > > git://git.infradead.org/users/jjs/tpm2-scripts.git > > A simple smoke test suite can be run by > > sudo python -m unittest -v tpm2_smoke.SpaceTest > > v3: > * Reverted back to /dev/tpmrm0 that was actually James' original > proposal. It's the most pragmatic choice as it cannot be mixed > with other TPM 2.0 and kernel idioms easily. > > v2: > * Substitute virtual handle in ContextSave. > * Substitute virtual handles in GetCapability. > * Validate that the real response length and the one reported in the > header match in tpm_transmit(). > > > James Bottomley (3): > tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c > tpm: expose spaces via a device link /dev/tpmrm > tpm2: add session handle context saving and restoring to the space > code > > Jarkko Sakkinen (4): > tpm: move length validation to tpm_transmit() > tpm: validate TPM 2.0 commands > tpm: export tpm2_flush_context_cmd > tpm: infrastructure for TPM spaces > > drivers/char/tpm/Makefile | 3 +- > drivers/char/tpm/tpm-chip.c | 71 ++++- > drivers/char/tpm/tpm-dev-common.c | 148 +++++++++++ > drivers/char/tpm/tpm-dev.c | 143 +--------- > drivers/char/tpm/tpm-dev.h | 27 ++ > drivers/char/tpm/tpm-interface.c | 131 +++++++--- > drivers/char/tpm/tpm-sysfs.c | 2 +- > drivers/char/tpm/tpm.h | 49 +++- > drivers/char/tpm/tpm2-cmd.c | 173 +++++++++---- > drivers/char/tpm/tpm2-space.c | 532 ++++++++++++++++++++++++++++++++++++++ > drivers/char/tpm/tpmrm-dev.c | 65 +++++ > 11 files changed, 1123 insertions(+), 221 deletions(-) > create mode 100644 drivers/char/tpm/tpm-dev-common.c > create mode 100644 drivers/char/tpm/tpm-dev.h > create mode 100644 drivers/char/tpm/tpm2-space.c > create mode 100644 drivers/char/tpm/tpmrm-dev.c > > -- > 2.9.3 > Should I put this available to linux-next? I would think it would make sense. I'm still looking forward to get more reviewed-by's and tested-by's but that way it might be easier to get those... /Jarkko ------------------------------------------------------------------------------ Announcing the Oxford Dictionaries API! The API offers world-renowned dictionary content that is easy and intuitive to access. Sign up for an account today to start using our lexical data to power your apps and projects. Get started today and enter our developer competition. http://sdm.link/oxford