[GIT PULL] tpmdd updates for v4.16

[GIT PULL] tpmdd updates for v4.16

[Jarkko Sakkinen]

Hi James,

Sorry for a late PR.

Summary of the content:

* Reduced polling delays in tpm_tis.
* Support for retrieving TPM 2.0 Event Log through EFI before
  ExitBootServices.
* Replaced tpm-rng.c with a hwrng device managed by the driver for each
  TPM device.
* TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
  of returning -EINVAL for unknown TPM commands. This makes user space
  more sound.
* CLKRUN fixes:
  * Keep #CLKRUN disable through the entier TPM command/response flow.
  * Check whether #CLKRUN is enabled before disabling and enabling it
    again because enabling it breaks PS/2 devices on a system where it
    is disabled.

/Jarkko

The following changes since commit d21bd6898336a7892914d308d5e0868f0b863571:

  Sync to v4.15-rc3 for security subsystem developers to work against. (2017-12-11 17:01:08 +1100)

are available in the git repository at:

  git://git.infradead.org/users/jjs/linux-tpmdd.git tags/tpmdd-next-20180108

for you to fetch changes up to 68021bf4734d15c9a9ed1c1072b9ebcfda3e39cc:

  tpm: remove unused variables (2018-01-08 12:58:54 +0200)

----------------------------------------------------------------
tpmdd updates for Linux 4.16

----------------------------------------------------------------
Alexander.Steffen@infineon.com (1):
      tpm2-cmd: allow more attempts for selftest execution

Arnd Bergmann (1):
      tpm: remove unused variables

Azhar Shaikh (2):
      tpm_tis: Move ilb_base_addr to tpm_tis_data
      tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()

Jarkko Sakkinen (1):
      tpm: use struct tpm_chip for tpm_chip_find_get()

Jason Gunthorpe (2):
      tpm: Move Linux RNG connection to hwrng
      tpm: Update MAINTAINERS for Jason Gunthorpe

Javier Martinez Canillas (5):
      tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
      tpm: delete the TPM_TIS_CLK_ENABLE flag
      tpm: follow coding style for variable declaration in tpm_tis_core_init()
      tpm: only attempt to disable the LPC CLKRUN if is already enabled
      tpm: remove unused data fields from I2C and OF device ID tables

Nayna Jain (3):
      tpm: move wait_for_tpm_stat() to respective driver files
      tpm: reduce tpm polling delay in tpm_tis_core
      tpm: use tpm_msleep() value as max delay

Thiebaud Weksteen (5):
      tpm: move tpm_eventlog.h outside of drivers folder
      tpm: rename event log provider files
      tpm: add event log format version
      efi: call get_event_log before ExitBootServices
      tpm: parse TPM event logs based on EFI table

 MAINTAINERS                                        |   3 +-
 arch/x86/boot/compressed/eboot.c                   |   1 +
 drivers/char/hw_random/Kconfig                     |  13 --
 drivers/char/hw_random/Makefile                    |   1 -
 drivers/char/hw_random/tpm-rng.c                   |  50 -----
 drivers/char/tpm/Kconfig                           |  11 +
 drivers/char/tpm/Makefile                          |   5 +-
 drivers/char/tpm/tpm-chip.c                        |  67 ++++--
 drivers/char/tpm/tpm-interface.c                   | 231 +++++++++------------
 drivers/char/tpm/tpm.h                             |  52 ++++-
 drivers/char/tpm/tpm1_eventlog.c                   |  13 +-
 drivers/char/tpm/tpm2-cmd.c                        |  12 +-
 drivers/char/tpm/tpm2_eventlog.c                   |   2 +-
 .../char/tpm/{tpm_acpi.c => tpm_eventlog_acpi.c}   |   4 +-
 drivers/char/tpm/tpm_eventlog_efi.c                |  66 ++++++
 drivers/char/tpm/{tpm_of.c => tpm_eventlog_of.c}   |   6 +-
 drivers/char/tpm/tpm_i2c_infineon.c                |  27 +--
 drivers/char/tpm/tpm_tis.c                         | 108 ----------
 drivers/char/tpm/tpm_tis_core.c                    | 193 ++++++++++++++++-
 drivers/char/tpm/tpm_tis_core.h                    |  16 ++
 drivers/char/tpm/xen-tpmfront.c                    |  61 ++++++
 drivers/firmware/efi/Makefile                      |   2 +-
 drivers/firmware/efi/efi.c                         |   4 +
 drivers/firmware/efi/libstub/Makefile              |   3 +-
 drivers/firmware/efi/libstub/tpm.c                 |  81 ++++++++
 drivers/firmware/efi/tpm.c                         |  40 ++++
 include/linux/efi.h                                |  46 ++++
 include/linux/tpm.h                                |  39 ++--
 {drivers/char/tpm => include/linux}/tpm_eventlog.h |  34 +--
 security/integrity/ima/ima_crypto.c                |   2 +-
 security/integrity/ima/ima_init.c                  |   2 +-
 security/integrity/ima/ima_queue.c                 |   2 +-
 security/keys/trusted.c                            |  35 ++--
 33 files changed, 789 insertions(+), 443 deletions(-)
 delete mode 100644 drivers/char/hw_random/tpm-rng.c
 rename drivers/char/tpm/{tpm_acpi.c => tpm_eventlog_acpi.c} (97%)
 create mode 100644 drivers/char/tpm/tpm_eventlog_efi.c
 rename drivers/char/tpm/{tpm_of.c => tpm_eventlog_of.c} (93%)
 create mode 100644 drivers/firmware/efi/tpm.c
 rename {drivers/char/tpm => include/linux}/tpm_eventlog.h (78%)

[GIT PULL] tpmdd updates for v4.16

[Jarkko Sakkinen]

Hi James,

Sorry for a late PR.

Summary of the content:

* Reduced polling delays in tpm_tis.
* Support for retrieving TPM 2.0 Event Log through EFI before
  ExitBootServices.
* Replaced tpm-rng.c with a hwrng device managed by the driver for each
  TPM device.
* TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
  of returning -EINVAL for unknown TPM commands. This makes user space
  more sound.
* CLKRUN fixes:
  * Keep #CLKRUN disable through the entier TPM command/response flow.
  * Check whether #CLKRUN is enabled before disabling and enabling it
    again because enabling it breaks PS/2 devices on a system where it
    is disabled.

/Jarkko

The following changes since commit d21bd6898336a7892914d308d5e0868f0b863571:

  Sync to v4.15-rc3 for security subsystem developers to work against. (2017-12-11 17:01:08 +1100)

are available in the git repository at:

  git://git.infradead.org/users/jjs/linux-tpmdd.git tags/tpmdd-next-20180108

for you to fetch changes up to 68021bf4734d15c9a9ed1c1072b9ebcfda3e39cc:

  tpm: remove unused variables (2018-01-08 12:58:54 +0200)

----------------------------------------------------------------
tpmdd updates for Linux 4.16

----------------------------------------------------------------
Alexander.Steffen at infineon.com (1):
      tpm2-cmd: allow more attempts for selftest execution

Arnd Bergmann (1):
      tpm: remove unused variables

Azhar Shaikh (2):
      tpm_tis: Move ilb_base_addr to tpm_tis_data
      tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()

Jarkko Sakkinen (1):
      tpm: use struct tpm_chip for tpm_chip_find_get()

Jason Gunthorpe (2):
      tpm: Move Linux RNG connection to hwrng
      tpm: Update MAINTAINERS for Jason Gunthorpe

Javier Martinez Canillas (5):
      tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
      tpm: delete the TPM_TIS_CLK_ENABLE flag
      tpm: follow coding style for variable declaration in tpm_tis_core_init()
      tpm: only attempt to disable the LPC CLKRUN if is already enabled
      tpm: remove unused data fields from I2C and OF device ID tables

Nayna Jain (3):
      tpm: move wait_for_tpm_stat() to respective driver files
      tpm: reduce tpm polling delay in tpm_tis_core
      tpm: use tpm_msleep() value as max delay

Thiebaud Weksteen (5):
      tpm: move tpm_eventlog.h outside of drivers folder
      tpm: rename event log provider files
      tpm: add event log format version
      efi: call get_event_log before ExitBootServices
      tpm: parse TPM event logs based on EFI table

 MAINTAINERS                                        |   3 +-
 arch/x86/boot/compressed/eboot.c                   |   1 +
 drivers/char/hw_random/Kconfig                     |  13 --
 drivers/char/hw_random/Makefile                    |   1 -
 drivers/char/hw_random/tpm-rng.c                   |  50 -----
 drivers/char/tpm/Kconfig                           |  11 +
 drivers/char/tpm/Makefile                          |   5 +-
 drivers/char/tpm/tpm-chip.c                        |  67 ++++--
 drivers/char/tpm/tpm-interface.c                   | 231 +++++++++------------
 drivers/char/tpm/tpm.h                             |  52 ++++-
 drivers/char/tpm/tpm1_eventlog.c                   |  13 +-
 drivers/char/tpm/tpm2-cmd.c                        |  12 +-
 drivers/char/tpm/tpm2_eventlog.c                   |   2 +-
 .../char/tpm/{tpm_acpi.c => tpm_eventlog_acpi.c}   |   4 +-
 drivers/char/tpm/tpm_eventlog_efi.c                |  66 ++++++
 drivers/char/tpm/{tpm_of.c => tpm_eventlog_of.c}   |   6 +-
 drivers/char/tpm/tpm_i2c_infineon.c                |  27 +--
 drivers/char/tpm/tpm_tis.c                         | 108 ----------
 drivers/char/tpm/tpm_tis_core.c                    | 193 ++++++++++++++++-
 drivers/char/tpm/tpm_tis_core.h                    |  16 ++
 drivers/char/tpm/xen-tpmfront.c                    |  61 ++++++
 drivers/firmware/efi/Makefile                      |   2 +-
 drivers/firmware/efi/efi.c                         |   4 +
 drivers/firmware/efi/libstub/Makefile              |   3 +-
 drivers/firmware/efi/libstub/tpm.c                 |  81 ++++++++
 drivers/firmware/efi/tpm.c                         |  40 ++++
 include/linux/efi.h                                |  46 ++++
 include/linux/tpm.h                                |  39 ++--
 {drivers/char/tpm => include/linux}/tpm_eventlog.h |  34 +--
 security/integrity/ima/ima_crypto.c                |   2 +-
 security/integrity/ima/ima_init.c                  |   2 +-
 security/integrity/ima/ima_queue.c                 |   2 +-
 security/keys/trusted.c                            |  35 ++--
 33 files changed, 789 insertions(+), 443 deletions(-)
 delete mode 100644 drivers/char/hw_random/tpm-rng.c
 rename drivers/char/tpm/{tpm_acpi.c => tpm_eventlog_acpi.c} (97%)
 create mode 100644 drivers/char/tpm/tpm_eventlog_efi.c
 rename drivers/char/tpm/{tpm_of.c => tpm_eventlog_of.c} (93%)
 create mode 100644 drivers/firmware/efi/tpm.c
 rename {drivers/char/tpm => include/linux}/tpm_eventlog.h (78%)
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [GIT PULL] tpmdd updates for v4.16

[James Morris]

On Mon, 8 Jan 2018, Jarkko Sakkinen wrote:

> Hi James,
> 
> Sorry for a late PR.
> 
> Summary of the content:
> 
> * Reduced polling delays in tpm_tis.
> * Support for retrieving TPM 2.0 Event Log through EFI before
>   ExitBootServices.
> * Replaced tpm-rng.c with a hwrng device managed by the driver for each
>   TPM device.
> * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
>   of returning -EINVAL for unknown TPM commands. This makes user space
>   more sound.
> * CLKRUN fixes:
>   * Keep #CLKRUN disable through the entier TPM command/response flow.
>   * Check whether #CLKRUN is enabled before disabling and enabling it
>     again because enabling it breaks PS/2 devices on a system where it
>     is disabled.
> 

Thanks, merged to:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
	next-tpm
	next-testing


-- 
James Morris
<james.l.morris@oracle.com>

[GIT PULL] tpmdd updates for v4.16

[James Morris]

On Mon, 8 Jan 2018, Jarkko Sakkinen wrote:

> Hi James,
> 
> Sorry for a late PR.
> 
> Summary of the content:
> 
> * Reduced polling delays in tpm_tis.
> * Support for retrieving TPM 2.0 Event Log through EFI before
>   ExitBootServices.
> * Replaced tpm-rng.c with a hwrng device managed by the driver for each
>   TPM device.
> * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
>   of returning -EINVAL for unknown TPM commands. This makes user space
>   more sound.
> * CLKRUN fixes:
>   * Keep #CLKRUN disable through the entier TPM command/response flow.
>   * Check whether #CLKRUN is enabled before disabling and enabling it
>     again because enabling it breaks PS/2 devices on a system where it
>     is disabled.
> 

Thanks, merged to:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
	next-tpm
	next-testing


-- 
James Morris
<james.l.morris@oracle.com>

--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [GIT PULL] tpmdd updates for v4.16

[Alexander Steffen]

On 08.01.2018 12:18, Jarkko Sakkinen wrote:
> Hi James,
> 
> Sorry for a late PR.
> 
> Summary of the content:
> 
> * Reduced polling delays in tpm_tis.
> * Support for retrieving TPM 2.0 Event Log through EFI before
>    ExitBootServices.
> * Replaced tpm-rng.c with a hwrng device managed by the driver for each
>    TPM device.
> * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
>    of returning -EINVAL for unknown TPM commands. This makes user space
>    more sound.
> * CLKRUN fixes:
>    * Keep #CLKRUN disable through the entier TPM command/response flow.
>    * Check whether #CLKRUN is enabled before disabling and enabling it
>      again because enabling it breaks PS/2 devices on a system where it
>      is disabled.

I just spent some time trying to run all that (tpmdd-next-20180108) 
through my test system and hit a couple of non-TPM problems. In case you 
see similar issues, this is what I found out:

1. rmmod for the TPM driver hangs indefinitely. The TPM driver now 
registers itself as a hwrng, but in case it is the only hwrng in a 
system, the call to hwrng_unregister never returns. Known bug, but still 
not fixed in 4.15-rc7 (see 
https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg29884.html 
for details).

2. Raspberry Pis (which I use to test tpm_tis_spi and tpm_i2c_infineon) 
boot with that kernel, but have no USB or ethernet support. Also a known 
problem 
(http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552280.html).

3. Device tree overlays with references to non-existent target-paths are 
rejected now (whereas before the invalid parts were just ignored). I 
guess this is an intentional change, but the error message does not 
really point to the problem (applying the overlay just returns with EINVAL).

With all that fixed in my environment, my tests now pass successfully.

Alexander

[GIT PULL] tpmdd updates for v4.16

[Alexander Steffen]

On 08.01.2018 12:18, Jarkko Sakkinen wrote:
> Hi James,
> 
> Sorry for a late PR.
> 
> Summary of the content:
> 
> * Reduced polling delays in tpm_tis.
> * Support for retrieving TPM 2.0 Event Log through EFI before
>    ExitBootServices.
> * Replaced tpm-rng.c with a hwrng device managed by the driver for each
>    TPM device.
> * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
>    of returning -EINVAL for unknown TPM commands. This makes user space
>    more sound.
> * CLKRUN fixes:
>    * Keep #CLKRUN disable through the entier TPM command/response flow.
>    * Check whether #CLKRUN is enabled before disabling and enabling it
>      again because enabling it breaks PS/2 devices on a system where it
>      is disabled.

I just spent some time trying to run all that (tpmdd-next-20180108) 
through my test system and hit a couple of non-TPM problems. In case you 
see similar issues, this is what I found out:

1. rmmod for the TPM driver hangs indefinitely. The TPM driver now 
registers itself as a hwrng, but in case it is the only hwrng in a 
system, the call to hwrng_unregister never returns. Known bug, but still 
not fixed in 4.15-rc7 (see 
https://www.mail-archive.com/linux-crypto at vger.kernel.org/msg29884.html 
for details).

2. Raspberry Pis (which I use to test tpm_tis_spi and tpm_i2c_infineon) 
boot with that kernel, but have no USB or ethernet support. Also a known 
problem 
(http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552280.html).

3. Device tree overlays with references to non-existent target-paths are 
rejected now (whereas before the invalid parts were just ignored). I 
guess this is an intentional change, but the error message does not 
really point to the problem (applying the overlay just returns with EINVAL).

With all that fixed in my environment, my tests now pass successfully.

Alexander
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [GIT PULL] tpmdd updates for v4.16

[Jarkko Sakkinen]

On Tue, Jan 09, 2018 at 10:59:07AM +0100, Alexander Steffen wrote:
> On 08.01.2018 12:18, Jarkko Sakkinen wrote:
> > Hi James,
> > 
> > Sorry for a late PR.
> > 
> > Summary of the content:
> > 
> > * Reduced polling delays in tpm_tis.
> > * Support for retrieving TPM 2.0 Event Log through EFI before
> >    ExitBootServices.
> > * Replaced tpm-rng.c with a hwrng device managed by the driver for each
> >    TPM device.
> > * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
> >    of returning -EINVAL for unknown TPM commands. This makes user space
> >    more sound.
> > * CLKRUN fixes:
> >    * Keep #CLKRUN disable through the entier TPM command/response flow.
> >    * Check whether #CLKRUN is enabled before disabling and enabling it
> >      again because enabling it breaks PS/2 devices on a system where it
> >      is disabled.
> 
> I just spent some time trying to run all that (tpmdd-next-20180108) through
> my test system and hit a couple of non-TPM problems. In case you see similar
> issues, this is what I found out:
> 
> 1. rmmod for the TPM driver hangs indefinitely. The TPM driver now registers
> itself as a hwrng, but in case it is the only hwrng in a system, the call to
> hwrng_unregister never returns. Known bug, but still not fixed in 4.15-rc7
> (see https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg29884.html
> for details).
> 
> 2. Raspberry Pis (which I use to test tpm_tis_spi and
> tpm_i2c_infineon) boot with that kernel, but have no USB or ethernet
> support. Also a known problem
> (http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552280.html).
> 
> 3. Device tree overlays with references to non-existent target-paths are
> rejected now (whereas before the invalid parts were just ignored). I guess
> this is an intentional change, but the error message does not really point
> to the problem (applying the overlay just returns with EINVAL).

Do we have these?

> With all that fixed in my environment, my tests now pass successfully.
> 
> Alexander

Thank you for reporting these issues.

/Jarkko

[GIT PULL] tpmdd updates for v4.16

[Jarkko Sakkinen]

On Tue, Jan 09, 2018 at 10:59:07AM +0100, Alexander Steffen wrote:
> On 08.01.2018 12:18, Jarkko Sakkinen wrote:
> > Hi James,
> > 
> > Sorry for a late PR.
> > 
> > Summary of the content:
> > 
> > * Reduced polling delays in tpm_tis.
> > * Support for retrieving TPM 2.0 Event Log through EFI before
> >    ExitBootServices.
> > * Replaced tpm-rng.c with a hwrng device managed by the driver for each
> >    TPM device.
> > * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
> >    of returning -EINVAL for unknown TPM commands. This makes user space
> >    more sound.
> > * CLKRUN fixes:
> >    * Keep #CLKRUN disable through the entier TPM command/response flow.
> >    * Check whether #CLKRUN is enabled before disabling and enabling it
> >      again because enabling it breaks PS/2 devices on a system where it
> >      is disabled.
> 
> I just spent some time trying to run all that (tpmdd-next-20180108) through
> my test system and hit a couple of non-TPM problems. In case you see similar
> issues, this is what I found out:
> 
> 1. rmmod for the TPM driver hangs indefinitely. The TPM driver now registers
> itself as a hwrng, but in case it is the only hwrng in a system, the call to
> hwrng_unregister never returns. Known bug, but still not fixed in 4.15-rc7
> (see https://www.mail-archive.com/linux-crypto at vger.kernel.org/msg29884.html
> for details).
> 
> 2. Raspberry Pis (which I use to test tpm_tis_spi and
> tpm_i2c_infineon) boot with that kernel, but have no USB or ethernet
> support. Also a known problem
> (http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552280.html).
> 
> 3. Device tree overlays with references to non-existent target-paths are
> rejected now (whereas before the invalid parts were just ignored). I guess
> this is an intentional change, but the error message does not really point
> to the problem (applying the overlay just returns with EINVAL).

Do we have these?

> With all that fixed in my environment, my tests now pass successfully.
> 
> Alexander

Thank you for reporting these issues.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [GIT PULL] tpmdd updates for v4.16

[Jarkko Sakkinen]

On Tue, Jan 09, 2018 at 11:42:16AM +1100, James Morris wrote:
> On Mon, 8 Jan 2018, Jarkko Sakkinen wrote:
> 
> > Hi James,
> > 
> > Sorry for a late PR.
> > 
> > Summary of the content:
> > 
> > * Reduced polling delays in tpm_tis.
> > * Support for retrieving TPM 2.0 Event Log through EFI before
> >   ExitBootServices.
> > * Replaced tpm-rng.c with a hwrng device managed by the driver for each
> >   TPM device.
> > * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
> >   of returning -EINVAL for unknown TPM commands. This makes user space
> >   more sound.
> > * CLKRUN fixes:
> >   * Keep #CLKRUN disable through the entier TPM command/response flow.
> >   * Check whether #CLKRUN is enabled before disabling and enabling it
> >     again because enabling it breaks PS/2 devices on a system where it
> >     is disabled.
> > 
> 
> Thanks, merged to:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> 	next-tpm
> 	next-testing

Thank you. We'll follow the issues that Alexander described.

/Jarkko

[GIT PULL] tpmdd updates for v4.16

[Jarkko Sakkinen]

On Tue, Jan 09, 2018 at 11:42:16AM +1100, James Morris wrote:
> On Mon, 8 Jan 2018, Jarkko Sakkinen wrote:
> 
> > Hi James,
> > 
> > Sorry for a late PR.
> > 
> > Summary of the content:
> > 
> > * Reduced polling delays in tpm_tis.
> > * Support for retrieving TPM 2.0 Event Log through EFI before
> >   ExitBootServices.
> > * Replaced tpm-rng.c with a hwrng device managed by the driver for each
> >   TPM device.
> > * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
> >   of returning -EINVAL for unknown TPM commands. This makes user space
> >   more sound.
> > * CLKRUN fixes:
> >   * Keep #CLKRUN disable through the entier TPM command/response flow.
> >   * Check whether #CLKRUN is enabled before disabling and enabling it
> >     again because enabling it breaks PS/2 devices on a system where it
> >     is disabled.
> > 
> 
> Thanks, merged to:
> 
> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git
> 	next-tpm
> 	next-testing

Thank you. We'll follow the issues that Alexander described.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [GIT PULL] tpmdd updates for v4.16

[Alexander Steffen]

On 10.01.2018 17:08, Jarkko Sakkinen wrote:
> On Tue, Jan 09, 2018 at 10:59:07AM +0100, Alexander Steffen wrote:
>> On 08.01.2018 12:18, Jarkko Sakkinen wrote:
>>> Hi James,
>>>
>>> Sorry for a late PR.
>>>
>>> Summary of the content:
>>>
>>> * Reduced polling delays in tpm_tis.
>>> * Support for retrieving TPM 2.0 Event Log through EFI before
>>>     ExitBootServices.
>>> * Replaced tpm-rng.c with a hwrng device managed by the driver for each
>>>     TPM device.
>>> * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
>>>     of returning -EINVAL for unknown TPM commands. This makes user space
>>>     more sound.
>>> * CLKRUN fixes:
>>>     * Keep #CLKRUN disable through the entier TPM command/response flow.
>>>     * Check whether #CLKRUN is enabled before disabling and enabling it
>>>       again because enabling it breaks PS/2 devices on a system where it
>>>       is disabled.
>>
>> I just spent some time trying to run all that (tpmdd-next-20180108) through
>> my test system and hit a couple of non-TPM problems. In case you see similar
>> issues, this is what I found out:
>>
>> 1. rmmod for the TPM driver hangs indefinitely. The TPM driver now registers
>> itself as a hwrng, but in case it is the only hwrng in a system, the call to
>> hwrng_unregister never returns. Known bug, but still not fixed in 4.15-rc7
>> (see https://www.mail-archive.com/linux-crypto@vger.kernel.org/msg29884.html
>> for details).
>>
>> 2. Raspberry Pis (which I use to test tpm_tis_spi and
>> tpm_i2c_infineon) boot with that kernel, but have no USB or ethernet
>> support. Also a known problem
>> (http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552280.html).
>>
>> 3. Device tree overlays with references to non-existent target-paths are
>> rejected now (whereas before the invalid parts were just ignored). I guess
>> this is an intentional change, but the error message does not really point
>> to the problem (applying the overlay just returns with EINVAL).
> 
> Do we have these?

No, otherwise I would have sent a fix :)

It is just something that I used for my tests: I had an overlay that I 
could use for both the mainline kernel and the RPi kernel. On the RPi 
kernel it would deactivate the spidev entry, so that tpm_tis_spi was 
able to use the device. On the mainline kernel, there is no spidev in 
the device tree, so this part is not necessary and I simply removed it 
now to fix the problem (I'm not using the RPi kernels anymore).

Alexander

>> With all that fixed in my environment, my tests now pass successfully.
>>
>> Alexander
> 
> Thank you for reporting these issues.
> 
> /Jarkko

[GIT PULL] tpmdd updates for v4.16

[Alexander Steffen]

On 10.01.2018 17:08, Jarkko Sakkinen wrote:
> On Tue, Jan 09, 2018 at 10:59:07AM +0100, Alexander Steffen wrote:
>> On 08.01.2018 12:18, Jarkko Sakkinen wrote:
>>> Hi James,
>>>
>>> Sorry for a late PR.
>>>
>>> Summary of the content:
>>>
>>> * Reduced polling delays in tpm_tis.
>>> * Support for retrieving TPM 2.0 Event Log through EFI before
>>>     ExitBootServices.
>>> * Replaced tpm-rng.c with a hwrng device managed by the driver for each
>>>     TPM device.
>>> * TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
>>>     of returning -EINVAL for unknown TPM commands. This makes user space
>>>     more sound.
>>> * CLKRUN fixes:
>>>     * Keep #CLKRUN disable through the entier TPM command/response flow.
>>>     * Check whether #CLKRUN is enabled before disabling and enabling it
>>>       again because enabling it breaks PS/2 devices on a system where it
>>>       is disabled.
>>
>> I just spent some time trying to run all that (tpmdd-next-20180108) through
>> my test system and hit a couple of non-TPM problems. In case you see similar
>> issues, this is what I found out:
>>
>> 1. rmmod for the TPM driver hangs indefinitely. The TPM driver now registers
>> itself as a hwrng, but in case it is the only hwrng in a system, the call to
>> hwrng_unregister never returns. Known bug, but still not fixed in 4.15-rc7
>> (see https://www.mail-archive.com/linux-crypto at vger.kernel.org/msg29884.html
>> for details).
>>
>> 2. Raspberry Pis (which I use to test tpm_tis_spi and
>> tpm_i2c_infineon) boot with that kernel, but have no USB or ethernet
>> support. Also a known problem
>> (http://lists.infradead.org/pipermail/linux-arm-kernel/2018-January/552280.html).
>>
>> 3. Device tree overlays with references to non-existent target-paths are
>> rejected now (whereas before the invalid parts were just ignored). I guess
>> this is an intentional change, but the error message does not really point
>> to the problem (applying the overlay just returns with EINVAL).
> 
> Do we have these?

No, otherwise I would have sent a fix :)

It is just something that I used for my tests: I had an overlay that I 
could use for both the mainline kernel and the RPi kernel. On the RPi 
kernel it would deactivate the spidev entry, so that tpm_tis_spi was 
able to use the device. On the mainline kernel, there is no spidev in 
the device tree, so this part is not necessary and I simply removed it 
now to fix the problem (I'm not using the RPi kernels anymore).

Alexander

>> With all that fixed in my environment, my tests now pass successfully.
>>
>> Alexander
> 
> Thank you for reporting these issues.
> 
> /Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html