From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-integrity@vger.kernel.org,
James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
stable@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 1/5] tpm: fix intermittent failure with self tests
Date: Mon, 12 Mar 2018 11:13:00 +0000 [thread overview]
Message-ID: <20180312111300.GB7448@linux.intel.com> (raw)
In-Reply-To: <20180305165614.5469-2-jarkko.sakkinen@linux.intel.com>
On Mon, Mar 05, 2018 at 06:56:10PM +0200, Jarkko Sakkinen wrote:
> From: James Bottomley <James.Bottomley@HansenPartnership.com>
>
> My Nuvoton 6xx in a Dell XPS-13 has been intermittently failing to work
> (necessitating a reboot). The problem seems to be that the TPM gets into a
> state where the partial self-test doesn't return TPM_RC_SUCCESS (meaning
> all tests have run to completion), but instead returns TPM_RC_TESTING
> (meaning some tests are still running in the background). There are
> various theories that resending the self-test command actually causes the
> tests to restart and thus triggers more TPM_RC_TESTING returns until the
> timeout is exceeded.
>
> There are several issues here: firstly being we shouldn't slow down the
> boot sequence waiting for the self test to complete once the TPM
> backgrounds them. It will actually make available all functions that have
> passed and if it gets a failure return TPM_RC_FAILURE to every subsequent
> command. So the fix is to kick off self tests once and if they return
> TPM_RC_TESTING log that as a backgrounded self test and continue on. In
> order to prevent other tpm users from seeing any TPM_RC_TESTING returns
> (which it might if they send a command that needs a TPM subsystem which is
> still under test), we loop in tpm_transmit_cmd until either a timeout or we
> don't get a TPM_RC_TESTING return.
>
> Finally, there have been observations of strange returns from a partial
> test. One Nuvoton is occasionally returning TPM_RC_COMMAND_CODE, so treat
> any unexpected return from a partial self test as an indication we need to
> run a full self test.
>
> [jarkko.sakkinen@linux.intel.com: cleaned up James' original commit and
> added a proper Fixes line]
>
> Fixes: 2482b1bba5122 ("tpm: Trigger only missing TPM 2.0 self tests")
> Cc: stable@vger.kernel.org
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> Tested-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Already applied to my master (bleeding edge) branch in order to
facilitate testing/review:
git://git.infradead.org/users/jjs/linux-tpmdd.git
I also rewrote the description of the updatesthat I did to this commit
to be more precise (see the commit msg in my GIT tree). If it turns out
that some klog would make a huge difference I'm willing to consider that
later but lets go with this for now.
I'll also send an updated tpm_buf patch set with this one dropped soon.
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: linux-integrity@vger.kernel.org,
James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
stable@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v3 1/5] tpm: fix intermittent failure with self tests
Date: Mon, 12 Mar 2018 13:13:00 +0200 [thread overview]
Message-ID: <20180312111300.GB7448@linux.intel.com> (raw)
In-Reply-To: <20180305165614.5469-2-jarkko.sakkinen@linux.intel.com>
On Mon, Mar 05, 2018 at 06:56:10PM +0200, Jarkko Sakkinen wrote:
> From: James Bottomley <James.Bottomley@HansenPartnership.com>
>
> My Nuvoton 6xx in a Dell XPS-13 has been intermittently failing to work
> (necessitating a reboot). The problem seems to be that the TPM gets into a
> state where the partial self-test doesn't return TPM_RC_SUCCESS (meaning
> all tests have run to completion), but instead returns TPM_RC_TESTING
> (meaning some tests are still running in the background). There are
> various theories that resending the self-test command actually causes the
> tests to restart and thus triggers more TPM_RC_TESTING returns until the
> timeout is exceeded.
>
> There are several issues here: firstly being we shouldn't slow down the
> boot sequence waiting for the self test to complete once the TPM
> backgrounds them. It will actually make available all functions that have
> passed and if it gets a failure return TPM_RC_FAILURE to every subsequent
> command. So the fix is to kick off self tests once and if they return
> TPM_RC_TESTING log that as a backgrounded self test and continue on. In
> order to prevent other tpm users from seeing any TPM_RC_TESTING returns
> (which it might if they send a command that needs a TPM subsystem which is
> still under test), we loop in tpm_transmit_cmd until either a timeout or we
> don't get a TPM_RC_TESTING return.
>
> Finally, there have been observations of strange returns from a partial
> test. One Nuvoton is occasionally returning TPM_RC_COMMAND_CODE, so treat
> any unexpected return from a partial self test as an indication we need to
> run a full self test.
>
> [jarkko.sakkinen@linux.intel.com: cleaned up James' original commit and
> added a proper Fixes line]
>
> Fixes: 2482b1bba5122 ("tpm: Trigger only missing TPM 2.0 self tests")
> Cc: stable@vger.kernel.org
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> Tested-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Already applied to my master (bleeding edge) branch in order to
facilitate testing/review:
git://git.infradead.org/users/jjs/linux-tpmdd.git
I also rewrote the description of the updatesthat I did to this commit
to be more precise (see the commit msg in my GIT tree). If it turns out
that some klog would make a huge difference I'm willing to consider that
later but lets go with this for now.
I'll also send an updated tpm_buf patch set with this one dropped soon.
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: jarkko.sakkinen@linux.intel.com (Jarkko Sakkinen)
To: linux-security-module@vger.kernel.org
Subject: [PATCH v3 1/5] tpm: fix intermittent failure with self tests
Date: Mon, 12 Mar 2018 13:13:00 +0200 [thread overview]
Message-ID: <20180312111300.GB7448@linux.intel.com> (raw)
In-Reply-To: <20180305165614.5469-2-jarkko.sakkinen@linux.intel.com>
On Mon, Mar 05, 2018 at 06:56:10PM +0200, Jarkko Sakkinen wrote:
> From: James Bottomley <James.Bottomley@HansenPartnership.com>
>
> My Nuvoton 6xx in a Dell XPS-13 has been intermittently failing to work
> (necessitating a reboot). The problem seems to be that the TPM gets into a
> state where the partial self-test doesn't return TPM_RC_SUCCESS (meaning
> all tests have run to completion), but instead returns TPM_RC_TESTING
> (meaning some tests are still running in the background). There are
> various theories that resending the self-test command actually causes the
> tests to restart and thus triggers more TPM_RC_TESTING returns until the
> timeout is exceeded.
>
> There are several issues here: firstly being we shouldn't slow down the
> boot sequence waiting for the self test to complete once the TPM
> backgrounds them. It will actually make available all functions that have
> passed and if it gets a failure return TPM_RC_FAILURE to every subsequent
> command. So the fix is to kick off self tests once and if they return
> TPM_RC_TESTING log that as a backgrounded self test and continue on. In
> order to prevent other tpm users from seeing any TPM_RC_TESTING returns
> (which it might if they send a command that needs a TPM subsystem which is
> still under test), we loop in tpm_transmit_cmd until either a timeout or we
> don't get a TPM_RC_TESTING return.
>
> Finally, there have been observations of strange returns from a partial
> test. One Nuvoton is occasionally returning TPM_RC_COMMAND_CODE, so treat
> any unexpected return from a partial self test as an indication we need to
> run a full self test.
>
> [jarkko.sakkinen at linux.intel.com: cleaned up James' original commit and
> added a proper Fixes line]
>
> Fixes: 2482b1bba5122 ("tpm: Trigger only missing TPM 2.0 self tests")
> Cc: stable at vger.kernel.org
> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>
> Tested-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
> Signed-off-by: Jarkko Sakkinen <jarkko.sakkine@linux.intel.com>
Already applied to my master (bleeding edge) branch in order to
facilitate testing/review:
git://git.infradead.org/users/jjs/linux-tpmdd.git
I also rewrote the description of the updatesthat I did to this commit
to be more precise (see the commit msg in my GIT tree). If it turns out
that some klog would make a huge difference I'm willing to consider that
later but lets go with this for now.
I'll also send an updated tpm_buf patch set with this one dropped soon.
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
next prev parent reply other threads:[~2018-03-12 11:13 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-05 16:56 [PATCH v3 0/5] Migrate all TPM 2.0 commands to use struct tpm_buf Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` [PATCH v3 1/5] tpm: fix intermittent failure with self tests Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-12 11:13 ` Jarkko Sakkinen [this message]
2018-03-12 11:13 ` Jarkko Sakkinen
2018-03-12 11:13 ` Jarkko Sakkinen
2018-03-17 1:20 ` James Bottomley
2018-03-17 1:20 ` James Bottomley
2018-03-17 1:20 ` James Bottomley
2018-03-17 1:20 ` James Bottomley
2018-03-19 21:06 ` Jarkko Sakkinen
2018-03-19 21:06 ` Jarkko Sakkinen
2018-03-19 21:06 ` Jarkko Sakkinen
2018-03-19 21:06 ` Jarkko Sakkinen
2018-03-19 21:06 ` Jarkko Sakkinen
2018-03-05 16:56 ` [PATCH v3 2/5] tpm: migrate tpm2_shutdown() to use struct tpm_buf Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` [PATCH v3 3/5] tpm: migrate tpm2_probe() " Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 22:52 ` Mimi Zohar
2018-03-05 22:52 ` Mimi Zohar
2018-03-05 22:52 ` Mimi Zohar
2018-03-05 22:52 ` Mimi Zohar
2018-03-16 12:21 ` Jarkko Sakkinen
2018-03-16 12:21 ` Jarkko Sakkinen
2018-03-16 12:21 ` Jarkko Sakkinen
2018-03-16 12:21 ` Jarkko Sakkinen
2018-03-16 12:36 ` Mimi Zohar
2018-03-16 12:36 ` Mimi Zohar
2018-03-16 12:36 ` Mimi Zohar
2018-03-16 12:36 ` Mimi Zohar
2018-03-19 14:42 ` Jarkko Sakkinen
2018-03-19 14:42 ` Jarkko Sakkinen
2018-03-19 14:42 ` Jarkko Sakkinen
2018-03-19 14:42 ` Jarkko Sakkinen
2018-03-06 11:37 ` Jarkko Sakkinen
2018-03-06 11:37 ` Jarkko Sakkinen
2018-03-06 11:37 ` Jarkko Sakkinen
2018-03-06 11:37 ` Jarkko Sakkinen
2018-03-06 15:44 ` Jason Gunthorpe
2018-03-06 15:44 ` Jason Gunthorpe
2018-03-06 15:44 ` Jason Gunthorpe
2018-03-08 21:47 ` J Freyensee
2018-03-08 21:47 ` J Freyensee
2018-03-08 21:47 ` J Freyensee
2018-03-10 13:11 ` Jarkko Sakkinen
2018-03-10 13:11 ` Jarkko Sakkinen
2018-03-10 13:11 ` Jarkko Sakkinen
2018-03-10 13:11 ` Jarkko Sakkinen
2018-03-05 16:56 ` [PATCH v3 4/5] tpm: migrate tpm2_get_tpm_pt() " Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` [PATCH v3 5/5] tpm: migrate tpm2_get_random() " Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
2018-03-05 16:56 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180312111300.GB7448@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=jarkko.sakkine@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.