* caps file showing wrong TCG version?
@ 2018-09-04 20:03 Martin Galvan
2018-09-04 20:05 ` Martin Galvan
2018-09-05 17:30 ` Jarkko Sakkinen
0 siblings, 2 replies; 11+ messages in thread
From: Martin Galvan @ 2018-09-04 20:03 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Hi all,
I have an Infineon SLB 9665 TPM chip, which according to
https://www.infineon.com/dgdl/Infineon-OPTIGA_TPM-PB-v10_15-EN.pdf?fileId=5546d46145da30e80145efa2f0b96a8e
uses TPM 2.0. However, /sys/class/tpm/tpm0/device/tpm/tpm0/caps is
showing "TCG version: 1.2". I'm aware that the versioning scheme using
by the TCG is a bit confusing (e.g. 1.2 is the "Main" spec, while 2.0
is a "library" spec), but I'm wondering whether this is correct.
Thanks
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-04 20:03 caps file showing wrong TCG version? Martin Galvan
@ 2018-09-04 20:05 ` Martin Galvan
2018-09-04 20:27 ` Martin Galvan
2018-09-04 21:33 ` Jason Gunthorpe
2018-09-05 17:30 ` Jarkko Sakkinen
1 sibling, 2 replies; 11+ messages in thread
From: Martin Galvan @ 2018-09-04 20:05 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Errata: The file I'm checking is /sys/class/tpm/tpm0/device/caps. For
some reason the sys/class/tpm/tpm0 dir seems to have a sort of
recursive structure.
El mar., 4 sept. 2018 a las 17:03, Martin Galvan
(<omgalvan.86@gmail.com>) escribio:
>
> Hi all,
>
> I have an Infineon SLB 9665 TPM chip, which according to
> https://www.infineon.com/dgdl/Infineon-OPTIGA_TPM-PB-v10_15-EN.pdf?fileId=5546d46145da30e80145efa2f0b96a8e
> uses TPM 2.0. However, /sys/class/tpm/tpm0/device/tpm/tpm0/caps is
> showing "TCG version: 1.2". I'm aware that the versioning scheme using
> by the TCG is a bit confusing (e.g. 1.2 is the "Main" spec, while 2.0
> is a "library" spec), but I'm wondering whether this is correct.
>
> Thanks
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-04 20:05 ` Martin Galvan
@ 2018-09-04 20:27 ` Martin Galvan
2018-09-04 21:33 ` Jason Gunthorpe
1 sibling, 0 replies; 11+ messages in thread
From: Martin Galvan @ 2018-09-04 20:27 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Nevermind: it seems that I was wrong, and actually using a 1.2 device.
El mar., 4 sept. 2018 a las 17:05, Martin Galvan
(<omgalvan.86@gmail.com>) escribio:
>
> Errata: The file I'm checking is /sys/class/tpm/tpm0/device/caps. For
> some reason the sys/class/tpm/tpm0 dir seems to have a sort of
> recursive structure.
> El mar., 4 sept. 2018 a las 17:03, Martin Galvan
> (<omgalvan.86@gmail.com>) escribio:
> >
> > Hi all,
> >
> > I have an Infineon SLB 9665 TPM chip, which according to
> > https://www.infineon.com/dgdl/Infineon-OPTIGA_TPM-PB-v10_15-EN.pdf?fileId=5546d46145da30e80145efa2f0b96a8e
> > uses TPM 2.0. However, /sys/class/tpm/tpm0/device/tpm/tpm0/caps is
> > showing "TCG version: 1.2". I'm aware that the versioning scheme using
> > by the TCG is a bit confusing (e.g. 1.2 is the "Main" spec, while 2.0
> > is a "library" spec), but I'm wondering whether this is correct.
> >
> > Thanks
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-04 20:05 ` Martin Galvan
2018-09-04 20:27 ` Martin Galvan
@ 2018-09-04 21:33 ` Jason Gunthorpe
2018-09-04 21:55 ` Martin Galvan
1 sibling, 1 reply; 11+ messages in thread
From: Jason Gunthorpe @ 2018-09-04 21:33 UTC (permalink / raw)
To: Martin Galvan; +Cc: linux-integrity, jarkko.sakkinen
On Tue, Sep 04, 2018 at 05:05:34PM -0300, Martin Galvan wrote:
> Errata: The file I'm checking is /sys/class/tpm/tpm0/device/caps. For
> some reason the sys/class/tpm/tpm0 dir seems to have a sort of
> recursive structure.
Recursive sounds bad.. what are you seeing?
Jason
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-04 21:33 ` Jason Gunthorpe
@ 2018-09-04 21:55 ` Martin Galvan
2018-09-05 17:32 ` Jarkko Sakkinen
0 siblings, 1 reply; 11+ messages in thread
From: Martin Galvan @ 2018-09-04 21:55 UTC (permalink / raw)
To: jgg; +Cc: linux-integrity, jarkko.sakkinen
El mar., 4 sept. 2018 a las 18:33, Jason Gunthorpe (<jgg@ziepe.ca>) escribio:
> Recursive sounds bad.. what are you seeing?
At least on my system, /sys/class/tpm/tpm0/device has a 'tpm' dir
which seems to replicate the tpm0/device struct endlessly. Digging a
bit deeper I see:
$ ls -l /sys/class/tpm/tpm0/device
lrwxrwxrwx 1 root root 0 Sep 4 12:15 /sys/class/tpm/tpm0/device ->
../../../00:09
The 00:09 dir in turn refers to ls /sys/devices/pnp0/00:09.
On an unrelated note: I was recently told that
/sys/class/tpm/tpm0/caps doesn't exist for TPM 2.0. This is
inconvenient, since the manufacturer and version info exposed through
that file can be used to detect CVE-2017-15361. Is there an equivalent
file for TPM 2.0?
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-04 20:03 caps file showing wrong TCG version? Martin Galvan
2018-09-04 20:05 ` Martin Galvan
@ 2018-09-05 17:30 ` Jarkko Sakkinen
2018-09-05 17:32 ` Martin Galvan
1 sibling, 1 reply; 11+ messages in thread
From: Jarkko Sakkinen @ 2018-09-05 17:30 UTC (permalink / raw)
To: Martin Galvan; +Cc: linux-integrity
On Tue, Sep 04, 2018 at 05:03:40PM -0300, Martin Galvan wrote:
> Hi all,
>
> I have an Infineon SLB 9665 TPM chip, which according to
> https://www.infineon.com/dgdl/Infineon-OPTIGA_TPM-PB-v10_15-EN.pdf?fileId=5546d46145da30e80145efa2f0b96a8e
> uses TPM 2.0. However, /sys/class/tpm/tpm0/device/tpm/tpm0/caps is
> showing "TCG version: 1.2". I'm aware that the versioning scheme using
> by the TCG is a bit confusing (e.g. 1.2 is the "Main" spec, while 2.0
> is a "library" spec), but I'm wondering whether this is correct.
>
> Thanks
It is clearly a TPM 1.2 chip as it talks TPM 1.x protocol. The caps file
is only shown for TPM 1.x devices and it uses TPM_ORD_GET_CAP command,
which is part of the TPM 1.x protocol.
/Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-05 17:30 ` Jarkko Sakkinen
@ 2018-09-05 17:32 ` Martin Galvan
0 siblings, 0 replies; 11+ messages in thread
From: Martin Galvan @ 2018-09-05 17:32 UTC (permalink / raw)
To: jarkko.sakkinen; +Cc: linux-integrity
El mie., 5 sept. 2018 a las 14:30, Jarkko Sakkinen
(<jarkko.sakkinen@linux.intel.com>) escribio:
> It is clearly a TPM 1.2 chip as it talks TPM 1.x protocol. The caps file
> is only shown for TPM 1.x devices and it uses TPM_ORD_GET_CAP command,
> which is part of the TPM 1.x protocol.
Yes, I had realized that. My mistake.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-04 21:55 ` Martin Galvan
@ 2018-09-05 17:32 ` Jarkko Sakkinen
2018-09-05 17:35 ` Martin Galvan
0 siblings, 1 reply; 11+ messages in thread
From: Jarkko Sakkinen @ 2018-09-05 17:32 UTC (permalink / raw)
To: Martin Galvan; +Cc: jgg, linux-integrity
On Tue, Sep 04, 2018 at 06:55:45PM -0300, Martin Galvan wrote:
> El mar., 4 sept. 2018 a las 18:33, Jason Gunthorpe (<jgg@ziepe.ca>) escribio:
> > Recursive sounds bad.. what are you seeing?
>
> At least on my system, /sys/class/tpm/tpm0/device has a 'tpm' dir
> which seems to replicate the tpm0/device struct endlessly. Digging a
> bit deeper I see:
>
> $ ls -l /sys/class/tpm/tpm0/device
> lrwxrwxrwx 1 root root 0 Sep 4 12:15 /sys/class/tpm/tpm0/device ->
> ../../../00:09
>
> The 00:09 dir in turn refers to ls /sys/devices/pnp0/00:09.
>
> On an unrelated note: I was recently told that
> /sys/class/tpm/tpm0/caps doesn't exist for TPM 2.0. This is
> inconvenient, since the manufacturer and version info exposed through
> that file can be used to detect CVE-2017-15361. Is there an equivalent
> file for TPM 2.0?
Those files do not make sense because you can get the same information
by talking to /dev/tpm0.
/Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-05 17:32 ` Jarkko Sakkinen
@ 2018-09-05 17:35 ` Martin Galvan
2018-09-05 17:40 ` Peter Huewe
2018-09-06 10:02 ` Jarkko Sakkinen
0 siblings, 2 replies; 11+ messages in thread
From: Martin Galvan @ 2018-09-05 17:35 UTC (permalink / raw)
To: jarkko.sakkinen; +Cc: jgg, linux-integrity
El mie., 5 sept. 2018 a las 14:32, Jarkko Sakkinen
(<jarkko.sakkinen@linux.intel.com>) escribio:
> Those files do not make sense because you can get the same information
> by talking to /dev/tpm0.
Wouldn't that require using a lower-level interface, though? IIRC one
of the reasons of tpm2-tools' existence is to provide a user-friendly
way to do this. I was hoping there would be some way to do this
without having to install tpm2-tools.
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-05 17:35 ` Martin Galvan
@ 2018-09-05 17:40 ` Peter Huewe
2018-09-06 10:02 ` Jarkko Sakkinen
1 sibling, 0 replies; 11+ messages in thread
From: Peter Huewe @ 2018-09-05 17:40 UTC (permalink / raw)
To: Martin Galvan, jarkko.sakkinen; +Cc: jgg, linux-integrity
Am 5. September 2018 19:35:12 MESZ schrieb Martin Galvan <omgalvan.86@gmail.com>:
>El mie., 5 sept. 2018 a las 14:32, Jarkko Sakkinen
>(<jarkko.sakkinen@linux.intel.com>) escribio:
>> Those files do not make sense because you can get the same
>information
>> by talking to /dev/tpm0.
>
>Wouldn't that require using a lower-level interface, though? IIRC one
>of the reasons of tpm2-tools' existence is to provide a user-friendly
>way to do this. I was hoping there would be some way to do this
>without having to install tpm2-tools.
If you use the tpm (and care about the cve), you probably have the tools installed anyways.
If not you can use eltt2, it has much less dependencies:
github.com/infineon/eltt2
Peter
--
Sent from my mobile
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: caps file showing wrong TCG version?
2018-09-05 17:35 ` Martin Galvan
2018-09-05 17:40 ` Peter Huewe
@ 2018-09-06 10:02 ` Jarkko Sakkinen
1 sibling, 0 replies; 11+ messages in thread
From: Jarkko Sakkinen @ 2018-09-06 10:02 UTC (permalink / raw)
To: Martin Galvan; +Cc: jgg, linux-integrity
On Wed, Sep 05, 2018 at 02:35:12PM -0300, Martin Galvan wrote:
> El mie., 5 sept. 2018 a las 14:32, Jarkko Sakkinen
> (<jarkko.sakkinen@linux.intel.com>) escribio:
> > Those files do not make sense because you can get the same information
> > by talking to /dev/tpm0.
>
> Wouldn't that require using a lower-level interface, though? IIRC one
> of the reasons of tpm2-tools' existence is to provide a user-friendly
> way to do this. I was hoping there would be some way to do this
> without having to install tpm2-tools.
Would be trivial to write utilities that talk raw TPM 2.0 protocol and
give you equivalent information.
Some sample code from my smoke tests:
https://github.com/jsakkine-intel/tpm2-scripts
I would write such utilities in raw C though but as you can see it is
not rocket science.
/Jarkko
^ permalink raw reply [flat|nested] 11+ messages in thread
end of thread, other threads:[~2018-09-06 14:37 UTC | newest]
Thread overview: 11+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-09-04 20:03 caps file showing wrong TCG version? Martin Galvan
2018-09-04 20:05 ` Martin Galvan
2018-09-04 20:27 ` Martin Galvan
2018-09-04 21:33 ` Jason Gunthorpe
2018-09-04 21:55 ` Martin Galvan
2018-09-05 17:32 ` Jarkko Sakkinen
2018-09-05 17:35 ` Martin Galvan
2018-09-05 17:40 ` Peter Huewe
2018-09-06 10:02 ` Jarkko Sakkinen
2018-09-05 17:30 ` Jarkko Sakkinen
2018-09-05 17:32 ` Martin Galvan
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.