From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
James Bottomley <jejb@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org
Subject: Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM
Date: Mon, 25 Mar 2019 16:12:23 +0200 [thread overview]
Message-ID: <20190325141223.GA13766@linux.intel.com> (raw)
In-Reply-To: <CAPcyv4g=W9Fc=nfYjXG9-mpzn2cfiYEz4J7ksP3ziFUc_5k1OQ@mail.gmail.com>
On Fri, Mar 22, 2019 at 08:24:01AM -0700, Dan Williams wrote:
> On Fri, Mar 22, 2019 at 3:12 AM Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
> >
> > On Thu, Mar 21, 2019 at 06:45:47PM +0100, Roberto Sassu wrote:
> > > On 3/21/2019 5:30 PM, Dan Williams wrote:
> > > > On Thu, Mar 21, 2019 at 7:27 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> > > > >
> > > > > On 3/21/2019 2:54 PM, Jarkko Sakkinen wrote:
> > > > > > On Mon, Mar 18, 2019 at 04:45:13PM -0700, Dan Williams wrote:
> > > > > > > Rather than fail initialization of the trusted.ko module, arrange for
> > > > > > > the module to load, but rely on trusted_instantiate() to fail
> > > > > > > trusted-key operations.
> > > > > > >
> > > > > > > Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...")
> > > > > > > Cc: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > > > > > Cc: James Bottomley <jejb@linux.ibm.com>
> > > > > > > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > > > > > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > > > > > > Cc: David Howells <dhowells@redhat.com>
> > > > > > > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > > > > >
> > > > > > It should check for chip in each function that uses TPM now that
> > > > > > the code does not rely on default chip. Otherwise, the semantics
> > > > > > are kind of inconsistent.
> > > > >
> > > > > If no other TPM function can be used before a successful key
> > > > > instantiate, checking for a chip only in trusted_instantiate() seems
> > > > > sufficient. Then, the same chip will be used by all TPM functions until
> > > > > module unloading, since we incremented the reference count.
> > > > >
> > > > > I would suggest to move the tpm_default_chip() and init_digests() calls
> > > > > to trusted_instantiate() to restore the old behavior of init_trusted().
> > > > >
> > > > > trusted_instantiate() should look like:
> > > > > ---
> > > > > if (!chip) {
> > > > > chip = tpm_default_chip();
> > > > > if (!chip)
> > > > > return -ENODEV;
> > > > > }
> > > > >
> > > > > if (!digests) {
> > > > > ret = init_digests();
> > > > > if (ret < 0)
> > > > > return ret;
> > > > > }
> > > >
> > > > This patch already achieves that because tpm_find_get_ops() will fail
> > > > and cause tpm_is_tpm2() to return NULL.
> > >
> > > In addition, the changes I proposed would allow users to create trusted
> > > keys if a TPM is added later. CONFIG_TRUSTED_KEYS=y and
> > > CONFIG_TCG_TPM=m is a valid configuration.
> > >
> > > Jarkko, Dan's patch seems sufficient to fix the issue. He could include
> > > the changes I proposed in his patch. What is your opinion?
> >
> > Agreed.
>
> What changes?
>
> Robert, please feel free to re-author the proposed patch however you
> see fit, I just want whatever will get libnvdimm operational again in
> the shortest amount of time.
I've decided go with a patch of least innovation i.e. one that simply reverts
the old behavior. Sending patch soon.
/Jarkko
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>,
linux-nvdimm <linux-nvdimm@lists.01.org>,
James Bottomley <jejb@linux.ibm.com>,
Roberto Sassu <roberto.sassu@huawei.com>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org
Subject: Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM
Date: Mon, 25 Mar 2019 14:12:23 +0000 [thread overview]
Message-ID: <20190325141223.GA13766@linux.intel.com> (raw)
In-Reply-To: <CAPcyv4g=W9Fc=nfYjXG9-mpzn2cfiYEz4J7ksP3ziFUc_5k1OQ@mail.gmail.com>
On Fri, Mar 22, 2019 at 08:24:01AM -0700, Dan Williams wrote:
> On Fri, Mar 22, 2019 at 3:12 AM Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
> >
> > On Thu, Mar 21, 2019 at 06:45:47PM +0100, Roberto Sassu wrote:
> > > On 3/21/2019 5:30 PM, Dan Williams wrote:
> > > > On Thu, Mar 21, 2019 at 7:27 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> > > > >
> > > > > On 3/21/2019 2:54 PM, Jarkko Sakkinen wrote:
> > > > > > On Mon, Mar 18, 2019 at 04:45:13PM -0700, Dan Williams wrote:
> > > > > > > Rather than fail initialization of the trusted.ko module, arrange for
> > > > > > > the module to load, but rely on trusted_instantiate() to fail
> > > > > > > trusted-key operations.
> > > > > > >
> > > > > > > Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...")
> > > > > > > Cc: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > > > > > Cc: James Bottomley <jejb@linux.ibm.com>
> > > > > > > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > > > > > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > > > > > > Cc: David Howells <dhowells@redhat.com>
> > > > > > > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > > > > >
> > > > > > It should check for chip in each function that uses TPM now that
> > > > > > the code does not rely on default chip. Otherwise, the semantics
> > > > > > are kind of inconsistent.
> > > > >
> > > > > If no other TPM function can be used before a successful key
> > > > > instantiate, checking for a chip only in trusted_instantiate() seems
> > > > > sufficient. Then, the same chip will be used by all TPM functions until
> > > > > module unloading, since we incremented the reference count.
> > > > >
> > > > > I would suggest to move the tpm_default_chip() and init_digests() calls
> > > > > to trusted_instantiate() to restore the old behavior of init_trusted().
> > > > >
> > > > > trusted_instantiate() should look like:
> > > > > ---
> > > > > if (!chip) {
> > > > > chip = tpm_default_chip();
> > > > > if (!chip)
> > > > > return -ENODEV;
> > > > > }
> > > > >
> > > > > if (!digests) {
> > > > > ret = init_digests();
> > > > > if (ret < 0)
> > > > > return ret;
> > > > > }
> > > >
> > > > This patch already achieves that because tpm_find_get_ops() will fail
> > > > and cause tpm_is_tpm2() to return NULL.
> > >
> > > In addition, the changes I proposed would allow users to create trusted
> > > keys if a TPM is added later. CONFIG_TRUSTED_KEYS=y and
> > > CONFIG_TCG_TPM=m is a valid configuration.
> > >
> > > Jarkko, Dan's patch seems sufficient to fix the issue. He could include
> > > the changes I proposed in his patch. What is your opinion?
> >
> > Agreed.
>
> What changes?
>
> Robert, please feel free to re-author the proposed patch however you
> see fit, I just want whatever will get libnvdimm operational again in
> the shortest amount of time.
I've decided go with a patch of least innovation i.e. one that simply reverts
the old behavior. Sending patch soon.
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@intel.com>
Cc: Roberto Sassu <roberto.sassu@huawei.com>,
James Bottomley <jejb@linux.ibm.com>,
Mimi Zohar <zohar@linux.ibm.com>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org,
linux-nvdimm <linux-nvdimm@lists.01.org>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Silviu Vlasceanu <Silviu.Vlasceanu@huawei.com>
Subject: Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM
Date: Mon, 25 Mar 2019 16:12:23 +0200 [thread overview]
Message-ID: <20190325141223.GA13766@linux.intel.com> (raw)
In-Reply-To: <CAPcyv4g=W9Fc=nfYjXG9-mpzn2cfiYEz4J7ksP3ziFUc_5k1OQ@mail.gmail.com>
On Fri, Mar 22, 2019 at 08:24:01AM -0700, Dan Williams wrote:
> On Fri, Mar 22, 2019 at 3:12 AM Jarkko Sakkinen
> <jarkko.sakkinen@linux.intel.com> wrote:
> >
> > On Thu, Mar 21, 2019 at 06:45:47PM +0100, Roberto Sassu wrote:
> > > On 3/21/2019 5:30 PM, Dan Williams wrote:
> > > > On Thu, Mar 21, 2019 at 7:27 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> > > > >
> > > > > On 3/21/2019 2:54 PM, Jarkko Sakkinen wrote:
> > > > > > On Mon, Mar 18, 2019 at 04:45:13PM -0700, Dan Williams wrote:
> > > > > > > Rather than fail initialization of the trusted.ko module, arrange for
> > > > > > > the module to load, but rely on trusted_instantiate() to fail
> > > > > > > trusted-key operations.
> > > > > > >
> > > > > > > Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure...")
> > > > > > > Cc: Roberto Sassu <roberto.sassu@huawei.com>
> > > > > > > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > > > > > Cc: James Bottomley <jejb@linux.ibm.com>
> > > > > > > Cc: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > > > > > > Cc: Mimi Zohar <zohar@linux.ibm.com>
> > > > > > > Cc: David Howells <dhowells@redhat.com>
> > > > > > > Signed-off-by: Dan Williams <dan.j.williams@intel.com>
> > > > > >
> > > > > > It should check for chip in each function that uses TPM now that
> > > > > > the code does not rely on default chip. Otherwise, the semantics
> > > > > > are kind of inconsistent.
> > > > >
> > > > > If no other TPM function can be used before a successful key
> > > > > instantiate, checking for a chip only in trusted_instantiate() seems
> > > > > sufficient. Then, the same chip will be used by all TPM functions until
> > > > > module unloading, since we incremented the reference count.
> > > > >
> > > > > I would suggest to move the tpm_default_chip() and init_digests() calls
> > > > > to trusted_instantiate() to restore the old behavior of init_trusted().
> > > > >
> > > > > trusted_instantiate() should look like:
> > > > > ---
> > > > > if (!chip) {
> > > > > chip = tpm_default_chip();
> > > > > if (!chip)
> > > > > return -ENODEV;
> > > > > }
> > > > >
> > > > > if (!digests) {
> > > > > ret = init_digests();
> > > > > if (ret < 0)
> > > > > return ret;
> > > > > }
> > > >
> > > > This patch already achieves that because tpm_find_get_ops() will fail
> > > > and cause tpm_is_tpm2() to return NULL.
> > >
> > > In addition, the changes I proposed would allow users to create trusted
> > > keys if a TPM is added later. CONFIG_TRUSTED_KEYS=y and
> > > CONFIG_TCG_TPM=m is a valid configuration.
> > >
> > > Jarkko, Dan's patch seems sufficient to fix the issue. He could include
> > > the changes I proposed in his patch. What is your opinion?
> >
> > Agreed.
>
> What changes?
>
> Robert, please feel free to re-author the proposed patch however you
> see fit, I just want whatever will get libnvdimm operational again in
> the shortest amount of time.
I've decided go with a patch of least innovation i.e. one that simply reverts
the old behavior. Sending patch soon.
/Jarkko
next prev parent reply other threads:[~2019-03-25 14:12 UTC|newest]
Thread overview: 50+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-18 23:45 [PATCH] security/keys/trusted: Allow operation without hardware TPM Dan Williams
2019-03-18 23:45 ` Dan Williams
2019-03-18 23:45 ` Dan Williams
[not found] ` <155295271345.1945351.6465460744078693578.stgit-p8uTFz9XbKj2zm6wflaqv1nYeNYlB/vhral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2019-03-19 0:24 ` James Bottomley
2019-03-19 0:24 ` James Bottomley
2019-03-19 0:24 ` James Bottomley
2019-03-19 0:30 ` Dan Williams
2019-03-19 0:30 ` Dan Williams
2019-03-19 0:30 ` Dan Williams
[not found] ` <CAA9_cmcOD2zPaaNbkYAaH5DRDRAebPkW+hwPA0zPKY4kU8R-rg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-03-19 0:56 ` James Bottomley
2019-03-19 0:56 ` James Bottomley
2019-03-19 0:56 ` James Bottomley
2019-03-19 1:34 ` Dan Williams
2019-03-19 1:34 ` Dan Williams
2019-03-19 1:34 ` Dan Williams
2019-03-20 1:55 ` Dan Williams
2019-03-20 1:55 ` Dan Williams
2019-03-20 1:55 ` Dan Williams
[not found] ` <CAPcyv4hXKQcdLnKG6rPNOJr2wjq31uCCr+16S5Yu6S5A_5UGrA-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-03-20 2:19 ` James Bottomley
2019-03-20 2:19 ` James Bottomley
2019-03-20 2:19 ` James Bottomley
2019-03-19 22:56 ` Mimi Zohar
2019-03-19 22:56 ` Mimi Zohar
2019-03-19 22:56 ` Mimi Zohar
2019-03-19 23:01 ` Dan Williams
2019-03-19 23:01 ` Dan Williams
2019-03-19 23:01 ` Dan Williams
2019-03-21 13:54 ` Jarkko Sakkinen
2019-03-21 13:54 ` Jarkko Sakkinen
2019-03-21 13:54 ` Jarkko Sakkinen
2019-03-21 14:26 ` Roberto Sassu
2019-03-21 14:26 ` Roberto Sassu
2019-03-21 14:26 ` Roberto Sassu
2019-03-21 16:30 ` Dan Williams
2019-03-21 16:30 ` Dan Williams
2019-03-21 16:30 ` Dan Williams
[not found] ` <CAPcyv4gc_KWedC12bTcX24KwjKiBCF=yvouRNzCbJKaLrgJdDg-JsoAwUIsXosN+BqQ9rBEUg@public.gmane.org>
2019-03-21 17:45 ` Roberto Sassu
2019-03-21 17:45 ` Roberto Sassu
2019-03-21 17:45 ` Roberto Sassu
2019-03-22 10:12 ` Jarkko Sakkinen
2019-03-22 10:12 ` Jarkko Sakkinen
2019-03-22 15:24 ` Dan Williams
2019-03-22 15:24 ` Dan Williams
2019-03-22 15:24 ` Dan Williams
2019-03-25 14:12 ` Jarkko Sakkinen [this message]
2019-03-25 14:12 ` Jarkko Sakkinen
2019-03-25 14:12 ` Jarkko Sakkinen
2019-03-25 14:50 ` Jarkko Sakkinen
2019-03-25 14:50 ` Jarkko Sakkinen
2019-03-25 14:50 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190325141223.GA13766@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=Silviu.Vlasceanu@huawei.com \
--cc=dan.j.williams@intel.com \
--cc=dhowells@redhat.com \
--cc=jejb@linux.ibm.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=roberto.sassu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.