From mboxrd@z Thu Jan 1 00:00:00 1970 From: Tyler Hicks Date: Mon, 05 Aug 2019 16:04:52 +0000 Subject: Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated Message-Id: <20190805160451.GB3449@elm> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable List-Id: References: <20190705163735.11539-1-roberto.sassu@huawei.com> <20190711194811.rfsohbfc3a7carpa@linux.intel.com> <20190801163215.mfkagoafkxscesne@linux.intel.com> <20190802142721.GA26616@elm> <20190802194226.oiztvme5klkmw6fh@linux.intel.com> <20190802202343.GE26616@elm> <1565020459.11223.179.camel@linux.ibm.com> In-Reply-To: <1565020459.11223.179.camel@linux.ibm.com> To: Mimi Zohar Cc: Roberto Sassu , Jarkko Sakkinen , jejb@linux.ibm.com, jgg@ziepe.ca, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, crazyt2019+lml@gmail.com, nayna@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com On 2019-08-05 11:54:19, Mimi Zohar wrote: > On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote: > > Regarding Mimi's proposal to avoid the issue by extending the PCR with > > zeros, I think it also achieve the goal.=20 >=20 > Roberto, removing the following code from init_digests() would be the > equivalent to the prior code, without needing to make any other > changes. =A0Let's keep it simple. =A0Do you want to post the patch with > the change, or should I? >=20 > ret =3D tpm_get_random(chip, digest, TPM_MAX_DIGEST_SIZE); > if (ret < 0) > return ret; > if (ret < TPM_MAX_DIGEST_SIZE) > return -EFAULT; >=20 > As I can't duplicate the problem, it would need to be tested by others > experiencing the problem. The bug reporter tested Roberto's last patch: https://bugzilla.kernel.org/show_bug.cgi?id 3953#c8 We should Cc the reporter on future patches or at least leave another testing request in the bugzilla. Tyler >=20 > thanks, >=20 > Mimi >=20 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-2.3 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_SANE_1 autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 44B5BC433FF for ; Mon, 5 Aug 2019 16:05:10 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 4D47A208C3 for ; Mon, 5 Aug 2019 16:05:09 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729778AbfHEQFI (ORCPT ); Mon, 5 Aug 2019 12:05:08 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:40456 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728759AbfHEQFH (ORCPT ); Mon, 5 Aug 2019 12:05:07 -0400 Received: from 162-237-133-238.lightspeed.rcsntx.sbcglobal.net ([162.237.133.238] helo=elm) by youngberry.canonical.com with esmtpsa (TLS1.0:RSA_AES_256_CBC_SHA1:32) (Exim 4.76) (envelope-from ) id 1hufTk-0006Pg-P1; Mon, 05 Aug 2019 16:04:57 +0000 Date: Mon, 5 Aug 2019 11:04:52 -0500 From: Tyler Hicks To: Mimi Zohar Cc: Roberto Sassu , Jarkko Sakkinen , jejb@linux.ibm.com, jgg@ziepe.ca, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, keyrings@vger.kernel.org, linux-kernel@vger.kernel.org, crazyt2019+lml@gmail.com, nayna@linux.vnet.ibm.com, silviu.vlasceanu@huawei.com Subject: Re: [PATCH] KEYS: trusted: allow module init if TPM is inactive or deactivated Message-ID: <20190805160451.GB3449@elm> References: <20190705163735.11539-1-roberto.sassu@huawei.com> <20190711194811.rfsohbfc3a7carpa@linux.intel.com> <20190801163215.mfkagoafkxscesne@linux.intel.com> <20190802142721.GA26616@elm> <20190802194226.oiztvme5klkmw6fh@linux.intel.com> <20190802202343.GE26616@elm> <1565020459.11223.179.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <1565020459.11223.179.camel@linux.ibm.com> User-Agent: Mutt/1.10.1 (2018-07-13) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2019-08-05 11:54:19, Mimi Zohar wrote: > On Mon, 2019-08-05 at 16:50 +0200, Roberto Sassu wrote: > > Regarding Mimi's proposal to avoid the issue by extending the PCR with > > zeros, I think it also achieve the goal. > > Roberto, removing the following code from init_digests() would be the > equivalent to the prior code, without needing to make any other > changes.  Let's keep it simple.  Do you want to post the patch with > the change, or should I? > > ret = tpm_get_random(chip, digest, TPM_MAX_DIGEST_SIZE); > if (ret < 0) > return ret; > if (ret < TPM_MAX_DIGEST_SIZE) > return -EFAULT; > > As I can't duplicate the problem, it would need to be tested by others > experiencing the problem. The bug reporter tested Roberto's last patch: https://bugzilla.kernel.org/show_bug.cgi?id=203953#c8 We should Cc the reporter on future patches or at least leave another testing request in the bugzilla. Tyler > > thanks, > > Mimi >