From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=BAYES_00,DKIM_INVALID, DKIM_SIGNED,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8487BC433E0 for ; Wed, 22 Jul 2020 15:57:44 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 55D3422CA1 for ; Wed, 22 Jul 2020 15:57:44 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=fail reason="signature verification failed" (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="bkPPRUYR" Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728229AbgGVP5o (ORCPT ); Wed, 22 Jul 2020 11:57:44 -0400 Received: from bedivere.hansenpartnership.com ([66.63.167.143]:51134 "EHLO bedivere.hansenpartnership.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726427AbgGVP5n (ORCPT ); Wed, 22 Jul 2020 11:57:43 -0400 Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id 249408EE272; Wed, 22 Jul 2020 08:57:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=hansenpartnership.com; s=20151216; t=1595433463; bh=OTS02pkTfOO9GvVjNeeTsBwJZVS6rmZm03KNaRXgudU=; h=From:To:Cc:Subject:Date:From; b=bkPPRUYRvvNdtIvBMEBgS+mg31NT1Eh78QHIgiTpoYKEj1rOILpaFw/pC52z1d8QF Qhy/qvFHLsNhgc5IsvywUo47v7w2jMbIoWQL2LTVTHaCJ1NZfLzpno7ouyN/2pvtTV WLBKdoKfrmSCE5oom2wbgCaVg52STJHvNIWGu6Io= Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vMAmqhdudl0F; Wed, 22 Jul 2020 08:57:43 -0700 (PDT) Received: from jarvis.lan (jarvis.ext.hansenpartnership.com [153.66.160.226]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id A27118EE200; Wed, 22 Jul 2020 08:57:42 -0700 (PDT) From: James Bottomley To: linux-integrity@vger.kernel.org Cc: Mimi Zohar , Jarkko Sakkinen Subject: [PATCH v3 0/1] add sysfs exports for TPM 2 PCR registers Date: Wed, 22 Jul 2020 08:57:38 -0700 Message-Id: <20200722155739.26957-1-James.Bottomley@HansenPartnership.com> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org v3 corrects the WARN_ON check, adds a commet to tpm_algorithms and adds Jerry's reviewed-by. At last year's plumbers conference it was agreed in principle to export TPM 2 PCRs via sysfs. We also agreed we should conform to sysfs rules of one value per file, which rules out the "pcrs" file format of TPM 1.2 which has every PCR value in the same file. I added these files using device groups, so one group per bank hash of the TPM. Using an emulator which supports a variety of hashes, you can see the structure of the group files: root@testdeb:~# ls -F /sys/class/tpm/tpm0/ dev pcr-sha1/ pcr-sha384/ power/ tpm_version_major device@ pcr-sha256/ pcr-sha512/ subsystem@ uevent As a future enhancement, we could use the group is_visible function to remove files corresponding to PCRs which don't exist. The reason this isn't present is that so far I've never seen a TPM with a missing PCR. James --- James Bottomley (1): tpm: add sysfs exports for all banks of PCR registers drivers/char/tpm/tpm-sysfs.c | 178 +++++++++++++++++++++++++++++++++++ include/linux/tpm.h | 9 +- 2 files changed, 186 insertions(+), 1 deletion(-) -- 2.26.2