Linux-Integrity Archive on lore.kernel.org
 help / color / Atom feed
From: Jason Gunthorpe <jgg@ziepe.ca>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: Nayna <nayna@linux.vnet.ibm.com>,
	Stefan Berger <stefanb@linux.vnet.ibm.com>,
	linux-integrity@vger.kernel.org, aik@ozlabs.ru,
	david@gibson.dropbear.id.au, linux-kernel@vger.kernel.org,
	gcwilson@linux.ibm.com
Subject: Re: [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2
Date: Thu, 13 Feb 2020 15:50:26 -0400
Message-ID: <20200213195026.GQ31668@ziepe.ca> (raw)
In-Reply-To: <8406ff6d-c24f-0815-25f8-fa9a97dcde8b@linux.ibm.com>

On Thu, Feb 13, 2020 at 02:45:49PM -0500, Stefan Berger wrote:
> > Any driver that knows the TPM must be started prior to Linux
> > booting should not use the flag.  vtpm drivers in general would seem
> > to be the case where we can make this statement.
> 
> Wouldn't this statement apply to all systems, including embedded ones? 
> Basically all firmwares should implement the CRTM and do the TPM
> initialization.

It is not mandatory that systems with TPMs start it in the
firmware. That is only required if the TPM PCR feature is going to be
used. A TPM can quite happily be used for key storage without FW
support.

Arguably this is sort of done wrong. eg if the platform has provided
TPM information through uEFI or something then we shouldn't try to
auto start the system TPM. At least for TPM1 detecting a non-started
TPM was harmless, so nobody really cared. I wonder if TPM2 is much
different..

But certainly auto startup should *not* be required to have a working
TPM driver, that is just fundamentally wrong.

Jason

      reply index

Thread overview: 17+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-04 13:27 [PATCH 0/3] Enable vTPM 2.0 for the IBM vTPM driver Stefan Berger
2020-02-04 13:27 ` [PATCH 1/3] tpm: of: Handle IBM,vtpm20 case when getting log parameters Stefan Berger
2020-02-13 17:46   ` Nayna
2020-02-13 19:16     ` Stefan Berger
2020-02-04 13:27 ` [PATCH 2/3] tpm: ibmvtpm: Wait for buffer to be set before proceeding Stefan Berger
2020-02-13 17:53   ` Nayna
2020-02-13 18:11     ` Stefan Berger
2020-02-04 13:27 ` [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2 Stefan Berger
2020-02-13 17:53   ` Nayna
2020-02-13 18:20     ` Stefan Berger
2020-02-13 18:35       ` Jason Gunthorpe
2020-02-13 19:04         ` Stefan Berger
2020-02-13 19:11           ` Jason Gunthorpe
2020-02-13 19:15             ` Stefan Berger
2020-02-13 19:39               ` Jason Gunthorpe
2020-02-13 19:45                 ` Stefan Berger
2020-02-13 19:50                   ` Jason Gunthorpe [this message]

Reply instructions:

You may reply publically to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20200213195026.GQ31668@ziepe.ca \
    --to=jgg@ziepe.ca \
    --cc=aik@ozlabs.ru \
    --cc=david@gibson.dropbear.id.au \
    --cc=gcwilson@linux.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nayna@linux.vnet.ibm.com \
    --cc=stefanb@linux.ibm.com \
    --cc=stefanb@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org
	public-inbox-index linux-integrity

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git