From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: linux-integrity@vger.kernel.org
Cc: Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
Subject: [PATCH 0/1] add sysfs exports for TPM 2 PCR registers
Date: Mon, 20 Jul 2020 08:00:37 -0700 [thread overview]
Message-ID: <20200720150038.9082-1-James.Bottomley@HansenPartnership.com> (raw)
At last year's plumbers conference it was agreed in principle to
export TPM 2 PCRs via sysfs. We also agreed we should conform to
sysfs rules of one value per file, which rules out the "pcrs" file
format of TPM 1.2 which has every PCR value in the same file.
I added these files using device groups, so one group per bank hash of
the TPM. Using an emulator which supports a variety of hashes, you
can see the structure of the group files:
root@testdeb:~# ls -F /sys/class/tpm/tpm0/
dev pcr-sha1/ pcr-sha384/ power/ tpm_version_major
device@ pcr-sha256/ pcr-sha512/ subsystem@ uevent
As a future enhancement, we could use the group is_visible function to
remove files corresponding to PCRs which don't exist. The reason this
isn't present is that so far I've never seen a TPM with a missing PCR.
James
---
James Bottomley (1):
tpm: add sysfs exports for all banks of PCR registers
drivers/char/tpm/tpm-sysfs.c | 178 +++++++++++++++++++++++++++++++++++
include/linux/tpm.h | 8 +-
2 files changed, 185 insertions(+), 1 deletion(-)
--
2.26.2
next reply other threads:[~2020-07-20 15:00 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-20 15:00 James Bottomley [this message]
2020-07-20 15:00 ` [PATCH 1/1] tpm: add sysfs exports for all banks of PCR registers James Bottomley
2020-07-21 12:30 ` Mimi Zohar
2020-07-21 15:06 ` James Bottomley
2020-07-21 15:47 ` Mimi Zohar
2020-07-21 15:52 ` James Bottomley
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200720150038.9082-1-James.Bottomley@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).