linux-integrity.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Stefan Berger <stefanb@linux.ibm.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Nayna <nayna@linux.vnet.ibm.com>,
	Stefan Berger <stefanb@linux.vnet.ibm.com>,
	linux-integrity@vger.kernel.org, aik@ozlabs.ru,
	david@gibson.dropbear.id.au, linux-kernel@vger.kernel.org,
	gcwilson@linux.ibm.com
Subject: Re: [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2
Date: Thu, 13 Feb 2020 14:45:49 -0500	[thread overview]
Message-ID: <8406ff6d-c24f-0815-25f8-fa9a97dcde8b@linux.ibm.com> (raw)
In-Reply-To: <20200213193908.GP31668@ziepe.ca>

On 2/13/20 2:39 PM, Jason Gunthorpe wrote:
> On Thu, Feb 13, 2020 at 02:15:03PM -0500, Stefan Berger wrote:
>> On 2/13/20 2:11 PM, Jason Gunthorpe wrote:
>>> On Thu, Feb 13, 2020 at 02:04:12PM -0500, Stefan Berger wrote:
>>>> On 2/13/20 1:35 PM, Jason Gunthorpe wrote:
>>>>> On Thu, Feb 13, 2020 at 01:20:12PM -0500, Stefan Berger wrote:
>>>>>
>>>>>> I don't want side effects for the TPM 1.2 case here, so I am only modifying
>>>>>> the flag for the case where the new TPM 2 is being used.  Here's the code
>>>>>> where it shows the effect.
>>>>> I'm surprised this driver is using AUTO_STARTUP, it was intended for
>>>>> embedded cases where their is no firmware to boot the TPM.
>>>> The TIS is also using it on any device.
>>> TIS is a generic driver, and can run on TPMs without firmware
>>> support. It doesn't know either way
>> The following drivers are all using it:
>>
>>
>> drivers/char/tpm/st33zp24/st33zp24.c, line 493
>> drivers/char/tpm/tpm-interface.c, line 374
>> drivers/char/tpm/tpm_crb.c, line 421
>> drivers/char/tpm/tpm_ftpm_tee.c, line 184
>> drivers/char/tpm/tpm_i2c_atmel.c, line 139
>> drivers/char/tpm/tpm_i2c_infineon.c, line 602
>> drivers/char/tpm/tpm_i2c_nuvoton.c, line 465
>> drivers/char/tpm/tpm_tis_core.c, line 917
>> drivers/char/tpm/tpm_vtpm_proxy.c, line 435
>>
>> https://elixir.bootlin.com/linux/latest/ident/TPM_OPS_AUTO_STARTUP
> These are all general purpose drivers.
>
> Though perhaps vtpm_proxy shouldn't include it, not sure.
>
>>>>> Chips using AUTO_STARTUP are basically useless for PCRs/etc.
>>>>>
>>>>> I'd expect somthing called vtpm to have been started and PCRs working
>>>>> before Linux is started??
>>>> Yes, there's supposed to be firmware.
>>>>
>>>> I only see one caller to tpm2_get_cc_attrs_tbl(chip), which is necessary to
>>>> call. This caller happens to be in tpm2_auto_startup.
>>> That seems to be a mistake, proper startup of the driver should never
>>> require auto_startup.
>> Is this IBM vTPM driver special that it should do things differently than
>> all those drivers listed above? From looking at the code is seems it is to
>> be set for the TPM 2.0 case.
> Any driver that knows the TPM must be started prior to Linux
> booting should not use the flag.  vtpm drivers in general would seem
> to be the case where we can make this statement.

Wouldn't this statement apply to all systems, including embedded ones?  
Basically all firmwares should implement the CRTM and do the TPM 
initialization.


>
> If it was mandatory then it would not be a flag the driver has to specify.

I'll add a case where we call into  tpm2_get_cc_attrs_tbl(chip) in case 
the auto startup flag is not set. I believe this is the only part that's 
missing for TPM 2 to work if not autostarted.


    Stefan


>
> Jason



  reply	other threads:[~2020-02-13 19:45 UTC|newest]

Thread overview: 18+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-04 13:27 [PATCH 0/3] Enable vTPM 2.0 for the IBM vTPM driver Stefan Berger
2020-02-04 13:27 ` [PATCH 1/3] tpm: of: Handle IBM,vtpm20 case when getting log parameters Stefan Berger
2020-02-13 17:46   ` Nayna
2020-02-13 19:16     ` Stefan Berger
2020-03-11 12:01     ` Stefan Berger
2020-02-04 13:27 ` [PATCH 2/3] tpm: ibmvtpm: Wait for buffer to be set before proceeding Stefan Berger
2020-02-13 17:53   ` Nayna
2020-02-13 18:11     ` Stefan Berger
2020-02-04 13:27 ` [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2 Stefan Berger
2020-02-13 17:53   ` Nayna
2020-02-13 18:20     ` Stefan Berger
2020-02-13 18:35       ` Jason Gunthorpe
2020-02-13 19:04         ` Stefan Berger
2020-02-13 19:11           ` Jason Gunthorpe
2020-02-13 19:15             ` Stefan Berger
2020-02-13 19:39               ` Jason Gunthorpe
2020-02-13 19:45                 ` Stefan Berger [this message]
2020-02-13 19:50                   ` Jason Gunthorpe

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=8406ff6d-c24f-0815-25f8-fa9a97dcde8b@linux.ibm.com \
    --to=stefanb@linux.ibm.com \
    --cc=aik@ozlabs.ru \
    --cc=david@gibson.dropbear.id.au \
    --cc=gcwilson@linux.ibm.com \
    --cc=jgg@ziepe.ca \
    --cc=linux-integrity@vger.kernel.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=nayna@linux.vnet.ibm.com \
    --cc=stefanb@linux.vnet.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).