From: Stefan Berger <stefanb@linux.ibm.com>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Nayna <nayna@linux.vnet.ibm.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org, aik@ozlabs.ru,
david@gibson.dropbear.id.au, linux-kernel@vger.kernel.org,
gcwilson@linux.ibm.com
Subject: Re: [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2
Date: Thu, 13 Feb 2020 14:45:49 -0500
Message-ID: <8406ff6d-c24f-0815-25f8-fa9a97dcde8b@linux.ibm.com> (raw)
In-Reply-To: <20200213193908.GP31668@ziepe.ca>
On 2/13/20 2:39 PM, Jason Gunthorpe wrote:
> On Thu, Feb 13, 2020 at 02:15:03PM -0500, Stefan Berger wrote:
>> On 2/13/20 2:11 PM, Jason Gunthorpe wrote:
>>> On Thu, Feb 13, 2020 at 02:04:12PM -0500, Stefan Berger wrote:
>>>> On 2/13/20 1:35 PM, Jason Gunthorpe wrote:
>>>>> On Thu, Feb 13, 2020 at 01:20:12PM -0500, Stefan Berger wrote:
>>>>>
>>>>>> I don't want side effects for the TPM 1.2 case here, so I am only modifying
>>>>>> the flag for the case where the new TPM 2 is being used. Here's the code
>>>>>> where it shows the effect.
>>>>> I'm surprised this driver is using AUTO_STARTUP, it was intended for
>>>>> embedded cases where their is no firmware to boot the TPM.
>>>> The TIS is also using it on any device.
>>> TIS is a generic driver, and can run on TPMs without firmware
>>> support. It doesn't know either way
>> The following drivers are all using it:
>>
>>
>> drivers/char/tpm/st33zp24/st33zp24.c, line 493
>> drivers/char/tpm/tpm-interface.c, line 374
>> drivers/char/tpm/tpm_crb.c, line 421
>> drivers/char/tpm/tpm_ftpm_tee.c, line 184
>> drivers/char/tpm/tpm_i2c_atmel.c, line 139
>> drivers/char/tpm/tpm_i2c_infineon.c, line 602
>> drivers/char/tpm/tpm_i2c_nuvoton.c, line 465
>> drivers/char/tpm/tpm_tis_core.c, line 917
>> drivers/char/tpm/tpm_vtpm_proxy.c, line 435
>>
>> https://elixir.bootlin.com/linux/latest/ident/TPM_OPS_AUTO_STARTUP
> These are all general purpose drivers.
>
> Though perhaps vtpm_proxy shouldn't include it, not sure.
>
>>>>> Chips using AUTO_STARTUP are basically useless for PCRs/etc.
>>>>>
>>>>> I'd expect somthing called vtpm to have been started and PCRs working
>>>>> before Linux is started??
>>>> Yes, there's supposed to be firmware.
>>>>
>>>> I only see one caller to tpm2_get_cc_attrs_tbl(chip), which is necessary to
>>>> call. This caller happens to be in tpm2_auto_startup.
>>> That seems to be a mistake, proper startup of the driver should never
>>> require auto_startup.
>> Is this IBM vTPM driver special that it should do things differently than
>> all those drivers listed above? From looking at the code is seems it is to
>> be set for the TPM 2.0 case.
> Any driver that knows the TPM must be started prior to Linux
> booting should not use the flag. vtpm drivers in general would seem
> to be the case where we can make this statement.
Wouldn't this statement apply to all systems, including embedded ones?
Basically all firmwares should implement the CRTM and do the TPM
initialization.
>
> If it was mandatory then it would not be a flag the driver has to specify.
I'll add a case where we call into tpm2_get_cc_attrs_tbl(chip) in case
the auto startup flag is not set. I believe this is the only part that's
missing for TPM 2 to work if not autostarted.
Stefan
>
> Jason
next prev parent reply index
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-04 13:27 [PATCH 0/3] Enable vTPM 2.0 for the IBM vTPM driver Stefan Berger
2020-02-04 13:27 ` [PATCH 1/3] tpm: of: Handle IBM,vtpm20 case when getting log parameters Stefan Berger
2020-02-13 17:46 ` Nayna
2020-02-13 19:16 ` Stefan Berger
2020-03-11 12:01 ` Stefan Berger
2020-02-04 13:27 ` [PATCH 2/3] tpm: ibmvtpm: Wait for buffer to be set before proceeding Stefan Berger
2020-02-13 17:53 ` Nayna
2020-02-13 18:11 ` Stefan Berger
2020-02-04 13:27 ` [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2 Stefan Berger
2020-02-13 17:53 ` Nayna
2020-02-13 18:20 ` Stefan Berger
2020-02-13 18:35 ` Jason Gunthorpe
2020-02-13 19:04 ` Stefan Berger
2020-02-13 19:11 ` Jason Gunthorpe
2020-02-13 19:15 ` Stefan Berger
2020-02-13 19:39 ` Jason Gunthorpe
2020-02-13 19:45 ` Stefan Berger [this message]
2020-02-13 19:50 ` Jason Gunthorpe
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8406ff6d-c24f-0815-25f8-fa9a97dcde8b@linux.ibm.com \
--to=stefanb@linux.ibm.com \
--cc=aik@ozlabs.ru \
--cc=david@gibson.dropbear.id.au \
--cc=gcwilson@linux.ibm.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nayna@linux.vnet.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Linux-Integrity Archive on lore.kernel.org
Archives are clonable:
git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
linux-integrity@vger.kernel.org
public-inbox-index linux-integrity
Example config snippet for mirrors
Newsgroup available over NNTP:
nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git