From: Matthew Garrett <mjg59@google.com>
To: "Safford, David (GE Global Research, US)" <david.safford@ge.com>
Cc: Jason Gunthorpe <jgg@ziepe.ca>,
"linux-integrity@vger.kernel.org"
<linux-integrity@vger.kernel.org>,
"jarkko.sakkinen@linux.intel.com"
<jarkko.sakkinen@linux.intel.com>,
"Wiseman, Monty (GE Global Research, US)" <monty.wiseman@ge.com>
Subject: Re: [PATCH] tpm_crb - workaround broken ACPI tables
Date: Fri, 12 Jul 2019 11:24:13 -0700 [thread overview]
Message-ID: <CACdnJutmhRyGjiumXbzai1fTNqcYMRthzTfMsiQgzKFtu3+teA@mail.gmail.com> (raw)
In-Reply-To: <BCA04D5D9A3B764C9B7405BBA4D4A3C035EF7E2A@ALPMBAPA12.e2k.ad.ge.com>
On Fri, Jul 12, 2019 at 5:42 AM Safford, David (GE Global Research,
US) <david.safford@ge.com> wrote:
> Thanks - that was very helpful.
> All of my misbehaving systems are AMD - mostly Ryzen and Threadripper towers,
> of various motherboard OEMs. One system is a 3rd gen Ryzen laptop (Asus FX505dy).
I suspect the issue comes from AMD's reference code rather than
multiple vendors all having made the same mistake. Unfortunate.
> But the laptop shows a new layout:
> [ 2.069539] tpm_crb MSFT0101:00: can't request region for resource
> [mem 0xbd11f000-0xbd122fff]
> [ 2.069543] tpm_crb: probe of MSFT0101:00 failed with error -16
> [ 2.177663] ima: No TPM chip found, activating TPM-bypass!
>
> bbc64000-bd14afff : Reserved
> bd11f000-bd11ffff : MSFT0101:00
> bd123000-bd123fff : MSFT0101:00
> bd14b000-bd179fff : ACPI Tables
> bd17a000-bd328fff : ACPI Non-volatile Storage
Hmm, that's interesting. Is this a UEFI or BIOS system? Can you
provide the e820 data from dmesg?
> Have you looked at the sequencing during suspend/restore?
> If ACPI is the last to save, and first to restore, the TPM's use may
> still be safe. I'll try to run some tests along those lines, and look
> at the nvs driver.
The NVS stuff was largely implemented by attempting to identify what
Windows was doing and duplicating that, so it's kind of dangerous to
rely on its ordering - there's a risk it might end up changing
suddenly in order to mimic Windows' behaviour more closely.
next prev parent reply other threads:[~2019-07-12 18:24 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-11 12:29 [PATCH] tpm_crb - workaround broken ACPI tables Safford, David (GE Global Research, US)
2019-07-11 14:10 ` Jarkko Sakkinen
2019-07-11 14:58 ` Jason Gunthorpe
2019-07-11 16:44 ` Safford, David (GE Global Research, US)
2019-07-11 18:50 ` Jason Gunthorpe
2019-07-11 19:31 ` Safford, David (GE Global Research, US)
2019-07-11 20:33 ` Matthew Garrett
2019-07-12 12:41 ` Safford, David (GE Global Research, US)
2019-07-12 15:06 ` Jason Gunthorpe
2019-07-12 15:48 ` Jarkko Sakkinen
2019-07-12 18:24 ` Matthew Garrett [this message]
2019-07-12 19:05 ` Safford, David (GE Global Research, US)
2019-07-12 20:36 ` Matthew Garrett
2019-07-14 19:28 ` Safford, David (GE Global Research, US)
2019-07-14 23:48 ` Matthew Garrett
2019-07-15 19:44 ` Matthew Garrett
2019-07-11 19:16 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CACdnJutmhRyGjiumXbzai1fTNqcYMRthzTfMsiQgzKFtu3+teA@mail.gmail.com \
--to=mjg59@google.com \
--cc=david.safford@ge.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=monty.wiseman@ge.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).