From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-11.4 required=3.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,INCLUDES_CR_TRAILER,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id CFD34C4332D for ; Tue, 2 Feb 2021 16:33:12 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id ACD8164F77 for ; Tue, 2 Feb 2021 16:33:12 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236559AbhBBQcn (ORCPT ); Tue, 2 Feb 2021 11:32:43 -0500 Received: from mail.kernel.org ([198.145.29.99]:58496 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S236460AbhBBQai (ORCPT ); Tue, 2 Feb 2021 11:30:38 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0A3B664F77; Tue, 2 Feb 2021 16:29:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1612283396; bh=auiylDdvS8zkAtHyDuX8d4D4sgyzTsMkWKW7fagY8nk=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=gQdkQ8C1rd1feBhs+1CgzAEmHuNCL1Pdm2risOYalZ1YW7KPVOx5RcZDYZHhzJ1hv uaU4ouB7vymXe504HussybPimhQ/u5+SpmMOTuZOuvr+BskERTl8y1uAKBvyTxSiir EzqaTQ6qfLzSnai272Km6u7UVGDKwVZeBYCf8GPF7eamxyPT+x2iwwKZ1PmaF2rd8f SvD7uHD/lUfn741kxPXkqPIexN+jWxnBkangNyMoqKwvLRM9rQ3sMteXCXQOKTZEw9 xdmx8afcHLWxtLwhXSgGHX2FEgxlhU9WE8hTL+yzzK7oZ9jzMMhrrKvy5JQNoNYn09 6qAdMEvD6bKoA== Date: Tue, 2 Feb 2021 18:29:49 +0200 From: Jarkko Sakkinen To: Mimi Zohar Cc: linux-integrity@vger.kernel.org, "James E.J. Bottomley" , stable@vger.kernel.org, David Howells , Sumit Garg , Peter Huewe , Jason Gunthorpe , James Bottomley , James Morris , "Serge E. Hallyn" Subject: Re: [PATCH v5 3/3] KEYS: trusted: Reserve TPM for seal and unseal operations Message-ID: References: <20210128235621.127925-1-jarkko@kernel.org> <20210128235621.127925-4-jarkko@kernel.org> <6459b955f8cb05dae7d15a233f26ff9c9501b839.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Sun, Jan 31, 2021 at 07:52:42AM -0500, Mimi Zohar wrote: > On Sat, 2021-01-30 at 23:28 +0200, Jarkko Sakkinen wrote: > > On Fri, 2021-01-29 at 08:58 -0500, Mimi Zohar wrote: > > > On Fri, 2021-01-29 at 01:56 +0200, jarkko@kernel.org wrote: > > > > From: Jarkko Sakkinen > > > > > > > > When TPM 2.0 trusted keys code was moved to the trusted keys subsystem, > > > > the operations were unwrapped from tpm_try_get_ops() and tpm_put_ops(), > > > > which are used to take temporarily the ownership of the TPM chip. The > > > > ownership is only taken inside tpm_send(), but this is not sufficient, > > > > as in the key load TPM2_CC_LOAD, TPM2_CC_UNSEAL and TPM2_FLUSH_CONTEXT > > > > need to be done as a one single atom. > > > > > > > > Take the TPM chip ownership before sending anything with > > > > tpm_try_get_ops() and tpm_put_ops(), and use tpm_transmit_cmd() to send > > > > TPM commands instead of tpm_send(), reverting back to the old behaviour. > > > > > > > > Fixes: 2e19e10131a0 ("KEYS: trusted: Move TPM2 trusted keys code") > > > > Reported-by: "James E.J. Bottomley" > > > > Cc: stable@vger.kernel.org > > > > Cc: David Howells > > > > Cc: Mimi Zohar > > > > Cc: Sumit Garg > > > > Signed-off-by: Jarkko Sakkinen > > > > > > Tested-by: Mimi Zohar (on TPM 1.2 & PTT, discrete > > > TPM 2.0) > > > > Thanks, is it OK to apply the whole series? > > Yes. The testing was with the entire patch set, but I didn't > explicitly test each change. For the other two patches, please add my > Reviewed-by. > > Mimi Thank you. I will do that. /Jarkko