Linux-Integrity Archive on lore.kernel.org
 help / Atom feed
* [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
@ 2019-01-09 22:10 Stefan Berger
  2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
                   ` (5 more replies)
  0 siblings, 6 replies; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:10 UTC (permalink / raw)
  To: linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel, Stefan Berger

This series of patches extends the TPM subsystem's PPI support to
support TPM PPI revision 1.3 where more commands are supported (up to 101)
and the TPM 2 command code '23' takes an additional parameter.

For the command code '23' see this document here on document page 39:
https://trustedcomputinggroup.org/wp-content/uploads/Physical-Presence-Interface_1-30_0-52.pdf

   Stefan

Stefan Berger (5):
  tpm: ppi: pass function revision ID to tpm_eval_dsm()
  tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
  tpm: ppi: Display up to 101 operations as define for version 1.3
  tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
  tpm: ppi: Enable submission of optional command parameter for PPI 1.3

 drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++----------
 1 file changed, 58 insertions(+), 20 deletions(-)

-- 
2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm()
  2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
@ 2019-01-09 22:10 ` Stefan Berger
  2019-01-16 21:45   ` Jarkko Sakkinen
  2019-01-09 22:11 ` [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 Stefan Berger
                   ` (4 subsequent siblings)
  5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:10 UTC (permalink / raw)
  To: linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel, Stefan Berger

Since we will need to pass different function revision numbers
to tpm_eval_dsm, convert this function now to take the function revision
as an additional parameter.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm_ppi.c | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 86dd8521feef..90b69aeadc99 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -38,12 +38,11 @@ static const guid_t tpm_ppi_guid =
 
 static inline union acpi_object *
 tpm_eval_dsm(acpi_handle ppi_handle, int func, acpi_object_type type,
-	     union acpi_object *argv4)
+	     union acpi_object *argv4, u64 rev)
 {
 	BUG_ON(!ppi_handle);
 	return acpi_evaluate_dsm_typed(ppi_handle, &tpm_ppi_guid,
-				       TPM_PPI_REVISION_ID,
-				       func, argv4, type);
+				       rev, func, argv4, type);
 }
 
 static ssize_t tpm_show_ppi_version(struct device *dev,
@@ -62,7 +61,7 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
 	struct tpm_chip *chip = to_tpm_chip(dev);
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETREQ,
-			   ACPI_TYPE_PACKAGE, NULL);
+			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
 	if (!obj)
 		return -ENXIO;
 
@@ -126,7 +125,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
 	}
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, func, ACPI_TYPE_INTEGER,
-			   &argv4);
+			   &argv4, TPM_PPI_REVISION_ID);
 	if (!obj) {
 		return -ENXIO;
 	} else {
@@ -170,7 +169,7 @@ static ssize_t tpm_show_ppi_transition_action(struct device *dev,
 	if (strcmp(chip->ppi_version, "1.2") < 0)
 		obj = &tmp;
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETACT,
-			   ACPI_TYPE_INTEGER, obj);
+			   ACPI_TYPE_INTEGER, obj, TPM_PPI_REVISION_ID);
 	if (!obj) {
 		return -ENXIO;
 	} else {
@@ -196,7 +195,7 @@ static ssize_t tpm_show_ppi_response(struct device *dev,
 	struct tpm_chip *chip = to_tpm_chip(dev);
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETRSP,
-			   ACPI_TYPE_PACKAGE, NULL);
+			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
 	if (!obj)
 		return -ENXIO;
 
@@ -272,7 +271,8 @@ static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start,
 	for (i = start; i <= end; i++) {
 		tmp.integer.value = i;
 		obj = tpm_eval_dsm(dev_handle, TPM_PPI_FN_GETOPR,
-				   ACPI_TYPE_INTEGER, &argv);
+				   ACPI_TYPE_INTEGER, &argv,
+				   TPM_PPI_REVISION_ID);
 		if (!obj) {
 			return -ENOMEM;
 		} else {
-- 
2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
  2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
  2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
  2019-01-16 21:46   ` Jarkko Sakkinen
  2019-01-09 22:11 ` [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3 Stefan Berger
                   ` (3 subsequent siblings)
  5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
  To: linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel, Stefan Berger

TPM PPI 1.3 introduces a function revision 2 for some functions. So,
rename the existing TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm_ppi.c | 20 ++++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 90b69aeadc99..68cab248ca23 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -20,7 +20,7 @@
 #include <linux/acpi.h>
 #include "tpm.h"
 
-#define TPM_PPI_REVISION_ID	1
+#define TPM_PPI_REVISION_1	1
 #define TPM_PPI_FN_VERSION	1
 #define TPM_PPI_FN_SUBREQ	2
 #define TPM_PPI_FN_GETREQ	3
@@ -61,7 +61,7 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
 	struct tpm_chip *chip = to_tpm_chip(dev);
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETREQ,
-			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
+			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_1);
 	if (!obj)
 		return -ENXIO;
 
@@ -103,7 +103,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
 	 * version 1.1
 	 */
 	if (acpi_check_dsm(chip->acpi_dev_handle, &tpm_ppi_guid,
-			   TPM_PPI_REVISION_ID, 1 << TPM_PPI_FN_SUBREQ2))
+			   TPM_PPI_REVISION_1, 1 << TPM_PPI_FN_SUBREQ2))
 		func = TPM_PPI_FN_SUBREQ2;
 
 	/*
@@ -125,7 +125,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
 	}
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, func, ACPI_TYPE_INTEGER,
-			   &argv4, TPM_PPI_REVISION_ID);
+			   &argv4, TPM_PPI_REVISION_1);
 	if (!obj) {
 		return -ENXIO;
 	} else {
@@ -169,7 +169,7 @@ static ssize_t tpm_show_ppi_transition_action(struct device *dev,
 	if (strcmp(chip->ppi_version, "1.2") < 0)
 		obj = &tmp;
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETACT,
-			   ACPI_TYPE_INTEGER, obj, TPM_PPI_REVISION_ID);
+			   ACPI_TYPE_INTEGER, obj, TPM_PPI_REVISION_1);
 	if (!obj) {
 		return -ENXIO;
 	} else {
@@ -195,7 +195,7 @@ static ssize_t tpm_show_ppi_response(struct device *dev,
 	struct tpm_chip *chip = to_tpm_chip(dev);
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETRSP,
-			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
+			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_1);
 	if (!obj)
 		return -ENXIO;
 
@@ -263,7 +263,7 @@ static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start,
 		"User not required",
 	};
 
-	if (!acpi_check_dsm(dev_handle, &tpm_ppi_guid, TPM_PPI_REVISION_ID,
+	if (!acpi_check_dsm(dev_handle, &tpm_ppi_guid, TPM_PPI_REVISION_1,
 			    1 << TPM_PPI_FN_GETOPR))
 		return -EPERM;
 
@@ -272,7 +272,7 @@ static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start,
 		tmp.integer.value = i;
 		obj = tpm_eval_dsm(dev_handle, TPM_PPI_FN_GETOPR,
 				   ACPI_TYPE_INTEGER, &argv,
-				   TPM_PPI_REVISION_ID);
+				   TPM_PPI_REVISION_1);
 		if (!obj) {
 			return -ENOMEM;
 		} else {
@@ -338,12 +338,12 @@ void tpm_add_ppi(struct tpm_chip *chip)
 		return;
 
 	if (!acpi_check_dsm(chip->acpi_dev_handle, &tpm_ppi_guid,
-			    TPM_PPI_REVISION_ID, 1 << TPM_PPI_FN_VERSION))
+			    TPM_PPI_REVISION_1, 1 << TPM_PPI_FN_VERSION))
 		return;
 
 	/* Cache PPI version string. */
 	obj = acpi_evaluate_dsm_typed(chip->acpi_dev_handle, &tpm_ppi_guid,
-				      TPM_PPI_REVISION_ID, TPM_PPI_FN_VERSION,
+				      TPM_PPI_REVISION_1, TPM_PPI_FN_VERSION,
 				      NULL, ACPI_TYPE_STRING);
 	if (obj) {
 		strlcpy(chip->ppi_version, obj->string.pointer,
-- 
2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3
  2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
  2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
  2019-01-09 22:11 ` [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
  2019-01-16 21:46   ` Jarkko Sakkinen
  2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
                   ` (2 subsequent siblings)
  5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
  To: linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel, Stefan Berger

TPM PPI 1.3 defines operations up to number 101. We need to query up
to this number to show the user what the firmware implements.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm_ppi.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 68cab248ca23..72182b415c76 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -28,7 +28,7 @@
 #define TPM_PPI_FN_GETRSP	5
 #define TPM_PPI_FN_SUBREQ2	7
 #define TPM_PPI_FN_GETOPR	8
-#define PPI_TPM_REQ_MAX		22
+#define PPI_TPM_REQ_MAX		101 /* PPI 1.3 for TPM 2 */
 #define PPI_VS_REQ_START	128
 #define PPI_VS_REQ_END		255
 
-- 
2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
  2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
                   ` (2 preceding siblings ...)
  2019-01-09 22:11 ` [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3 Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
  2019-01-16 21:48   ` Jarkko Sakkinen
  2019-01-16 21:49   ` Jarkko Sakkinen
  2019-01-09 22:11 ` [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3 Stefan Berger
  2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
  5 siblings, 2 replies; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
  To: linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel, Stefan Berger

TPM PPI 1.3 introduces an additional optional command parameter
that may be needed for some commands. Display the parameter if the
command requires such a parameter. Only command 23 needs one.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm_ppi.c | 32 ++++++++++++++++++++++++++++++--
 1 file changed, 30 insertions(+), 2 deletions(-)

diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 72182b415c76..ab61ee208125 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -21,6 +21,7 @@
 #include "tpm.h"
 
 #define TPM_PPI_REVISION_1	1
+#define TPM_PPI_REVISION_2	2
 #define TPM_PPI_FN_VERSION	1
 #define TPM_PPI_FN_SUBREQ	2
 #define TPM_PPI_FN_GETREQ	3
@@ -36,6 +37,11 @@ static const guid_t tpm_ppi_guid =
 	GUID_INIT(0x3DDDFAA6, 0x361B, 0x4EB4,
 		  0xA4, 0x24, 0x8D, 0x10, 0x08, 0x9D, 0x16, 0x53);
 
+static bool tpm_ppi_req_has_parameter(u64 req)
+{
+	return req == 23;
+}
+
 static inline union acpi_object *
 tpm_eval_dsm(acpi_handle ppi_handle, int func, acpi_object_type type,
 	     union acpi_object *argv4, u64 rev)
@@ -59,9 +65,14 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
 	ssize_t size = -EINVAL;
 	union acpi_object *obj;
 	struct tpm_chip *chip = to_tpm_chip(dev);
+	u64 rev = TPM_PPI_REVISION_2;
+	u64 req;
+
+	if (strcmp(chip->ppi_version, "1.2") < 0)
+		rev = TPM_PPI_REVISION_1;
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETREQ,
-			   ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_1);
+			   ACPI_TYPE_PACKAGE, NULL, rev);
 	if (!obj)
 		return -ENXIO;
 
@@ -71,7 +82,24 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
 	 * error. The second is pending TPM operation requested by the OS, 0
 	 * means none and >0 means operation value.
 	 */
-	if (obj->package.count == 2 &&
+	if (obj->package.count == 3 &&
+	    obj->package.elements[0].type == ACPI_TYPE_INTEGER &&
+	    obj->package.elements[1].type == ACPI_TYPE_INTEGER &&
+	    obj->package.elements[2].type == ACPI_TYPE_INTEGER) {
+		if (obj->package.elements[0].integer.value)
+			size = -EFAULT;
+		else {
+			req = obj->package.elements[1].integer.value;
+			if (tpm_ppi_req_has_parameter(req))
+				size = scnprintf(buf, PAGE_SIZE,
+						"%llu %llu\n",
+					req,
+					obj->package.elements[2].integer.value);
+			else
+				size = scnprintf(buf, PAGE_SIZE,
+						"%llu\n", req);
+		}
+	} else if (obj->package.count == 2 &&
 	    obj->package.elements[0].type == ACPI_TYPE_INTEGER &&
 	    obj->package.elements[1].type == ACPI_TYPE_INTEGER) {
 		if (obj->package.elements[0].integer.value)
-- 
2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3
  2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
                   ` (3 preceding siblings ...)
  2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
  2019-01-16 21:54   ` Jarkko Sakkinen
  2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
  5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
  To: linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel, Stefan Berger

This patch enables a user to specify the additional optional command
parameter by writing it into the request file:

   # echo "23 16" > request
   # cat request
   23 16

For backwards compatibility:

If only 1 parameter is given then we assume this is the operation request
number.

   # echo "5" > request

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
 drivers/char/tpm/tpm_ppi.c | 22 ++++++++++++++++------
 1 file changed, 16 insertions(+), 6 deletions(-)

diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index ab61ee208125..a07bdf6a4ddf 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -121,9 +121,10 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
 	u32 req;
 	u64 ret;
 	int func = TPM_PPI_FN_SUBREQ;
-	union acpi_object *obj, tmp;
-	union acpi_object argv4 = ACPI_INIT_DSM_ARGV4(1, &tmp);
+	union acpi_object *obj, tmp[2];
+	union acpi_object argv4 = ACPI_INIT_DSM_ARGV4(2, tmp);
 	struct tpm_chip *chip = to_tpm_chip(dev);
+	u64 rev = TPM_PPI_REVISION_1;
 
 	/*
 	 * the function to submit TPM operation request to pre-os environment
@@ -140,20 +141,29 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
 	 * string/package type. For PPI version 1.0 and 1.1, use buffer type
 	 * for compatibility, and use package type since 1.2 according to spec.
 	 */
-	if (strcmp(chip->ppi_version, "1.2") < 0) {
+	if (strcmp(chip->ppi_version, "1.3") == 0) {
+		if (sscanf(buf, "%llu %llu", &tmp[0].integer.value,
+					     &tmp[1].integer.value) != 2)
+			goto ppi12;
+		rev = TPM_PPI_REVISION_2;
+		tmp[0].type = ACPI_TYPE_INTEGER;
+		tmp[1].type = ACPI_TYPE_INTEGER;
+	} else if (strcmp(chip->ppi_version, "1.2") < 0) {
 		if (sscanf(buf, "%d", &req) != 1)
 			return -EINVAL;
 		argv4.type = ACPI_TYPE_BUFFER;
 		argv4.buffer.length = sizeof(req);
 		argv4.buffer.pointer = (u8 *)&req;
 	} else {
-		tmp.type = ACPI_TYPE_INTEGER;
-		if (sscanf(buf, "%llu", &tmp.integer.value) != 1)
+ppi12:
+		argv4.package.count = 1;
+		tmp[0].type = ACPI_TYPE_INTEGER;
+		if (sscanf(buf, "%llu", &tmp[0].integer.value) != 1)
 			return -EINVAL;
 	}
 
 	obj = tpm_eval_dsm(chip->acpi_dev_handle, func, ACPI_TYPE_INTEGER,
-			   &argv4, TPM_PPI_REVISION_1);
+			   &argv4, rev);
 	if (!obj) {
 		return -ENXIO;
 	} else {
-- 
2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* RE: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
  2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
                   ` (4 preceding siblings ...)
  2019-01-09 22:11 ` [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3 Stefan Berger
@ 2019-01-11 20:28 ` Safford, David (GE Global Research)
  2019-01-14 19:51   ` Stefan Berger
  2019-01-18 15:00   ` Jarkko Sakkinen
  5 siblings, 2 replies; 18+ messages in thread
From: Safford, David (GE Global Research) @ 2019-01-11 20:28 UTC (permalink / raw)
  To: Stefan Berger, linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel

> -----Original Message-----
> From: linux-integrity-owner@vger.kernel.org <linux-integrity-
> owner@vger.kernel.org> On Behalf Of Stefan Berger
> Sent: Wednesday, January 09, 2019 5:11 PM
> To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com
> Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org;
> Stefan Berger <stefanb@linux.vnet.ibm.com>
> Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
> 
> This series of patches extends the TPM subsystem's PPI support to support
> TPM PPI revision 1.3 where more commands are supported (up to 101) and
> the TPM 2 command code '23' takes an additional parameter.
> 
> For the command code '23' see this document here on document page 39:
> https://trustedcomputinggroup.org/wp-content/uploads/Physical-
> Presence-Interface_1-30_0-52.pdf
> 
>    Stefan

You might mention that this is an important feature, as on at least some
systems, ppi function 23 is the only way to enable/disable PCR banks.

I have tested this patch set on my HP Spectre laptop, and I am finally
able to turn the sha-1 bank on and off. Much appreciated!

Tested-by: David Safford <david.safford@ge.com>

> 
> Stefan Berger (5):
>   tpm: ppi: pass function revision ID to tpm_eval_dsm()
>   tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
>   tpm: ppi: Display up to 101 operations as define for version 1.3
>   tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
>   tpm: ppi: Enable submission of optional command parameter for PPI 1.3
> 
>  drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++--------
> --
>  1 file changed, 58 insertions(+), 20 deletions(-)
> 
> --
> 2.17.1


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
  2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
@ 2019-01-14 19:51   ` Stefan Berger
  2019-01-18 15:00   ` Jarkko Sakkinen
  1 sibling, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2019-01-14 19:51 UTC (permalink / raw)
  To: Safford, David (GE Global Research),
	Stefan Berger, linux-integrity, jarkko.sakkinen
  Cc: linux-security-module, linux-kernel

On 1/11/19 3:28 PM, Safford, David (GE Global Research) wrote:
>> -----Original Message-----
>> From: linux-integrity-owner@vger.kernel.org <linux-integrity-
>> owner@vger.kernel.org> On Behalf Of Stefan Berger
>> Sent: Wednesday, January 09, 2019 5:11 PM
>> To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com
>> Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org;
>> Stefan Berger <stefanb@linux.vnet.ibm.com>
>> Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
>>
>> This series of patches extends the TPM subsystem's PPI support to support
>> TPM PPI revision 1.3 where more commands are supported (up to 101) and
>> the TPM 2 command code '23' takes an additional parameter.
>>
>> For the command code '23' see this document here on document page 39:
>> https://trustedcomputinggroup.org/wp-content/uploads/Physical-
>> Presence-Interface_1-30_0-52.pdf
>>
>>     Stefan
> You might mention that this is an important feature, as on at least some
> systems, ppi function 23 is the only way to enable/disable PCR banks.

'The only way' depends on how good or bad the firmware support for this 
is. SeaBIOS will have a menu item that lets one toggle the activation of 
the PCR banks in the firmware menu -- assuming my patch makes it 
upstream :-)


>
> I have tested this patch set on my HP Spectre laptop, and I am finally
> able to turn the sha-1 bank on and off. Much appreciated!
>
> Tested-by: David Safford <david.safford@ge.com>


Thanks.


     Stefan


>
>> Stefan Berger (5):
>>    tpm: ppi: pass function revision ID to tpm_eval_dsm()
>>    tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
>>    tpm: ppi: Display up to 101 operations as define for version 1.3
>>    tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
>>    tpm: ppi: Enable submission of optional command parameter for PPI 1.3
>>
>>   drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++--------
>> --
>>   1 file changed, 58 insertions(+), 20 deletions(-)
>>
>> --
>> 2.17.1



^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm()
  2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
@ 2019-01-16 21:45   ` Jarkko Sakkinen
  0 siblings, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:45 UTC (permalink / raw)
  To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel

On Wed, Jan 09, 2019 at 05:10:59PM -0500, Stefan Berger wrote:
> Since we will need to pass different function revision numbers
> to tpm_eval_dsm, convert this function now to take the function revision
> as an additional parameter.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
  2019-01-09 22:11 ` [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 Stefan Berger
@ 2019-01-16 21:46   ` Jarkko Sakkinen
  0 siblings, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:46 UTC (permalink / raw)
  To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel

On Wed, Jan 09, 2019 at 05:11:00PM -0500, Stefan Berger wrote:
> TPM PPI 1.3 introduces a function revision 2 for some functions. So,
> rename the existing TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

The change looks good, but why TPM_PPI_REVISION_1 and not
TPM_PPI_REVISION_ID_1?

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3
  2019-01-09 22:11 ` [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3 Stefan Berger
@ 2019-01-16 21:46   ` Jarkko Sakkinen
  0 siblings, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:46 UTC (permalink / raw)
  To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel

On Wed, Jan 09, 2019 at 05:11:01PM -0500, Stefan Berger wrote:
> TPM PPI 1.3 defines operations up to number 101. We need to query up
> to this number to show the user what the firmware implements.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
  2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
@ 2019-01-16 21:48   ` Jarkko Sakkinen
  2019-01-16 21:49   ` Jarkko Sakkinen
  1 sibling, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:48 UTC (permalink / raw)
  To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel

On Wed, Jan 09, 2019 at 05:11:02PM -0500, Stefan Berger wrote:
> TPM PPI 1.3 introduces an additional optional command parameter
> that may be needed for some commands. Display the parameter if the
> command requires such a parameter. Only command 23 needs one.
> 
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

Can you put some example output to the commit message?

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
  2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
  2019-01-16 21:48   ` Jarkko Sakkinen
@ 2019-01-16 21:49   ` Jarkko Sakkinen
  1 sibling, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:49 UTC (permalink / raw)
  To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel

On Wed, Jan 09, 2019 at 05:11:02PM -0500, Stefan Berger wrote:
> +			if (tpm_ppi_req_has_parameter(req))
> +				size = scnprintf(buf, PAGE_SIZE,
> +						"%llu %llu\n",
> +					req,
> +					obj->package.elements[2].integer.value);

The alignment here is somewhat broken.

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3
  2019-01-09 22:11 ` [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3 Stefan Berger
@ 2019-01-16 21:54   ` Jarkko Sakkinen
  0 siblings, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:54 UTC (permalink / raw)
  To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel

On Wed, Jan 09, 2019 at 05:11:03PM -0500, Stefan Berger wrote:
> +		if (sscanf(buf, "%llu %llu", &tmp[0].integer.value,
> +					     &tmp[1].integer.value) != 2)

The alignment is broken here.

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
  2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
  2019-01-14 19:51   ` Stefan Berger
@ 2019-01-18 15:00   ` Jarkko Sakkinen
  2019-02-08 21:21     ` Stefan Berger
  1 sibling, 1 reply; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-18 15:00 UTC (permalink / raw)
  To: Safford, David (GE Global Research)
  Cc: Stefan Berger, linux-integrity, linux-security-module, linux-kernel

On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote:
> You might mention that this is an important feature, as on at least some
> systems, ppi function 23 is the only way to enable/disable PCR banks.
> 
> I have tested this patch set on my HP Spectre laptop, and I am finally
> able to turn the sha-1 bank on and off. Much appreciated!
> 
> Tested-by: David Safford <david.safford@ge.com>

Great thanks David.

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
  2019-01-18 15:00   ` Jarkko Sakkinen
@ 2019-02-08 21:21     ` Stefan Berger
  2019-02-08 22:00       ` Jarkko Sakkinen
  0 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-02-08 21:21 UTC (permalink / raw)
  To: Jarkko Sakkinen, Safford, David (GE Global Research)
  Cc: Stefan Berger, linux-integrity, linux-security-module, linux-kernel

On 1/18/19 10:00 AM, Jarkko Sakkinen wrote:
> On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote:
>> You might mention that this is an important feature, as on at least some
>> systems, ppi function 23 is the only way to enable/disable PCR banks.
>>
>> I have tested this patch set on my HP Spectre laptop, and I am finally
>> able to turn the sha-1 bank on and off. Much appreciated!
>>
>> Tested-by: David Safford <david.safford@ge.com>
> Great thanks David.


While we are at it and for the grand finale of the day :-)

+All you people, keep yourself alive!
+Keep yourself alive!
+Keep yourself alive!
+C'mon, give me your reviewed's
+to keep me satisfied!
+Give me your signed-off's                       (1)
+to keep me satisfied!
+Keep yourself alive!
+A few test-by's will keep me satisfied!
+Keep yourself alive!
+Check-in!                                                (2)
+
+[In the style of Queen]


Jarrko, do (1) and (2) to keep me satisfied :-)


^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
  2019-02-08 21:21     ` Stefan Berger
@ 2019-02-08 22:00       ` Jarkko Sakkinen
  2019-02-08 22:06         ` Stefan Berger
  0 siblings, 1 reply; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-02-08 22:00 UTC (permalink / raw)
  To: Stefan Berger
  Cc: Safford, David (GE Global Research),
	Stefan Berger, linux-integrity, linux-security-module,
	linux-kernel

On Fri, Feb 08, 2019 at 04:21:02PM -0500, Stefan Berger wrote:
> On 1/18/19 10:00 AM, Jarkko Sakkinen wrote:
> > On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote:
> > > You might mention that this is an important feature, as on at least some
> > > systems, ppi function 23 is the only way to enable/disable PCR banks.
> > > 
> > > I have tested this patch set on my HP Spectre laptop, and I am finally
> > > able to turn the sha-1 bank on and off. Much appreciated!
> > > 
> > > Tested-by: David Safford <david.safford@ge.com>
> > Great thanks David.
> 
> 
> While we are at it and for the grand finale of the day :-)
> 
> +All you people, keep yourself alive!
> +Keep yourself alive!
> +Keep yourself alive!
> +C'mon, give me your reviewed's
> +to keep me satisfied!
> +Give me your signed-off's                       (1)
> +to keep me satisfied!
> +Keep yourself alive!
> +A few test-by's will keep me satisfied!
> +Keep yourself alive!
> +Check-in!                                                (2)
> +
> +[In the style of Queen]
> 
> 
> Jarrko, do (1) and (2) to keep me satisfied :-)

I still think that in 5/5 branching could be better but is not a biggie
for me (does not make the implementation as whole any kind of mess) and
since it is now peer tested I rather would not modify it right now.

Applied to master and next!

/Jarkko

^ permalink raw reply	[flat|nested] 18+ messages in thread

* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
  2019-02-08 22:00       ` Jarkko Sakkinen
@ 2019-02-08 22:06         ` Stefan Berger
  0 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2019-02-08 22:06 UTC (permalink / raw)
  To: Jarkko Sakkinen
  Cc: Safford, David (GE Global Research),
	Stefan Berger, linux-integrity, linux-security-module,
	linux-kernel

On 2/8/19 5:00 PM, Jarkko Sakkinen wrote:
> On Fri, Feb 08, 2019 at 04:21:02PM -0500, Stefan Berger wrote:
> I still think that in 5/5 branching could be better but is not a biggie
> for me (does not make the implementation as whole any kind of mess) and
> since it is now peer tested I rather would not modify it right now.
>
> Applied to master and next!


5/5 may cause a complaint about the scanf'ing of a single value in an 
existing line. Let's see...

    Thanks.

       Stefan



^ permalink raw reply	[flat|nested] 18+ messages in thread

end of thread, back to index

Thread overview: 18+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
2019-01-16 21:45   ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 Stefan Berger
2019-01-16 21:46   ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3 Stefan Berger
2019-01-16 21:46   ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
2019-01-16 21:48   ` Jarkko Sakkinen
2019-01-16 21:49   ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3 Stefan Berger
2019-01-16 21:54   ` Jarkko Sakkinen
2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
2019-01-14 19:51   ` Stefan Berger
2019-01-18 15:00   ` Jarkko Sakkinen
2019-02-08 21:21     ` Stefan Berger
2019-02-08 22:00       ` Jarkko Sakkinen
2019-02-08 22:06         ` Stefan Berger

Linux-Integrity Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-integrity/0 linux-integrity/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-integrity linux-integrity/ https://lore.kernel.org/linux-integrity \
		linux-integrity@vger.kernel.org linux-integrity@archiver.kernel.org
	public-inbox-index linux-integrity


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-integrity


AGPL code for this site: git clone https://public-inbox.org/ public-inbox