From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=unavailable autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 59F25C04EBF for ; Wed, 5 Dec 2018 20:31:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id 2853C20989 for ; Wed, 5 Dec 2018 20:31:56 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2853C20989 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728519AbeLEUbz (ORCPT ); Wed, 5 Dec 2018 15:31:55 -0500 Received: from mx0b-001b2d01.pphosted.com ([148.163.158.5]:37012 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1728372AbeLEUby (ORCPT ); Wed, 5 Dec 2018 15:31:54 -0500 Received: from pps.filterd (m0098417.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wB5KUoPX106752 for ; Wed, 5 Dec 2018 15:31:53 -0500 Received: from e06smtp02.uk.ibm.com (e06smtp02.uk.ibm.com [195.75.94.98]) by mx0a-001b2d01.pphosted.com with ESMTP id 2p6nsbr1g0-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Wed, 05 Dec 2018 15:31:52 -0500 Received: from localhost by e06smtp02.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Wed, 5 Dec 2018 20:31:51 -0000 Received: from b06cxnps4075.portsmouth.uk.ibm.com (9.149.109.197) by e06smtp02.uk.ibm.com (192.168.101.132) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Wed, 5 Dec 2018 20:31:47 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps4075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wB5KVk5l9568652 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 5 Dec 2018 20:31:46 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 5FB354C046; Wed, 5 Dec 2018 20:31:46 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 689A54C044; Wed, 5 Dec 2018 20:31:45 +0000 (GMT) Received: from dhcp-9-31-102-82.watson.ibm.com (unknown [9.31.102.82]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Wed, 5 Dec 2018 20:31:45 +0000 (GMT) Subject: Re: [PATCH v6 4/7] tpm: modify tpm_pcr_read() definition to pass a TPM hash algorithm From: Mimi Zohar To: Jarkko Sakkinen , Roberto Sassu Cc: david.safford@ge.com, monty.wiseman@ge.com, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, silviu.vlasceanu@huawei.com Date: Wed, 05 Dec 2018 15:31:44 -0500 In-Reply-To: <20181204234024.GC1233@linux.intel.com> References: <20181204082138.24600-1-roberto.sassu@huawei.com> <20181204082138.24600-5-roberto.sassu@huawei.com> <20181204234024.GC1233@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18120520-0008-0000-0000-0000029D6F4D X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18120520-0009-0000-0000-00002207D3B8 Message-Id: <1544041904.4017.8.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-05_08:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=3 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=916 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812050180 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, 2018-12-04 at 15:40 -0800, Jarkko Sakkinen wrote: > On Tue, Dec 04, 2018 at 09:21:35AM +0100, Roberto Sassu wrote: > > Currently the TPM driver allows other kernel subsystems to read only the > > SHA1 PCR bank. This patch modifies the parameters of tpm_pcr_read() and > > tpm2_pcr_read() to pass a tpm_digest structure, which contains the desired > > hash algorithm. Also, since commit 125a22105410 ("tpm: React correctly to > > RC_TESTING from TPM 2.0 self tests") removed the call to tpm2_pcr_read(), > > the new parameter is expected to be always not NULL. > > > > Due to the API change, IMA functions have been modified. > > > > Signed-off-by: Roberto Sassu > > Acked-by: Mimi Zohar > > Reviewed-by: Jarkko Sakkinen > > Mimi, Nayna, can you help with testing this (because of the IMA change)? It's up & running and the measurement list verifies against the TPM PCR.  Although this system has two algorithms enabled, all of the PCRs are allocated for one algorithm and none for the other.  I'm still looking around for another system with PCR 10 enabled for multiple algorithms. Mimi