From: Roberto Sassu <roberto.sassu@huawei.com>
To: <tpmdd-devel@lists.sourceforge.net>
Cc: <linux-ima-devel@lists.sourceforge.net>,
<linux-security-module@vger.kernel.org>,
<linux-kernel@vger.kernel.org>,
Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH 0/3] tpm_pcr_extend() code split
Date: Tue, 2 May 2017 14:31:48 +0200 [thread overview]
Message-ID: <20170502123151.24354-1-roberto.sassu@huawei.com> (raw)
This patch set moves TPM 1.2 specific code to a new function called
tpm1_pcr_extend(). The purpose of splitting is to isolate TPM 2.0 code,
so that it can be more easily modified to handle multiple digests.
With TPM 2.0, a Platform Configuration Register (PCR) could have multiple
values, stored in locations called banks. Each bank stores the values
of PCRs extended with the same hash algorithm.
Currently, the TPM kernel driver does not take advantage of stronger
algorithms because PCRs are always extended with a SHA1 digest, padded
with zeros to match the length of the input for the hash algorithm
being used. Shortly after these patches, a new patch set will be provided
to allow callers of tpm_pcr_extend() to pass a digest for each algorithm
supported by the TPM.
In this patch set, TPM 1.2 specific code will prepare the command buffer
with tpm_buf_init() which, in respect to the previous method, offers
protection against buffer overflow. Moreover, CPU native to big-endian
conversion has been removed from tags and ordinals definition, as it is
already done by tpm_buf_init().
Roberto Sassu (3):
tpm: use CPU native value for TPM_TAG_RQU_COMMAND
tpm: move ordinals definition to include/linux/tpm_command.h
tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend()
drivers/char/tpm/tpm-interface.c | 76 +++++++++++++++++++---------------------
drivers/char/tpm/tpm-sysfs.c | 6 ++--
drivers/char/tpm/tpm.h | 2 --
include/linux/tpm_command.h | 7 ++++
4 files changed, 46 insertions(+), 45 deletions(-)
--
2.9.3
next reply other threads:[~2017-05-02 12:32 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-05-02 12:31 Roberto Sassu [this message]
2017-05-02 12:31 ` [PATCH 1/3] tpm: use CPU native value for TPM_TAG_RQU_COMMAND Roberto Sassu
2017-05-02 12:31 ` [PATCH 2/3] tpm: move ordinals definition to include/linux/tpm_command.h Roberto Sassu
2017-05-03 12:45 ` [tpmdd-devel] " Jarkko Sakkinen
2017-05-03 12:48 ` Jarkko Sakkinen
2017-05-03 14:27 ` Roberto Sassu
2017-05-04 8:09 ` Jarkko Sakkinen
2017-05-02 12:31 ` [PATCH 3/3] tpm: move TPM 1.2 code of tpm_pcr_extend() to tpm1_pcr_extend() Roberto Sassu
2017-05-03 12:49 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170502123151.24354-1-roberto.sassu@huawei.com \
--to=roberto.sassu@huawei.com \
--cc=linux-ima-devel@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).