* [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm()
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
@ 2019-01-09 22:10 ` Stefan Berger
2019-01-16 21:45 ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 Stefan Berger
` (4 subsequent siblings)
5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:10 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel, Stefan Berger
Since we will need to pass different function revision numbers
to tpm_eval_dsm, convert this function now to take the function revision
as an additional parameter.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_ppi.c | 16 ++++++++--------
1 file changed, 8 insertions(+), 8 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 86dd8521feef..90b69aeadc99 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -38,12 +38,11 @@ static const guid_t tpm_ppi_guid =
static inline union acpi_object *
tpm_eval_dsm(acpi_handle ppi_handle, int func, acpi_object_type type,
- union acpi_object *argv4)
+ union acpi_object *argv4, u64 rev)
{
BUG_ON(!ppi_handle);
return acpi_evaluate_dsm_typed(ppi_handle, &tpm_ppi_guid,
- TPM_PPI_REVISION_ID,
- func, argv4, type);
+ rev, func, argv4, type);
}
static ssize_t tpm_show_ppi_version(struct device *dev,
@@ -62,7 +61,7 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
struct tpm_chip *chip = to_tpm_chip(dev);
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETREQ,
- ACPI_TYPE_PACKAGE, NULL);
+ ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
if (!obj)
return -ENXIO;
@@ -126,7 +125,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
}
obj = tpm_eval_dsm(chip->acpi_dev_handle, func, ACPI_TYPE_INTEGER,
- &argv4);
+ &argv4, TPM_PPI_REVISION_ID);
if (!obj) {
return -ENXIO;
} else {
@@ -170,7 +169,7 @@ static ssize_t tpm_show_ppi_transition_action(struct device *dev,
if (strcmp(chip->ppi_version, "1.2") < 0)
obj = &tmp;
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETACT,
- ACPI_TYPE_INTEGER, obj);
+ ACPI_TYPE_INTEGER, obj, TPM_PPI_REVISION_ID);
if (!obj) {
return -ENXIO;
} else {
@@ -196,7 +195,7 @@ static ssize_t tpm_show_ppi_response(struct device *dev,
struct tpm_chip *chip = to_tpm_chip(dev);
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETRSP,
- ACPI_TYPE_PACKAGE, NULL);
+ ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
if (!obj)
return -ENXIO;
@@ -272,7 +271,8 @@ static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start,
for (i = start; i <= end; i++) {
tmp.integer.value = i;
obj = tpm_eval_dsm(dev_handle, TPM_PPI_FN_GETOPR,
- ACPI_TYPE_INTEGER, &argv);
+ ACPI_TYPE_INTEGER, &argv,
+ TPM_PPI_REVISION_ID);
if (!obj) {
return -ENOMEM;
} else {
--
2.17.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
2019-01-16 21:46 ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3 Stefan Berger
` (3 subsequent siblings)
5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel, Stefan Berger
TPM PPI 1.3 introduces a function revision 2 for some functions. So,
rename the existing TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_ppi.c | 20 ++++++++++----------
1 file changed, 10 insertions(+), 10 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 90b69aeadc99..68cab248ca23 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -20,7 +20,7 @@
#include <linux/acpi.h>
#include "tpm.h"
-#define TPM_PPI_REVISION_ID 1
+#define TPM_PPI_REVISION_1 1
#define TPM_PPI_FN_VERSION 1
#define TPM_PPI_FN_SUBREQ 2
#define TPM_PPI_FN_GETREQ 3
@@ -61,7 +61,7 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
struct tpm_chip *chip = to_tpm_chip(dev);
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETREQ,
- ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
+ ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_1);
if (!obj)
return -ENXIO;
@@ -103,7 +103,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
* version 1.1
*/
if (acpi_check_dsm(chip->acpi_dev_handle, &tpm_ppi_guid,
- TPM_PPI_REVISION_ID, 1 << TPM_PPI_FN_SUBREQ2))
+ TPM_PPI_REVISION_1, 1 << TPM_PPI_FN_SUBREQ2))
func = TPM_PPI_FN_SUBREQ2;
/*
@@ -125,7 +125,7 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
}
obj = tpm_eval_dsm(chip->acpi_dev_handle, func, ACPI_TYPE_INTEGER,
- &argv4, TPM_PPI_REVISION_ID);
+ &argv4, TPM_PPI_REVISION_1);
if (!obj) {
return -ENXIO;
} else {
@@ -169,7 +169,7 @@ static ssize_t tpm_show_ppi_transition_action(struct device *dev,
if (strcmp(chip->ppi_version, "1.2") < 0)
obj = &tmp;
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETACT,
- ACPI_TYPE_INTEGER, obj, TPM_PPI_REVISION_ID);
+ ACPI_TYPE_INTEGER, obj, TPM_PPI_REVISION_1);
if (!obj) {
return -ENXIO;
} else {
@@ -195,7 +195,7 @@ static ssize_t tpm_show_ppi_response(struct device *dev,
struct tpm_chip *chip = to_tpm_chip(dev);
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETRSP,
- ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_ID);
+ ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_1);
if (!obj)
return -ENXIO;
@@ -263,7 +263,7 @@ static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start,
"User not required",
};
- if (!acpi_check_dsm(dev_handle, &tpm_ppi_guid, TPM_PPI_REVISION_ID,
+ if (!acpi_check_dsm(dev_handle, &tpm_ppi_guid, TPM_PPI_REVISION_1,
1 << TPM_PPI_FN_GETOPR))
return -EPERM;
@@ -272,7 +272,7 @@ static ssize_t show_ppi_operations(acpi_handle dev_handle, char *buf, u32 start,
tmp.integer.value = i;
obj = tpm_eval_dsm(dev_handle, TPM_PPI_FN_GETOPR,
ACPI_TYPE_INTEGER, &argv,
- TPM_PPI_REVISION_ID);
+ TPM_PPI_REVISION_1);
if (!obj) {
return -ENOMEM;
} else {
@@ -338,12 +338,12 @@ void tpm_add_ppi(struct tpm_chip *chip)
return;
if (!acpi_check_dsm(chip->acpi_dev_handle, &tpm_ppi_guid,
- TPM_PPI_REVISION_ID, 1 << TPM_PPI_FN_VERSION))
+ TPM_PPI_REVISION_1, 1 << TPM_PPI_FN_VERSION))
return;
/* Cache PPI version string. */
obj = acpi_evaluate_dsm_typed(chip->acpi_dev_handle, &tpm_ppi_guid,
- TPM_PPI_REVISION_ID, TPM_PPI_FN_VERSION,
+ TPM_PPI_REVISION_1, TPM_PPI_FN_VERSION,
NULL, ACPI_TYPE_STRING);
if (obj) {
strlcpy(chip->ppi_version, obj->string.pointer,
--
2.17.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
2019-01-09 22:10 ` [PATCH 1/5] tpm: ppi: pass function revision ID to tpm_eval_dsm() Stefan Berger
2019-01-09 22:11 ` [PATCH 2/5] tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
2019-01-16 21:46 ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
` (2 subsequent siblings)
5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel, Stefan Berger
TPM PPI 1.3 defines operations up to number 101. We need to query up
to this number to show the user what the firmware implements.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_ppi.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 68cab248ca23..72182b415c76 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -28,7 +28,7 @@
#define TPM_PPI_FN_GETRSP 5
#define TPM_PPI_FN_SUBREQ2 7
#define TPM_PPI_FN_GETOPR 8
-#define PPI_TPM_REQ_MAX 22
+#define PPI_TPM_REQ_MAX 101 /* PPI 1.3 for TPM 2 */
#define PPI_VS_REQ_START 128
#define PPI_VS_REQ_END 255
--
2.17.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
` (2 preceding siblings ...)
2019-01-09 22:11 ` [PATCH 3/5] tpm: ppi: Display up to 101 operations as define for version 1.3 Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
2019-01-16 21:48 ` Jarkko Sakkinen
2019-01-16 21:49 ` Jarkko Sakkinen
2019-01-09 22:11 ` [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3 Stefan Berger
2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
5 siblings, 2 replies; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel, Stefan Berger
TPM PPI 1.3 introduces an additional optional command parameter
that may be needed for some commands. Display the parameter if the
command requires such a parameter. Only command 23 needs one.
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_ppi.c | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index 72182b415c76..ab61ee208125 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -21,6 +21,7 @@
#include "tpm.h"
#define TPM_PPI_REVISION_1 1
+#define TPM_PPI_REVISION_2 2
#define TPM_PPI_FN_VERSION 1
#define TPM_PPI_FN_SUBREQ 2
#define TPM_PPI_FN_GETREQ 3
@@ -36,6 +37,11 @@ static const guid_t tpm_ppi_guid =
GUID_INIT(0x3DDDFAA6, 0x361B, 0x4EB4,
0xA4, 0x24, 0x8D, 0x10, 0x08, 0x9D, 0x16, 0x53);
+static bool tpm_ppi_req_has_parameter(u64 req)
+{
+ return req == 23;
+}
+
static inline union acpi_object *
tpm_eval_dsm(acpi_handle ppi_handle, int func, acpi_object_type type,
union acpi_object *argv4, u64 rev)
@@ -59,9 +65,14 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
ssize_t size = -EINVAL;
union acpi_object *obj;
struct tpm_chip *chip = to_tpm_chip(dev);
+ u64 rev = TPM_PPI_REVISION_2;
+ u64 req;
+
+ if (strcmp(chip->ppi_version, "1.2") < 0)
+ rev = TPM_PPI_REVISION_1;
obj = tpm_eval_dsm(chip->acpi_dev_handle, TPM_PPI_FN_GETREQ,
- ACPI_TYPE_PACKAGE, NULL, TPM_PPI_REVISION_1);
+ ACPI_TYPE_PACKAGE, NULL, rev);
if (!obj)
return -ENXIO;
@@ -71,7 +82,24 @@ static ssize_t tpm_show_ppi_request(struct device *dev,
* error. The second is pending TPM operation requested by the OS, 0
* means none and >0 means operation value.
*/
- if (obj->package.count == 2 &&
+ if (obj->package.count == 3 &&
+ obj->package.elements[0].type == ACPI_TYPE_INTEGER &&
+ obj->package.elements[1].type == ACPI_TYPE_INTEGER &&
+ obj->package.elements[2].type == ACPI_TYPE_INTEGER) {
+ if (obj->package.elements[0].integer.value)
+ size = -EFAULT;
+ else {
+ req = obj->package.elements[1].integer.value;
+ if (tpm_ppi_req_has_parameter(req))
+ size = scnprintf(buf, PAGE_SIZE,
+ "%llu %llu\n",
+ req,
+ obj->package.elements[2].integer.value);
+ else
+ size = scnprintf(buf, PAGE_SIZE,
+ "%llu\n", req);
+ }
+ } else if (obj->package.count == 2 &&
obj->package.elements[0].type == ACPI_TYPE_INTEGER &&
obj->package.elements[1].type == ACPI_TYPE_INTEGER) {
if (obj->package.elements[0].integer.value)
--
2.17.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* Re: [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
@ 2019-01-16 21:48 ` Jarkko Sakkinen
2019-01-16 21:49 ` Jarkko Sakkinen
1 sibling, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:48 UTC (permalink / raw)
To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel
On Wed, Jan 09, 2019 at 05:11:02PM -0500, Stefan Berger wrote:
> TPM PPI 1.3 introduces an additional optional command parameter
> that may be needed for some commands. Display the parameter if the
> command requires such a parameter. Only command 23 needs one.
>
> Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
Can you put some example output to the commit message?
/Jarkko
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
2019-01-16 21:48 ` Jarkko Sakkinen
@ 2019-01-16 21:49 ` Jarkko Sakkinen
1 sibling, 0 replies; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-16 21:49 UTC (permalink / raw)
To: Stefan Berger; +Cc: linux-integrity, linux-security-module, linux-kernel
On Wed, Jan 09, 2019 at 05:11:02PM -0500, Stefan Berger wrote:
> + if (tpm_ppi_req_has_parameter(req))
> + size = scnprintf(buf, PAGE_SIZE,
> + "%llu %llu\n",
> + req,
> + obj->package.elements[2].integer.value);
The alignment here is somewhat broken.
/Jarkko
^ permalink raw reply [flat|nested] 18+ messages in thread
* [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
` (3 preceding siblings ...)
2019-01-09 22:11 ` [PATCH 4/5] tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used Stefan Berger
@ 2019-01-09 22:11 ` Stefan Berger
2019-01-16 21:54 ` Jarkko Sakkinen
2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
5 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-01-09 22:11 UTC (permalink / raw)
To: linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel, Stefan Berger
This patch enables a user to specify the additional optional command
parameter by writing it into the request file:
# echo "23 16" > request
# cat request
23 16
For backwards compatibility:
If only 1 parameter is given then we assume this is the operation request
number.
# echo "5" > request
Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm_ppi.c | 22 ++++++++++++++++------
1 file changed, 16 insertions(+), 6 deletions(-)
diff --git a/drivers/char/tpm/tpm_ppi.c b/drivers/char/tpm/tpm_ppi.c
index ab61ee208125..a07bdf6a4ddf 100644
--- a/drivers/char/tpm/tpm_ppi.c
+++ b/drivers/char/tpm/tpm_ppi.c
@@ -121,9 +121,10 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
u32 req;
u64 ret;
int func = TPM_PPI_FN_SUBREQ;
- union acpi_object *obj, tmp;
- union acpi_object argv4 = ACPI_INIT_DSM_ARGV4(1, &tmp);
+ union acpi_object *obj, tmp[2];
+ union acpi_object argv4 = ACPI_INIT_DSM_ARGV4(2, tmp);
struct tpm_chip *chip = to_tpm_chip(dev);
+ u64 rev = TPM_PPI_REVISION_1;
/*
* the function to submit TPM operation request to pre-os environment
@@ -140,20 +141,29 @@ static ssize_t tpm_store_ppi_request(struct device *dev,
* string/package type. For PPI version 1.0 and 1.1, use buffer type
* for compatibility, and use package type since 1.2 according to spec.
*/
- if (strcmp(chip->ppi_version, "1.2") < 0) {
+ if (strcmp(chip->ppi_version, "1.3") == 0) {
+ if (sscanf(buf, "%llu %llu", &tmp[0].integer.value,
+ &tmp[1].integer.value) != 2)
+ goto ppi12;
+ rev = TPM_PPI_REVISION_2;
+ tmp[0].type = ACPI_TYPE_INTEGER;
+ tmp[1].type = ACPI_TYPE_INTEGER;
+ } else if (strcmp(chip->ppi_version, "1.2") < 0) {
if (sscanf(buf, "%d", &req) != 1)
return -EINVAL;
argv4.type = ACPI_TYPE_BUFFER;
argv4.buffer.length = sizeof(req);
argv4.buffer.pointer = (u8 *)&req;
} else {
- tmp.type = ACPI_TYPE_INTEGER;
- if (sscanf(buf, "%llu", &tmp.integer.value) != 1)
+ppi12:
+ argv4.package.count = 1;
+ tmp[0].type = ACPI_TYPE_INTEGER;
+ if (sscanf(buf, "%llu", &tmp[0].integer.value) != 1)
return -EINVAL;
}
obj = tpm_eval_dsm(chip->acpi_dev_handle, func, ACPI_TYPE_INTEGER,
- &argv4, TPM_PPI_REVISION_1);
+ &argv4, rev);
if (!obj) {
return -ENXIO;
} else {
--
2.17.1
^ permalink raw reply related [flat|nested] 18+ messages in thread
* RE: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
2019-01-09 22:10 [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Stefan Berger
` (4 preceding siblings ...)
2019-01-09 22:11 ` [PATCH 5/5] tpm: ppi: Enable submission of optional command parameter for PPI 1.3 Stefan Berger
@ 2019-01-11 20:28 ` Safford, David (GE Global Research)
2019-01-14 19:51 ` Stefan Berger
2019-01-18 15:00 ` Jarkko Sakkinen
5 siblings, 2 replies; 18+ messages in thread
From: Safford, David (GE Global Research) @ 2019-01-11 20:28 UTC (permalink / raw)
To: Stefan Berger, linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel
> -----Original Message-----
> From: linux-integrity-owner@vger.kernel.org <linux-integrity-
> owner@vger.kernel.org> On Behalf Of Stefan Berger
> Sent: Wednesday, January 09, 2019 5:11 PM
> To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com
> Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org;
> Stefan Berger <stefanb@linux.vnet.ibm.com>
> Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
>
> This series of patches extends the TPM subsystem's PPI support to support
> TPM PPI revision 1.3 where more commands are supported (up to 101) and
> the TPM 2 command code '23' takes an additional parameter.
>
> For the command code '23' see this document here on document page 39:
> https://trustedcomputinggroup.org/wp-content/uploads/Physical-
> Presence-Interface_1-30_0-52.pdf
>
> Stefan
You might mention that this is an important feature, as on at least some
systems, ppi function 23 is the only way to enable/disable PCR banks.
I have tested this patch set on my HP Spectre laptop, and I am finally
able to turn the sha-1 bank on and off. Much appreciated!
Tested-by: David Safford <david.safford@ge.com>
>
> Stefan Berger (5):
> tpm: ppi: pass function revision ID to tpm_eval_dsm()
> tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
> tpm: ppi: Display up to 101 operations as define for version 1.3
> tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
> tpm: ppi: Enable submission of optional command parameter for PPI 1.3
>
> drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++--------
> --
> 1 file changed, 58 insertions(+), 20 deletions(-)
>
> --
> 2.17.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
@ 2019-01-14 19:51 ` Stefan Berger
2019-01-18 15:00 ` Jarkko Sakkinen
1 sibling, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2019-01-14 19:51 UTC (permalink / raw)
To: Safford, David (GE Global Research),
Stefan Berger, linux-integrity, jarkko.sakkinen
Cc: linux-security-module, linux-kernel
On 1/11/19 3:28 PM, Safford, David (GE Global Research) wrote:
>> -----Original Message-----
>> From: linux-integrity-owner@vger.kernel.org <linux-integrity-
>> owner@vger.kernel.org> On Behalf Of Stefan Berger
>> Sent: Wednesday, January 09, 2019 5:11 PM
>> To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com
>> Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org;
>> Stefan Berger <stefanb@linux.vnet.ibm.com>
>> Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
>>
>> This series of patches extends the TPM subsystem's PPI support to support
>> TPM PPI revision 1.3 where more commands are supported (up to 101) and
>> the TPM 2 command code '23' takes an additional parameter.
>>
>> For the command code '23' see this document here on document page 39:
>> https://trustedcomputinggroup.org/wp-content/uploads/Physical-
>> Presence-Interface_1-30_0-52.pdf
>>
>> Stefan
> You might mention that this is an important feature, as on at least some
> systems, ppi function 23 is the only way to enable/disable PCR banks.
'The only way' depends on how good or bad the firmware support for this
is. SeaBIOS will have a menu item that lets one toggle the activation of
the PCR banks in the firmware menu -- assuming my patch makes it
upstream :-)
>
> I have tested this patch set on my HP Spectre laptop, and I am finally
> able to turn the sha-1 bank on and off. Much appreciated!
>
> Tested-by: David Safford <david.safford@ge.com>
Thanks.
Stefan
>
>> Stefan Berger (5):
>> tpm: ppi: pass function revision ID to tpm_eval_dsm()
>> tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
>> tpm: ppi: Display up to 101 operations as define for version 1.3
>> tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
>> tpm: ppi: Enable submission of optional command parameter for PPI 1.3
>>
>> drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++--------
>> --
>> 1 file changed, 58 insertions(+), 20 deletions(-)
>>
>> --
>> 2.17.1
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
2019-01-11 20:28 ` [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 Safford, David (GE Global Research)
2019-01-14 19:51 ` Stefan Berger
@ 2019-01-18 15:00 ` Jarkko Sakkinen
2019-02-08 21:21 ` Stefan Berger
1 sibling, 1 reply; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-01-18 15:00 UTC (permalink / raw)
To: Safford, David (GE Global Research)
Cc: Stefan Berger, linux-integrity, linux-security-module, linux-kernel
On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote:
> You might mention that this is an important feature, as on at least some
> systems, ppi function 23 is the only way to enable/disable PCR banks.
>
> I have tested this patch set on my HP Spectre laptop, and I am finally
> able to turn the sha-1 bank on and off. Much appreciated!
>
> Tested-by: David Safford <david.safford@ge.com>
Great thanks David.
/Jarkko
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
2019-01-18 15:00 ` Jarkko Sakkinen
@ 2019-02-08 21:21 ` Stefan Berger
2019-02-08 22:00 ` Jarkko Sakkinen
0 siblings, 1 reply; 18+ messages in thread
From: Stefan Berger @ 2019-02-08 21:21 UTC (permalink / raw)
To: Jarkko Sakkinen, Safford, David (GE Global Research)
Cc: Stefan Berger, linux-integrity, linux-security-module, linux-kernel
On 1/18/19 10:00 AM, Jarkko Sakkinen wrote:
> On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote:
>> You might mention that this is an important feature, as on at least some
>> systems, ppi function 23 is the only way to enable/disable PCR banks.
>>
>> I have tested this patch set on my HP Spectre laptop, and I am finally
>> able to turn the sha-1 bank on and off. Much appreciated!
>>
>> Tested-by: David Safford <david.safford@ge.com>
> Great thanks David.
While we are at it and for the grand finale of the day :-)
+All you people, keep yourself alive!
+Keep yourself alive!
+Keep yourself alive!
+C'mon, give me your reviewed's
+to keep me satisfied!
+Give me your signed-off's (1)
+to keep me satisfied!
+Keep yourself alive!
+A few test-by's will keep me satisfied!
+Keep yourself alive!
+Check-in! (2)
+
+[In the style of Queen]
Jarrko, do (1) and (2) to keep me satisfied :-)
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
2019-02-08 21:21 ` Stefan Berger
@ 2019-02-08 22:00 ` Jarkko Sakkinen
2019-02-08 22:06 ` Stefan Berger
0 siblings, 1 reply; 18+ messages in thread
From: Jarkko Sakkinen @ 2019-02-08 22:00 UTC (permalink / raw)
To: Stefan Berger
Cc: Safford, David (GE Global Research),
Stefan Berger, linux-integrity, linux-security-module,
linux-kernel
On Fri, Feb 08, 2019 at 04:21:02PM -0500, Stefan Berger wrote:
> On 1/18/19 10:00 AM, Jarkko Sakkinen wrote:
> > On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote:
> > > You might mention that this is an important feature, as on at least some
> > > systems, ppi function 23 is the only way to enable/disable PCR banks.
> > >
> > > I have tested this patch set on my HP Spectre laptop, and I am finally
> > > able to turn the sha-1 bank on and off. Much appreciated!
> > >
> > > Tested-by: David Safford <david.safford@ge.com>
> > Great thanks David.
>
>
> While we are at it and for the grand finale of the day :-)
>
> +All you people, keep yourself alive!
> +Keep yourself alive!
> +Keep yourself alive!
> +C'mon, give me your reviewed's
> +to keep me satisfied!
> +Give me your signed-off's (1)
> +to keep me satisfied!
> +Keep yourself alive!
> +A few test-by's will keep me satisfied!
> +Keep yourself alive!
> +Check-in! (2)
> +
> +[In the style of Queen]
>
>
> Jarrko, do (1) and (2) to keep me satisfied :-)
I still think that in 5/5 branching could be better but is not a biggie
for me (does not make the implementation as whole any kind of mess) and
since it is now peer tested I rather would not modify it right now.
Applied to master and next!
/Jarkko
^ permalink raw reply [flat|nested] 18+ messages in thread
* Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
2019-02-08 22:00 ` Jarkko Sakkinen
@ 2019-02-08 22:06 ` Stefan Berger
0 siblings, 0 replies; 18+ messages in thread
From: Stefan Berger @ 2019-02-08 22:06 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: Safford, David (GE Global Research),
Stefan Berger, linux-integrity, linux-security-module,
linux-kernel
On 2/8/19 5:00 PM, Jarkko Sakkinen wrote:
> On Fri, Feb 08, 2019 at 04:21:02PM -0500, Stefan Berger wrote:
> I still think that in 5/5 branching could be better but is not a biggie
> for me (does not make the implementation as whole any kind of mess) and
> since it is now peer tested I rather would not modify it right now.
>
> Applied to master and next!
5/5 may cause a complaint about the scanf'ing of a single value in an
existing line. Let's see...
Thanks.
Stefan
^ permalink raw reply [flat|nested] 18+ messages in thread