From: Jason Gunthorpe <jgg@ziepe.ca>
To: Stefan Berger <stefanb@linux.ibm.com>
Cc: Nayna <nayna@linux.vnet.ibm.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>,
linux-integrity@vger.kernel.org, aik@ozlabs.ru,
david@gibson.dropbear.id.au, linux-kernel@vger.kernel.org,
gcwilson@linux.ibm.com
Subject: Re: [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2
Date: Thu, 13 Feb 2020 15:50:26 -0400 [thread overview]
Message-ID: <20200213195026.GQ31668@ziepe.ca> (raw)
In-Reply-To: <8406ff6d-c24f-0815-25f8-fa9a97dcde8b@linux.ibm.com>
On Thu, Feb 13, 2020 at 02:45:49PM -0500, Stefan Berger wrote:
> > Any driver that knows the TPM must be started prior to Linux
> > booting should not use the flag. vtpm drivers in general would seem
> > to be the case where we can make this statement.
>
> Wouldn't this statement apply to all systems, including embedded ones?
> Basically all firmwares should implement the CRTM and do the TPM
> initialization.
It is not mandatory that systems with TPMs start it in the
firmware. That is only required if the TPM PCR feature is going to be
used. A TPM can quite happily be used for key storage without FW
support.
Arguably this is sort of done wrong. eg if the platform has provided
TPM information through uEFI or something then we shouldn't try to
auto start the system TPM. At least for TPM1 detecting a non-started
TPM was harmless, so nobody really cared. I wonder if TPM2 is much
different..
But certainly auto startup should *not* be required to have a working
TPM driver, that is just fundamentally wrong.
Jason
prev parent reply other threads:[~2020-02-13 19:50 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-04 13:27 [PATCH 0/3] Enable vTPM 2.0 for the IBM vTPM driver Stefan Berger
2020-02-04 13:27 ` [PATCH 1/3] tpm: of: Handle IBM,vtpm20 case when getting log parameters Stefan Berger
2020-02-13 17:46 ` Nayna
2020-02-13 19:16 ` Stefan Berger
2020-03-11 12:01 ` Stefan Berger
2020-02-04 13:27 ` [PATCH 2/3] tpm: ibmvtpm: Wait for buffer to be set before proceeding Stefan Berger
2020-02-13 17:53 ` Nayna
2020-02-13 18:11 ` Stefan Berger
2020-02-04 13:27 ` [PATCH 3/3] tpm: ibmvtpm: Add support for TPM 2 Stefan Berger
2020-02-13 17:53 ` Nayna
2020-02-13 18:20 ` Stefan Berger
2020-02-13 18:35 ` Jason Gunthorpe
2020-02-13 19:04 ` Stefan Berger
2020-02-13 19:11 ` Jason Gunthorpe
2020-02-13 19:15 ` Stefan Berger
2020-02-13 19:39 ` Jason Gunthorpe
2020-02-13 19:45 ` Stefan Berger
2020-02-13 19:50 ` Jason Gunthorpe [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200213195026.GQ31668@ziepe.ca \
--to=jgg@ziepe.ca \
--cc=aik@ozlabs.ru \
--cc=david@gibson.dropbear.id.au \
--cc=gcwilson@linux.ibm.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nayna@linux.vnet.ibm.com \
--cc=stefanb@linux.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).