linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [PATCH v3] tpm: Add Upgrade/Reduced mode support for TPM2 modules
@ 2021-08-04 16:21 Borys Movchan
  2021-08-05 20:52 ` Jarkko Sakkinen
  0 siblings, 1 reply; 3+ messages in thread
From: Borys Movchan @ 2021-08-04 16:21 UTC (permalink / raw)
  To: Peter Huewe, Jarkko Sakkinen, Jason Gunthorpe
  Cc: kernel, Borys Movchan, linux-integrity, linux-kernel

If something went wrong during the TPM firmware upgrade, like power
failure or the firmware image file get corrupted, the TPM might end
up in Upgrade or Failure mode upon the next start. The state is
persistent between the TPM power cycle/restart.

According to TPM specification:
 * If the TPM is in Upgrade mode, it will answer with TPM2_RC_UPGRADE
   to all commands except Field Upgrade related ones.
 * If the TPM is in Failure mode, it will allow performing TPM
   initialization but will not provide any crypto operations.
   Will happily respond to Field Upgrade calls.

The fix changes the behavior of the `tpm2_auto_startup` function, so
it tries to detect what mode TPM is running in. If the chip is in the
Upgrade or Failure mode, the function returns -EIO error code which
can be used later to adjust driver behavior later.
After `tpm_chip_register` calls `tpm2_auto_startup` it checks for the
error code. If the TPM is in Upgrade or Failure mode, set the
`limited_mode` flag. The calls to `tpm2_get_cc_attrs_tbl`,
`tpm_add_hwrng` and `tpm_get_pcr_allocation` will fail if the TPM is
in Failure or Upgrade mode, so use `limited_mode` flag to exclude
them from the module initialization sequence.

Signed-off-by: Borys Movchan <borysmn@axis.com>
---

Notes:
    Commit message updated

 drivers/char/tpm/tpm-chip.c | 23 +++++++++++++++--------
 drivers/char/tpm/tpm2-cmd.c | 12 ++++++++++--
 include/linux/tpm.h         |  1 +
 3 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index ddaeceb7e109..ff2367c447fb 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -574,20 +574,25 @@ static int tpm_get_pcr_allocation(struct tpm_chip *chip)
 int tpm_chip_register(struct tpm_chip *chip)
 {
 	int rc;
+	bool limited_mode = false;
 
 	rc = tpm_chip_start(chip);
 	if (rc)
 		return rc;
 	rc = tpm_auto_startup(chip);
-	if (rc) {
+	if (rc == -EIO) {
+		limited_mode = true;
+	} else if (rc) {
 		tpm_chip_stop(chip);
 		return rc;
 	}
 
-	rc = tpm_get_pcr_allocation(chip);
-	tpm_chip_stop(chip);
-	if (rc)
-		return rc;
+	if (!limited_mode) {
+		rc = tpm_get_pcr_allocation(chip);
+		tpm_chip_stop(chip);
+		if (rc)
+			return rc;
+	}
 
 	tpm_sysfs_add_device(chip);
 
@@ -595,9 +600,11 @@ int tpm_chip_register(struct tpm_chip *chip)
 
 	tpm_add_ppi(chip);
 
-	rc = tpm_add_hwrng(chip);
-	if (rc)
-		goto out_ppi;
+	if (!limited_mode) {
+		rc = tpm_add_hwrng(chip);
+		if (rc)
+			goto out_ppi;
+	}
 
 	rc = tpm_add_char_device(chip);
 	if (rc)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index a25815a6f625..7468353ed67d 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -718,7 +718,8 @@ static int tpm2_startup(struct tpm_chip *chip)
  *                     sequence
  * @chip: TPM chip to use
  *
- * Returns 0 on success, < 0 in case of fatal error.
+ * Returns 0 on success, -ENODEV in case of fatal error,
+ *	    -EIO in case of Reduced/Upgrade mode
  */
 int tpm2_auto_startup(struct tpm_chip *chip)
 {
@@ -729,7 +730,10 @@ int tpm2_auto_startup(struct tpm_chip *chip)
 		goto out;
 
 	rc = tpm2_do_selftest(chip);
-	if (rc && rc != TPM2_RC_INITIALIZE)
+	if (rc == TPM2_RC_UPGRADE) {
+		rc = -EIO;
+		goto out;
+	} else if (rc && rc != TPM2_RC_INITIALIZE)
 		goto out;
 
 	if (rc == TPM2_RC_INITIALIZE) {
@@ -743,6 +747,10 @@ int tpm2_auto_startup(struct tpm_chip *chip)
 	}
 
 	rc = tpm2_get_cc_attrs_tbl(chip);
+	if (rc) { /* Succeeded until here, but failed -> reduced mode */
+		rc = -EIO;
+		goto out;
+	}
 
 out:
 	if (rc > 0)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index aa11fe323c56..e873c42907f0 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -207,6 +207,7 @@ enum tpm2_return_codes {
 	TPM2_RC_INITIALIZE	= 0x0100, /* RC_VER1 */
 	TPM2_RC_FAILURE		= 0x0101,
 	TPM2_RC_DISABLED	= 0x0120,
+	TPM2_RC_UPGRADE		= 0x012D,
 	TPM2_RC_COMMAND_CODE    = 0x0143,
 	TPM2_RC_TESTING		= 0x090A, /* RC_WARN */
 	TPM2_RC_REFERENCE_H0	= 0x0910,
-- 
2.20.1


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] tpm: Add Upgrade/Reduced mode support for TPM2 modules
  2021-08-04 16:21 [PATCH v3] tpm: Add Upgrade/Reduced mode support for TPM2 modules Borys Movchan
@ 2021-08-05 20:52 ` Jarkko Sakkinen
  2021-08-06 14:20   ` Borys Movchan
  0 siblings, 1 reply; 3+ messages in thread
From: Jarkko Sakkinen @ 2021-08-05 20:52 UTC (permalink / raw)
  To: Borys Movchan
  Cc: Peter Huewe, Jason Gunthorpe, kernel, linux-integrity, linux-kernel

On Wed, Aug 04, 2021 at 06:21:31PM +0200, Borys Movchan wrote:
> If something went wrong during the TPM firmware upgrade, like power
> failure or the firmware image file get corrupted, the TPM might end
> up in Upgrade or Failure mode upon the next start. The state is
> persistent between the TPM power cycle/restart.
> 
> According to TPM specification:
>  * If the TPM is in Upgrade mode, it will answer with TPM2_RC_UPGRADE
>    to all commands except Field Upgrade related ones.
>  * If the TPM is in Failure mode, it will allow performing TPM
>    initialization but will not provide any crypto operations.
>    Will happily respond to Field Upgrade calls.
> 
> The fix changes the behavior of the `tpm2_auto_startup` function, so
                                
In commit messages, you ought to use imperative form:

"Change the behaviour of tpm2_auto_startup(), ..."

> it tries to detect what mode TPM is running in. If the chip is in the
> Upgrade or Failure mode, the function returns -EIO error code which
> can be used later to adjust driver behavior later.

*How* tpm2_auto_startup() detects the mode?

> After `tpm_chip_register` calls `tpm2_auto_startup` it checks for the

Please remove all these hyphens. They make the commit message a pain
to read. E.g. instead write tpm_chip_register(). This is not Github.

> error code. If the TPM is in Upgrade or Failure mode, set the
> `limited_mode` flag. The calls to `tpm2_get_cc_attrs_tbl`,
> `tpm_add_hwrng` and `tpm_get_pcr_allocation` will fail if the TPM is
> in Failure or Upgrade mode, so use `limited_mode` flag to exclude
> them from the module initialization sequence.
> 
> Signed-off-by: Borys Movchan <borysmn@axis.com>
> ---
> 
> Notes:
>     Commit message updated

v2:
* Commit message updated.

Notes would be something that had existed already in the first version.
Here we want a simple change log.

/Jarkko

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH v3] tpm: Add Upgrade/Reduced mode support for TPM2 modules
  2021-08-05 20:52 ` Jarkko Sakkinen
@ 2021-08-06 14:20   ` Borys Movchan
  0 siblings, 0 replies; 3+ messages in thread
From: Borys Movchan @ 2021-08-06 14:20 UTC (permalink / raw)
  To: Jarkko Sakkinen, Borys Movchan
  Cc: Peter Huewe, Jason Gunthorpe, kernel, linux-integrity, linux-kernel


On 8/5/21 10:52 PM, Jarkko Sakkinen wrote:
> On Wed, Aug 04, 2021 at 06:21:31PM +0200, Borys Movchan wrote:
>> If something went wrong during the TPM firmware upgrade, like power
>> failure or the firmware image file get corrupted, the TPM might end
>> up in Upgrade or Failure mode upon the next start. The state is
>> persistent between the TPM power cycle/restart.
>>
>> According to TPM specification:
>>  * If the TPM is in Upgrade mode, it will answer with TPM2_RC_UPGRADE
>>    to all commands except Field Upgrade related ones.
>>  * If the TPM is in Failure mode, it will allow performing TPM
>>    initialization but will not provide any crypto operations.
>>    Will happily respond to Field Upgrade calls.
>>
>> The fix changes the behavior of the `tpm2_auto_startup` function, so
>                                 
> In commit messages, you ought to use imperative form:
>
> "Change the behaviour of tpm2_auto_startup(), ..."
>
Done
>> it tries to detect what mode TPM is running in. If the chip is in the
>> Upgrade or Failure mode, the function returns -EIO error code which
>> can be used later to adjust driver behavior later.
> *How* tpm2_auto_startup() detects the mode?
Done
>> After `tpm_chip_register` calls `tpm2_auto_startup` it checks for the
> Please remove all these hyphens. They make the commit message a pain
> to read. E.g. instead write tpm_chip_register(). This is not Github.
Done
>> error code. If the TPM is in Upgrade or Failure mode, set the
>> `limited_mode` flag. The calls to `tpm2_get_cc_attrs_tbl`,
>> `tpm_add_hwrng` and `tpm_get_pcr_allocation` will fail if the TPM is
>> in Failure or Upgrade mode, so use `limited_mode` flag to exclude
>> them from the module initialization sequence.
>>
>> Signed-off-by: Borys Movchan <borysmn@axis.com>
>> ---
>>
>> Notes:
>>     Commit message updated
> v2:
> * Commit message updated.
>
> Notes would be something that had existed already in the first version.
> Here we want a simple change log.
Corrected
> /Jarkko
>

Kind regards,

Borys


^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2021-08-06 14:18 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-04 16:21 [PATCH v3] tpm: Add Upgrade/Reduced mode support for TPM2 modules Borys Movchan
2021-08-05 20:52 ` Jarkko Sakkinen
2021-08-06 14:20   ` Borys Movchan

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).