From: James Bottomley <jejb@linux.vnet.ibm.com> To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>, tpmdd-devel@lists.sourceforge.net Cc: linux-security-module@vger.kernel.org, open list <linux-kernel@vger.kernel.org> Subject: Re: [tpmdd-devel] [PATCH RFC v4 0/5] RFC: in-kernel resource manager Date: Mon, 23 Jan 2017 09:01:03 -0800 [thread overview] Message-ID: <1485190863.2534.10.camel@linux.vnet.ibm.com> (raw) In-Reply-To: <20170122234438.12102-1-jarkko.sakkinen@linux.intel.com> On Mon, 2017-01-23 at 01:44 +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide a context > for isolating and swapping transient objects. The content does > not yet include support for policy and HMAC sessions. > > There's a test script for trying out TPM spaces in > > git://git.infradead.org/users/jjs/tpm2-scripts.git > > A simple smoke test can be run by > > sudo python -m unittest -v tpm2_smoke.SpaceTest > > v2: > Changed to James' proposal of API. I did not make any other changes > except split core TPM space code its own patch because I want to find > consensus on the API before polishing the corners. Thus, this version > also carries the RFC tag. I have not yet locked in my standpoint > whether > ioctl or a device file is a better deal. > > v3: > - Check TPM return code in tpm_map_response. > - Reference tracking for /dev/tpms0. > - clear_bit(is_open) was removed from tpm-dev.c. Added it back. > - Use response length as the buffer size limit in tpm2_commit_space. > - This version now passes again my smoke tests. > > v4: > - Lots of small bug fixes and clean ups. > - Quirk for TPM2_CC_FlushHandle It's still failing my flush test. This time the problem is the return code on context save failure: it's TPM_RC_REFERENCE_H0 not TPM_RC_HANDLE. This is the fix. The manual implies TPM_RC_HANDLE could also be the return, so I kept both. James --- diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 62e8421..cc1db77 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -106,6 +106,7 @@ enum tpm2_algorithms { TPM2_ALG_SHA512 = 0x000D, TPM2_ALG_NULL = 0x0010, TPM2_ALG_SM3_256 = 0x0012, + TPM2_RC_REFERENCE_H0 = 0x0910, }; enum tpm2_command_codes { diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 83e9708..b36337a 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -104,7 +104,8 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, __func__, rc); tpm_buf_destroy(&tbuf); return -EFAULT; - } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE) { + } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE || + rc == TPM2_RC_REFERENCE_H0) { tpm_buf_destroy(&tbuf); return -ENOENT; } else if (rc) {
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <jejb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org> To: Jarkko Sakkinen <jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, open list <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org> Subject: Re: [PATCH RFC v4 0/5] RFC: in-kernel resource manager Date: Mon, 23 Jan 2017 09:01:03 -0800 [thread overview] Message-ID: <1485190863.2534.10.camel@linux.vnet.ibm.com> (raw) In-Reply-To: <20170122234438.12102-1-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org> On Mon, 2017-01-23 at 01:44 +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide a context > for isolating and swapping transient objects. The content does > not yet include support for policy and HMAC sessions. > > There's a test script for trying out TPM spaces in > > git://git.infradead.org/users/jjs/tpm2-scripts.git > > A simple smoke test can be run by > > sudo python -m unittest -v tpm2_smoke.SpaceTest > > v2: > Changed to James' proposal of API. I did not make any other changes > except split core TPM space code its own patch because I want to find > consensus on the API before polishing the corners. Thus, this version > also carries the RFC tag. I have not yet locked in my standpoint > whether > ioctl or a device file is a better deal. > > v3: > - Check TPM return code in tpm_map_response. > - Reference tracking for /dev/tpms0. > - clear_bit(is_open) was removed from tpm-dev.c. Added it back. > - Use response length as the buffer size limit in tpm2_commit_space. > - This version now passes again my smoke tests. > > v4: > - Lots of small bug fixes and clean ups. > - Quirk for TPM2_CC_FlushHandle It's still failing my flush test. This time the problem is the return code on context save failure: it's TPM_RC_REFERENCE_H0 not TPM_RC_HANDLE. This is the fix. The manual implies TPM_RC_HANDLE could also be the return, so I kept both. James --- diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 62e8421..cc1db77 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -106,6 +106,7 @@ enum tpm2_algorithms { TPM2_ALG_SHA512 = 0x000D, TPM2_ALG_NULL = 0x0010, TPM2_ALG_SM3_256 = 0x0012, + TPM2_RC_REFERENCE_H0 = 0x0910, }; enum tpm2_command_codes { diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c index 83e9708..b36337a 100644 --- a/drivers/char/tpm/tpm2-space.c +++ b/drivers/char/tpm/tpm2-space.c @@ -104,7 +104,8 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf, __func__, rc); tpm_buf_destroy(&tbuf); return -EFAULT; - } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE) { + } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE || + rc == TPM2_RC_REFERENCE_H0) { tpm_buf_destroy(&tbuf); return -ENOENT; } else if (rc) { ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2017-01-23 17:02 UTC|newest] Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top 2017-01-22 23:44 [PATCH RFC v4 0/5] RFC: in-kernel resource manager Jarkko Sakkinen 2017-01-22 23:44 ` Jarkko Sakkinen 2017-01-22 23:44 ` [PATCH RFC v4 1/5] tpm: validate TPM 2.0 commands Jarkko Sakkinen 2017-01-22 23:44 ` Jarkko Sakkinen 2017-01-23 2:02 ` [tpmdd-devel] " Stefan Berger 2017-01-23 21:44 ` Jarkko Sakkinen 2017-01-23 21:44 ` Jarkko Sakkinen 2017-01-22 23:44 ` [PATCH RFC v4 2/5] tpm: export tpm2_flush_context_cmd Jarkko Sakkinen 2017-01-22 23:44 ` Jarkko Sakkinen 2017-01-22 23:44 ` [PATCH RFC v4 3/5] tpm: infrastructure for TPM spaces Jarkko Sakkinen 2017-01-22 23:44 ` Jarkko Sakkinen 2017-01-23 0:00 ` Jarkko Sakkinen 2017-01-22 23:44 ` [PATCH RFC v4 4/5] tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c Jarkko Sakkinen 2017-01-22 23:44 ` Jarkko Sakkinen 2017-01-23 16:47 ` Jason Gunthorpe 2017-01-23 22:28 ` [tpmdd-devel] " James Bottomley 2017-01-23 22:49 ` Jason Gunthorpe 2017-01-23 22:57 ` James Bottomley 2017-01-23 23:04 ` Jason Gunthorpe 2017-01-23 23:20 ` James Bottomley 2017-01-23 23:30 ` Jason Gunthorpe 2017-01-23 23:45 ` James Bottomley 2017-01-23 23:45 ` James Bottomley 2017-01-24 0:04 ` [tpmdd-devel] " Jason Gunthorpe 2017-01-24 0:04 ` Jason Gunthorpe 2017-01-24 14:30 ` [tpmdd-devel] " Jarkko Sakkinen 2017-01-24 14:28 ` Jarkko Sakkinen 2017-01-24 14:28 ` Jarkko Sakkinen 2017-01-22 23:44 ` [PATCH RFC v4 5/5] tpm2: expose spaces via a device link /dev/tpms<n> Jarkko Sakkinen 2017-01-22 23:44 ` Jarkko Sakkinen 2017-01-22 23:50 ` [PATCH RFC v4 0/5] RFC: in-kernel resource manager Jarkko Sakkinen 2017-01-23 17:01 ` James Bottomley [this message] 2017-01-23 17:01 ` James Bottomley 2017-01-24 0:04 ` [tpmdd-devel] " Jarkko Sakkinen
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=1485190863.2534.10.camel@linux.vnet.ibm.com \ --to=jejb@linux.vnet.ibm.com \ --cc=jarkko.sakkinen@linux.intel.com \ --cc=linux-kernel@vger.kernel.org \ --cc=linux-security-module@vger.kernel.org \ --cc=tpmdd-devel@lists.sourceforge.net \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.