From: James Bottomley <jejb@linux.vnet.ibm.com>
To: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
tpmdd-devel@lists.sourceforge.net
Cc: linux-security-module@vger.kernel.org,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH RFC v4 0/5] RFC: in-kernel resource manager
Date: Mon, 23 Jan 2017 09:01:03 -0800 [thread overview]
Message-ID: <1485190863.2534.10.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170122234438.12102-1-jarkko.sakkinen@linux.intel.com>
On Mon, 2017-01-23 at 01:44 +0200, Jarkko Sakkinen wrote:
> This patch set adds support for TPM spaces that provide a context
> for isolating and swapping transient objects. The content does
> not yet include support for policy and HMAC sessions.
>
> There's a test script for trying out TPM spaces in
>
> git://git.infradead.org/users/jjs/tpm2-scripts.git
>
> A simple smoke test can be run by
>
> sudo python -m unittest -v tpm2_smoke.SpaceTest
>
> v2:
> Changed to James' proposal of API. I did not make any other changes
> except split core TPM space code its own patch because I want to find
> consensus on the API before polishing the corners. Thus, this version
> also carries the RFC tag. I have not yet locked in my standpoint
> whether
> ioctl or a device file is a better deal.
>
> v3:
> - Check TPM return code in tpm_map_response.
> - Reference tracking for /dev/tpms0.
> - clear_bit(is_open) was removed from tpm-dev.c. Added it back.
> - Use response length as the buffer size limit in tpm2_commit_space.
> - This version now passes again my smoke tests.
>
> v4:
> - Lots of small bug fixes and clean ups.
> - Quirk for TPM2_CC_FlushHandle
It's still failing my flush test. This time the problem is the return
code on context save failure: it's TPM_RC_REFERENCE_H0 not
TPM_RC_HANDLE. This is the fix. The manual implies TPM_RC_HANDLE
could also be the return, so I kept both.
James
---
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 62e8421..cc1db77 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -106,6 +106,7 @@ enum tpm2_algorithms {
TPM2_ALG_SHA512 = 0x000D,
TPM2_ALG_NULL = 0x0010,
TPM2_ALG_SM3_256 = 0x0012,
+ TPM2_RC_REFERENCE_H0 = 0x0910,
};
enum tpm2_command_codes {
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 83e9708..b36337a 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -104,7 +104,8 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
__func__, rc);
tpm_buf_destroy(&tbuf);
return -EFAULT;
- } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE) {
+ } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE ||
+ rc == TPM2_RC_REFERENCE_H0) {
tpm_buf_destroy(&tbuf);
return -ENOENT;
} else if (rc) {
WARNING: multiple messages have this Message-ID (diff)
From: James Bottomley <jejb-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
To: Jarkko Sakkinen
<jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>,
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
open list <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>
Subject: Re: [PATCH RFC v4 0/5] RFC: in-kernel resource manager
Date: Mon, 23 Jan 2017 09:01:03 -0800 [thread overview]
Message-ID: <1485190863.2534.10.camel@linux.vnet.ibm.com> (raw)
In-Reply-To: <20170122234438.12102-1-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
On Mon, 2017-01-23 at 01:44 +0200, Jarkko Sakkinen wrote:
> This patch set adds support for TPM spaces that provide a context
> for isolating and swapping transient objects. The content does
> not yet include support for policy and HMAC sessions.
>
> There's a test script for trying out TPM spaces in
>
> git://git.infradead.org/users/jjs/tpm2-scripts.git
>
> A simple smoke test can be run by
>
> sudo python -m unittest -v tpm2_smoke.SpaceTest
>
> v2:
> Changed to James' proposal of API. I did not make any other changes
> except split core TPM space code its own patch because I want to find
> consensus on the API before polishing the corners. Thus, this version
> also carries the RFC tag. I have not yet locked in my standpoint
> whether
> ioctl or a device file is a better deal.
>
> v3:
> - Check TPM return code in tpm_map_response.
> - Reference tracking for /dev/tpms0.
> - clear_bit(is_open) was removed from tpm-dev.c. Added it back.
> - Use response length as the buffer size limit in tpm2_commit_space.
> - This version now passes again my smoke tests.
>
> v4:
> - Lots of small bug fixes and clean ups.
> - Quirk for TPM2_CC_FlushHandle
It's still failing my flush test. This time the problem is the return
code on context save failure: it's TPM_RC_REFERENCE_H0 not
TPM_RC_HANDLE. This is the fix. The manual implies TPM_RC_HANDLE
could also be the return, so I kept both.
James
---
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 62e8421..cc1db77 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -106,6 +106,7 @@ enum tpm2_algorithms {
TPM2_ALG_SHA512 = 0x000D,
TPM2_ALG_NULL = 0x0010,
TPM2_ALG_SM3_256 = 0x0012,
+ TPM2_RC_REFERENCE_H0 = 0x0910,
};
enum tpm2_command_codes {
diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 83e9708..b36337a 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -104,7 +104,8 @@ static int tpm2_save_context(struct tpm_chip *chip, u32 handle, u8 *buf,
__func__, rc);
tpm_buf_destroy(&tbuf);
return -EFAULT;
- } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE) {
+ } else if ((rc & TPM2_RC_HANDLE) == TPM2_RC_HANDLE ||
+ rc == TPM2_RC_REFERENCE_H0) {
tpm_buf_destroy(&tbuf);
return -ENOENT;
} else if (rc) {
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2017-01-23 17:02 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-22 23:44 [PATCH RFC v4 0/5] RFC: in-kernel resource manager Jarkko Sakkinen
2017-01-22 23:44 ` Jarkko Sakkinen
2017-01-22 23:44 ` [PATCH RFC v4 1/5] tpm: validate TPM 2.0 commands Jarkko Sakkinen
2017-01-22 23:44 ` Jarkko Sakkinen
2017-01-23 2:02 ` [tpmdd-devel] " Stefan Berger
2017-01-23 21:44 ` Jarkko Sakkinen
2017-01-23 21:44 ` Jarkko Sakkinen
2017-01-22 23:44 ` [PATCH RFC v4 2/5] tpm: export tpm2_flush_context_cmd Jarkko Sakkinen
2017-01-22 23:44 ` Jarkko Sakkinen
2017-01-22 23:44 ` [PATCH RFC v4 3/5] tpm: infrastructure for TPM spaces Jarkko Sakkinen
2017-01-22 23:44 ` Jarkko Sakkinen
2017-01-23 0:00 ` Jarkko Sakkinen
2017-01-22 23:44 ` [PATCH RFC v4 4/5] tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c Jarkko Sakkinen
2017-01-22 23:44 ` Jarkko Sakkinen
2017-01-23 16:47 ` Jason Gunthorpe
2017-01-23 22:28 ` [tpmdd-devel] " James Bottomley
2017-01-23 22:49 ` Jason Gunthorpe
2017-01-23 22:57 ` James Bottomley
2017-01-23 23:04 ` Jason Gunthorpe
2017-01-23 23:20 ` James Bottomley
2017-01-23 23:30 ` Jason Gunthorpe
2017-01-23 23:45 ` James Bottomley
2017-01-23 23:45 ` James Bottomley
2017-01-24 0:04 ` [tpmdd-devel] " Jason Gunthorpe
2017-01-24 0:04 ` Jason Gunthorpe
2017-01-24 14:30 ` [tpmdd-devel] " Jarkko Sakkinen
2017-01-24 14:28 ` Jarkko Sakkinen
2017-01-24 14:28 ` Jarkko Sakkinen
2017-01-22 23:44 ` [PATCH RFC v4 5/5] tpm2: expose spaces via a device link /dev/tpms<n> Jarkko Sakkinen
2017-01-22 23:44 ` Jarkko Sakkinen
2017-01-22 23:50 ` [PATCH RFC v4 0/5] RFC: in-kernel resource manager Jarkko Sakkinen
2017-01-23 17:01 ` James Bottomley [this message]
2017-01-23 17:01 ` James Bottomley
2017-01-24 0:04 ` [tpmdd-devel] " Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1485190863.2534.10.camel@linux.vnet.ibm.com \
--to=jejb@linux.vnet.ibm.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.