tpmdd-devel.lists.sourceforge.net archive mirror
 help / color / mirror / Atom feed
* TPM resource manager - persistent objects should be global
@ 2017-03-28 21:39 Ken Goldman
       [not found] ` <e89db1e1-7996-3106-c034-e6d4c2c5f887-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
  0 siblings, 1 reply; 5+ messages in thread
From: Ken Goldman @ 2017-03-28 21:39 UTC (permalink / raw)
  To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f

I have a persistent object at 81000001.

getcapability through /dev/tpm0 shows it.  The same command through 
/dev/tpmrm0 does not.  This causes further problems in the application.

While transient objects are per connection, IMHO persistent objects 
should be global.

~~

Warning:  I think I'm using the latest TPM device driver from

git://git.infradead.org/users/jjs/linux-tpmdd.git

but I'm new to both git and kernel building, so I could be wrong.  If 
you think the above should work, it could be my error.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: TPM resource manager - persistent objects should be global
       [not found] ` <e89db1e1-7996-3106-c034-e6d4c2c5f887-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
@ 2017-03-29 18:40   ` James Bottomley
       [not found]     ` <1490812802.5647.4.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
  0 siblings, 1 reply; 5+ messages in thread
From: James Bottomley @ 2017-03-29 18:40 UTC (permalink / raw)
  To: Ken Goldman, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f

On Tue, 2017-03-28 at 17:39 -0400, Ken Goldman wrote:
> I have a persistent object at 81000001.
> 
> getcapability through /dev/tpm0 shows it.  The same command through 
> /dev/tpmrm0 does not.  This causes further problems in the
> application.
> 
> While transient objects are per connection, IMHO persistent objects 
> should be global.
> 
> ~~
> 
> Warning:  I think I'm using the latest TPM device driver from
> 
> git://git.infradead.org/users/jjs/linux-tpmdd.git
> 
> but I'm new to both git and kernel building, so I could be wrong.  If
> you think the above should work, it could be my error.

It should work.  It turns out the body mapping code is overzealous and
errors out when it should just pass through.  The same thing happens
with the PCRs as well.

This should fix it for both.

James

---

diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
index 009934269514..e2e059d8ffec 100644
--- a/drivers/char/tpm/tpm2-space.c
+++ b/drivers/char/tpm/tpm2-space.c
@@ -429,15 +429,11 @@ static int tpm2_map_response_body(struct tpm_chip *chip, u32 cc, u8 *rsp,
 			data->handles[j] = cpu_to_be32(vhandle);
 			j++;
 			break;
-		case TPM2_HT_HMAC_SESSION:
-		case TPM2_HT_POLICY_SESSION:
+
+		default:
 			data->handles[j] = cpu_to_be32(phandle);
 			j++;
 			break;
-		default:
-			dev_err(&chip->dev, "%s: unknown handle 0x%08X\n",
-				__func__, phandle);
-			break;
 		}
 
 	}


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: TPM resource manager - persistent objects should be global
       [not found]     ` <1490812802.5647.4.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
@ 2017-03-31  8:14       ` Jarkko Sakkinen
  2017-03-31 14:57       ` Ken Goldman
  1 sibling, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2017-03-31  8:14 UTC (permalink / raw)
  To: James Bottomley; +Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f

Ken, James, thank you. I'll squash this before PR.

/Jarkko

On Wed, Mar 29, 2017 at 02:40:02PM -0400, James Bottomley wrote:
> On Tue, 2017-03-28 at 17:39 -0400, Ken Goldman wrote:
> > I have a persistent object at 81000001.
> > 
> > getcapability through /dev/tpm0 shows it.  The same command through 
> > /dev/tpmrm0 does not.  This causes further problems in the
> > application.
> > 
> > While transient objects are per connection, IMHO persistent objects 
> > should be global.
> > 
> > ~~
> > 
> > Warning:  I think I'm using the latest TPM device driver from
> > 
> > git://git.infradead.org/users/jjs/linux-tpmdd.git
> > 
> > but I'm new to both git and kernel building, so I could be wrong.  If
> > you think the above should work, it could be my error.
> 
> It should work.  It turns out the body mapping code is overzealous and
> errors out when it should just pass through.  The same thing happens
> with the PCRs as well.
> 
> This should fix it for both.
> 
> James
> 
> ---
> 
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 009934269514..e2e059d8ffec 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -429,15 +429,11 @@ static int tpm2_map_response_body(struct tpm_chip *chip, u32 cc, u8 *rsp,
>  			data->handles[j] = cpu_to_be32(vhandle);
>  			j++;
>  			break;
> -		case TPM2_HT_HMAC_SESSION:
> -		case TPM2_HT_POLICY_SESSION:
> +
> +		default:
>  			data->handles[j] = cpu_to_be32(phandle);
>  			j++;
>  			break;
> -		default:
> -			dev_err(&chip->dev, "%s: unknown handle 0x%08X\n",
> -				__func__, phandle);
> -			break;
>  		}
>  
>  	}
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: TPM resource manager - persistent objects should be global
       [not found]     ` <1490812802.5647.4.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
  2017-03-31  8:14       ` Jarkko Sakkinen
@ 2017-03-31 14:57       ` Ken Goldman
       [not found]         ` <0a9a4380-e7cc-8927-e594-bbf5d9fa60c8-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
  1 sibling, 1 reply; 5+ messages in thread
From: Ken Goldman @ 2017-03-31 14:57 UTC (permalink / raw)
  To: James Bottomley, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f

This patch worked.  Can you merge it with Jarkko's latest?

I can report that my attestation client works unmodified with the 
resource manager.  I just had to point it to /dev/tpmrm0.  It's a 
Nuvoton TPM, I2C bus, POWER architecture.

It does quite a bit - transient and persistent objects, getcapability,
reading NV indexes, policy sessions.  I did the RSA and ECC variants in 
parallel, so there should have been a bit of swapping.

On 3/29/2017 2:40 PM, James Bottomley wrote:
> On Tue, 2017-03-28 at 17:39 -0400, Ken Goldman wrote:
>> I have a persistent object at 81000001.
>>
>> getcapability through /dev/tpm0 shows it.  The same command through
>> /dev/tpmrm0 does not.  This causes further problems in the
>> application.
>>
>> While transient objects are per connection, IMHO persistent objects
>> should be global.
>>
>> ~~
>>
>> Warning:  I think I'm using the latest TPM device driver from
>>
>> git://git.infradead.org/users/jjs/linux-tpmdd.git
>>
>> but I'm new to both git and kernel building, so I could be wrong.  If
>> you think the above should work, it could be my error.
>
> It should work.  It turns out the body mapping code is overzealous and
> errors out when it should just pass through.  The same thing happens
> with the PCRs as well.
>
> This should fix it for both.
>
> James
>
> ---
>
> diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> index 009934269514..e2e059d8ffec 100644
> --- a/drivers/char/tpm/tpm2-space.c
> +++ b/drivers/char/tpm/tpm2-space.c
> @@ -429,15 +429,11 @@ static int tpm2_map_response_body(struct tpm_chip *chip, u32 cc, u8 *rsp,
>  			data->handles[j] = cpu_to_be32(vhandle);
>  			j++;
>  			break;
> -		case TPM2_HT_HMAC_SESSION:
> -		case TPM2_HT_POLICY_SESSION:
> +
> +		default:
>  			data->handles[j] = cpu_to_be32(phandle);
>  			j++;
>  			break;
> -		default:
> -			dev_err(&chip->dev, "%s: unknown handle 0x%08X\n",
> -				__func__, phandle);
> -			break;
>  		}
>
>  	}
>


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: TPM resource manager - persistent objects should be global
       [not found]         ` <0a9a4380-e7cc-8927-e594-bbf5d9fa60c8-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
@ 2017-03-31 18:28           ` Jarkko Sakkinen
  0 siblings, 0 replies; 5+ messages in thread
From: Jarkko Sakkinen @ 2017-03-31 18:28 UTC (permalink / raw)
  To: Ken Goldman; +Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f

The late fixes (2) are pushed to my master branch.

/Jarkko

On Fri, Mar 31, 2017 at 10:57:15AM -0400, Ken Goldman wrote:
> This patch worked.  Can you merge it with Jarkko's latest?
> 
> I can report that my attestation client works unmodified with the 
> resource manager.  I just had to point it to /dev/tpmrm0.  It's a 
> Nuvoton TPM, I2C bus, POWER architecture.
> 
> It does quite a bit - transient and persistent objects, getcapability,
> reading NV indexes, policy sessions.  I did the RSA and ECC variants in 
> parallel, so there should have been a bit of swapping.
> 
> On 3/29/2017 2:40 PM, James Bottomley wrote:
> > On Tue, 2017-03-28 at 17:39 -0400, Ken Goldman wrote:
> >> I have a persistent object at 81000001.
> >>
> >> getcapability through /dev/tpm0 shows it.  The same command through
> >> /dev/tpmrm0 does not.  This causes further problems in the
> >> application.
> >>
> >> While transient objects are per connection, IMHO persistent objects
> >> should be global.
> >>
> >> ~~
> >>
> >> Warning:  I think I'm using the latest TPM device driver from
> >>
> >> git://git.infradead.org/users/jjs/linux-tpmdd.git
> >>
> >> but I'm new to both git and kernel building, so I could be wrong.  If
> >> you think the above should work, it could be my error.
> >
> > It should work.  It turns out the body mapping code is overzealous and
> > errors out when it should just pass through.  The same thing happens
> > with the PCRs as well.
> >
> > This should fix it for both.
> >
> > James
> >
> > ---
> >
> > diff --git a/drivers/char/tpm/tpm2-space.c b/drivers/char/tpm/tpm2-space.c
> > index 009934269514..e2e059d8ffec 100644
> > --- a/drivers/char/tpm/tpm2-space.c
> > +++ b/drivers/char/tpm/tpm2-space.c
> > @@ -429,15 +429,11 @@ static int tpm2_map_response_body(struct tpm_chip *chip, u32 cc, u8 *rsp,
> >  			data->handles[j] = cpu_to_be32(vhandle);
> >  			j++;
> >  			break;
> > -		case TPM2_HT_HMAC_SESSION:
> > -		case TPM2_HT_POLICY_SESSION:
> > +
> > +		default:
> >  			data->handles[j] = cpu_to_be32(phandle);
> >  			j++;
> >  			break;
> > -		default:
> > -			dev_err(&chip->dev, "%s: unknown handle 0x%08X\n",
> > -				__func__, phandle);
> > -			break;
> >  		}
> >
> >  	}
> >
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2017-03-31 18:28 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-03-28 21:39 TPM resource manager - persistent objects should be global Ken Goldman
     [not found] ` <e89db1e1-7996-3106-c034-e6d4c2c5f887-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-03-29 18:40   ` James Bottomley
     [not found]     ` <1490812802.5647.4.camel-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-03-31  8:14       ` Jarkko Sakkinen
2017-03-31 14:57       ` Ken Goldman
     [not found]         ` <0a9a4380-e7cc-8927-e594-bbf5d9fa60c8-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2017-03-31 18:28           ` Jarkko Sakkinen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).