tpmdd-devel.lists.sourceforge.net archive mirror
 help / color / mirror / Atom feed
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: tpmdd-devel@lists.sourceforge.net,
	linux-ima-devel@lists.sourceforge.net,
	linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
	linux-kernel@vger.kernel.org
Subject: Re: [PATCH v3 5/6] tpm: introduce tpm_get_pcr_banks_info()
Date: Fri, 23 Jun 2017 12:35:54 +0200	[thread overview]
Message-ID: <20170623103554.2333z4fzb6eulcsg@linux.intel.com> (raw)
In-Reply-To: <20170621142941.32674-6-roberto.sassu@huawei.com>

On Wed, Jun 21, 2017 at 04:29:40PM +0200, Roberto Sassu wrote:
> This function copies the array of tpm_pcr_bank_info structures to the
> memory address specified by the caller. It assumes that the caller
> allocated an array with the same number of elements of the active_banks
> array (member of the tpm_chip structure). This number is defined in
> include/linux/tpm.h (TPM_ACTIVE_BANKS_MAX definition).
> 
> A tpm_pcr_bank_info structure is also returned if the TPM version is 1.2.
> The advantage of this choice is that the code for extending a PCR with
> multiple digests will work regardless of the TPM version.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>

You should be able to pass crypto ID to extend function. As I've said
this API is unacceptable.

For those alg IDs for which you don't have crypto ID (rare corner case)
you can use Naynas well implemented approach.

/Jarkko

> ---
>  drivers/char/tpm/tpm-interface.c | 33 +++++++++++++++++++++++++++++++++
>  drivers/char/tpm/tpm.h           |  2 +-
>  include/linux/tpm.h              |  8 ++++++++
>  3 files changed, 42 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index a11598a..cf0cdb2 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -916,6 +916,39 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>  
>  /**
> + * tpm_get_pcr_banks_info() - get PCR banks information
> + * @chip_num:		tpm idx # or ANY
> + * @active_banks:	array of tpm_pcr_bank_info structures
> + *
> + * Return: < 0 on error, and the number of active PCR banks on success.
> + */
> +int tpm_get_pcr_banks_info(u32 chip_num, struct tpm_pcr_bank_info *active_banks)
> +{
> +	struct tpm_chip *chip;
> +	int count = 1;
> +
> +	chip = tpm_chip_find_get(chip_num);
> +	if (chip == NULL)
> +		return -ENODEV;
> +
> +	if (!(chip->flags & TPM_CHIP_FLAG_TPM2)) {
> +		active_banks[0].alg_id = TPM2_ALG_SHA1;
> +		active_banks[0].crypto_id = HASH_ALGO_SHA1;
> +		active_banks[0].digest_size = hash_digest_size[HASH_ALGO_SHA1];
> +		goto out;
> +	}
> +
> +	for (count = 0; count < ARRAY_SIZE(chip->active_banks) &&
> +	     chip->active_banks[count].alg_id != TPM2_ALG_ERROR; count++)
> +		memcpy(&active_banks[count], &chip->active_banks[count],
> +		       sizeof(*active_banks));
> +out:
> +	tpm_put_ops(chip);
> +	return count;
> +}
> +EXPORT_SYMBOL_GPL(tpm_get_pcr_banks_info);
> +
> +/**
>   * tpm_do_selftest - have the TPM continue its selftest and wait until it
>   *                   can receive further commands
>   * @chip: TPM chip to use
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index d285bc6..75ec0d1 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -208,7 +208,7 @@ struct tpm_chip {
>  	const struct attribute_group *groups[3];
>  	unsigned int groups_cnt;
>  
> -	struct tpm_pcr_bank_info active_banks[7];
> +	struct tpm_pcr_bank_info active_banks[TPM_ACTIVE_BANKS_MAX];
>  #ifdef CONFIG_ACPI
>  	acpi_handle acpi_dev_handle;
>  	char ppi_version[TPM_PPI_VERSION_LEN + 1];
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index ff06738..49ec8fc 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -25,6 +25,7 @@
>  #include <crypto/hash_info.h>
>  
>  #define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
> +#define TPM_ACTIVE_BANKS_MAX 7	/* Max num of active banks for TPM 2.0 */
>  
>  /*
>   * Chip num is this value or a valid tpm idx
> @@ -76,6 +77,8 @@ struct tpm_pcr_bank_info {
>  extern int tpm_is_tpm2(u32 chip_num);
>  extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
>  extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash);
> +extern int tpm_get_pcr_banks_info(u32 chip_num,
> +				  struct tpm_pcr_bank_info *active_banks);
>  extern int tpm_send(u32 chip_num, void *cmd, size_t buflen);
>  extern int tpm_get_random(u32 chip_num, u8 *data, size_t max);
>  extern int tpm_seal_trusted(u32 chip_num,
> @@ -95,6 +98,11 @@ static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) {
>  static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) {
>  	return -ENODEV;
>  }
> +static inline int tpm_get_pcr_banks_info(u32 chip_num,
> +					 struct tpm_pcr_bank_info *active_banks)
> +{
> +	return -ENODEV;
> +}
>  static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) {
>  	return -ENODEV;
>  }
> -- 
> 2.9.3
> 

  reply	other threads:[~2017-06-23 10:35 UTC|newest]

Thread overview: 29+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-06-21 14:29 [PATCH v3 0/6] Updated API for TPM 2.0 PCR extend Roberto Sassu
2017-06-21 14:29 ` [PATCH v3 4/6] tpm: replace TPM algorithms IDs with tpm_pcr_bank_info structs in tpm_chip Roberto Sassu
2017-06-23 10:32   ` Jarkko Sakkinen
2017-06-21 14:29 ` [PATCH v3 5/6] tpm: introduce tpm_get_pcr_banks_info() Roberto Sassu
2017-06-23 10:35   ` Jarkko Sakkinen [this message]
2017-06-21 14:29 ` [PATCH v3 6/6] tpm: pass multiple digests to tpm_pcr_extend() Roberto Sassu
     [not found]   ` <20170621142941.32674-7-roberto.sassu-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2017-06-23 10:37     ` Jarkko Sakkinen
     [not found] ` <20170621142941.32674-1-roberto.sassu-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2017-06-21 14:29   ` [PATCH v3 1/6] tpm: use tpm_buf functions to perform a PCR read Roberto Sassu
2017-06-22 10:14     ` [tpmdd-devel] " Jarkko Sakkinen
     [not found]       ` <20170622101404.blfpqcryrbe35ha4-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-06-22 11:54         ` Roberto Sassu
2017-06-23 10:56           ` [tpmdd-devel] " Jarkko Sakkinen
2017-06-21 14:29   ` [PATCH v3 2/6] tpm: use tpm2_pcr_read_tpm_buf() in tpm2_do_selftest() Roberto Sassu
2017-06-23  9:55     ` [tpmdd-devel] " Jarkko Sakkinen
2017-06-23 10:22       ` Roberto Sassu
2017-06-21 14:29   ` [PATCH v3 3/6] tpm: introduce tpm_pcr_bank_info structure with digest_size from TPM Roberto Sassu
2017-06-23 10:26     ` Jarkko Sakkinen
     [not found]       ` <20170623102606.3xkuqbslr3g3o22s-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-06-23 11:25         ` Roberto Sassu
     [not found]     ` <20170621142941.32674-4-roberto.sassu-hv44wF8Li93QT0dZR+AlfA@public.gmane.org>
2017-06-27 15:24       ` Mimi Zohar
2017-06-24  9:03   ` [PATCH v3 0/6] Updated API for TPM 2.0 PCR extend Jarkko Sakkinen
     [not found]     ` <20170624090325.kbqhwkrx5qvtxveg-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-06-26  6:58       ` Roberto Sassu
2017-06-26  7:21       ` Roberto Sassu
2017-06-28 17:10         ` Jarkko Sakkinen
2017-06-26 12:33     ` [Linux-ima-devel] " Mimi Zohar
2017-06-26 14:56       ` Roberto Sassu
2017-06-26 17:12         ` Mimi Zohar
2017-06-28 17:28       ` Jarkko Sakkinen
2017-06-28 22:28         ` Mimi Zohar
2017-07-05 15:18         ` [tpmdd-devel] " Ken Goldman
2017-07-05 16:06           ` Mimi Zohar

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20170623103554.2333z4fzb6eulcsg@linux.intel.com \
    --to=jarkko.sakkinen@linux.intel.com \
    --cc=keyrings@vger.kernel.org \
    --cc=linux-ima-devel@lists.sourceforge.net \
    --cc=linux-kernel@vger.kernel.org \
    --cc=linux-security-module@vger.kernel.org \
    --cc=roberto.sassu@huawei.com \
    --cc=tpmdd-devel@lists.sourceforge.net \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).