tpmdd-devel.lists.sourceforge.net archive mirror
 help / color / mirror / Atom feed
From: <Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w@public.gmane.org>
To: jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org
Cc: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [PATCH RESEND 0/2] Avoid sending invalid data to the TPM
Date: Fri, 1 Sep 2017 12:08:49 +0000	[thread overview]
Message-ID: <793a8e7428f946cc96d400038bc050da@MUCSE603.infineon.com> (raw)
In-Reply-To: <20170825164416.svo7khm4zsmosxbx-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>

> On Thu, Aug 24, 2017 at 10:35:43AM +0200, Alexander Steffen wrote:
> > When trying to send invalid commands (with mismatching commandSize
> > values) to the TPM we discovered some cases in which data is sent to
> > the TPM that should not be sent there. Similar problems were fixed
> > years ago, but this one slipped through it seems.
> >
> > Alexander Steffen (2):
> >   tpm-dev-common: Reject too short writes
> >   tpm-interface: Fix checks of buffer size
> >
> >  drivers/char/tpm/tpm-dev-common.c |  2 +-
> > drivers/char/tpm/tpm-interface.c  | 16 ++++++++--------
> >  drivers/char/tpm/tpm.h            |  3 ++-
> >  3 files changed, 11 insertions(+), 10 deletions(-)
> >
> > --
> > 2.7.4
> >
> 
> Have you checked that these do no break /dev/tpmrm0?
> 
> I have some cheap unit tests here to smoke it:
> 
> https://github.com/jsakkine-intel/tpm2-scripts
> 
> /Jarkko

I've now included your tests in my automation, so that they will run for all my future changes. Is it sufficient to use tpm2_smoke.py or should I also run keyctl-smoke.sh? Not having used keyctl before, I'm not sure whether it has any dependencies/side effects.

There was one thing I needed to fix to make the tests run with my TPMs and I've sent you a pull request via GitHub for it.

Alexander
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

      parent reply	other threads:[~2017-09-01 12:08 UTC|newest]

Thread overview: 10+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-08-24  8:35 Alexander Steffen
     [not found] ` <20170824083545.13280-1-Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w@public.gmane.org>
2017-08-24  8:35   ` [PATCH RESEND 1/2] tpm-dev-common: Reject too short writes Alexander Steffen
2017-08-25 16:54     ` Jarkko Sakkinen
     [not found]       ` <20170825165451.b7lv7t5w3nhbz7da-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-08-28 17:11         ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-08-30 10:40           ` Jarkko Sakkinen
2017-09-04 17:35             ` Alexander.Steffen
     [not found]               ` <dd865ba5751e4d568709e0aaf209633b-nFblLGNE8XKJSz+rYg/bSJowlv4uC7bZ@public.gmane.org>
2017-09-05 19:02                 ` Jarkko Sakkinen
2017-08-24  8:35   ` [PATCH RESEND 2/2] tpm-interface: Fix checks of buffer size Alexander Steffen
2017-08-25 16:44   ` [PATCH RESEND 0/2] Avoid sending invalid data to the TPM Jarkko Sakkinen
     [not found]     ` <20170825164416.svo7khm4zsmosxbx-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-09-01 12:08       ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=793a8e7428f946cc96d400038bc050da@MUCSE603.infineon.com \
    --to=alexander.steffen-d0qzbvysippwk0htik3j/w@public.gmane.org \
    --cc=jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org \
    --cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
    --subject='Re: [PATCH RESEND 0/2] Avoid sending invalid data to the TPM' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).