xen-devel.lists.xenproject.org archive mirror
 help / color / mirror / Atom feed
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Ian Jackson <iwj@xenproject.org>, Wei Liu <wl@xen.org>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>,
	Dag Nygren <dag@newtech.fi>
Subject: [PATCH 0/9] vtpmmgr: Some fixes - still incomplete
Date: Tue,  4 May 2021 08:48:33 -0400	[thread overview]
Message-ID: <20210504124842.220445-1-jandryuk@gmail.com> (raw)

vtpmmgr TPM 2.0 support is incomplete.  There is no code to save the
tpm2 keys generated by the vtpmmgr, so it's impossible to restore vtpm
state with tpm2.  The vtpmmgr also issues TPM 1.2 commands to the TPM
2.0 hardware which naturally fails.  Dag reported this [1][2], and I
independently re-discovered it.

I have not fixed the above issues.  These are some fixes I made while
investigating tpm2 support.  At a minimum, "docs: Warn about incomplete
vtpmmgr TPM 2.0 support" should be applied to warn others.

This is useful for debugging:
vtpmmgr: Print error code to aid debugging

This fixes vtpmmgr output (also noted by Dag [3]) but maybe removing %z
would be better:
stubom: newlib: Enable C99 formats for %z

This gives more flexibility if you are already using the TPM2 hardware:
vtpmmgr: Allow specifying srk_handle for TPM2

These are some changes to unload keys from the TPM hardware (so they
are not still loaded for anything that runs afterwards):
vtpmmgr: Move vtpmmgr_shutdown
vtpmmgr: Flush transient keys on shutdown
vtpmmgr: Flush all transient keys
vtpmmgr: Shutdown more gracefully

This lets vtpms initialize their random pools:
vtpmmgr: Support GetRandom passthrough on TPM 2.0

[1] https://lore.kernel.org/xen-devel/8285393.eUs1EhXEQl@eseries.newtech.fi/
[2] https://lore.kernel.org/xen-devel/1615731.eyaQ0j4tC5@eseries.newtech.fi/
[3] https://lore.kernel.org/xen-devel/3151252.0ZAaMuH7Fy@dag.newtech.fi/

Jason Andryuk (9):
  docs: Warn about incomplete vtpmmgr TPM 2.0 support
  vtpmmgr: Print error code to aid debugging
  stubom: newlib: Enable C99 formats for %z
  vtpmmgr: Allow specifying srk_handle for TPM2
  vtpmmgr: Move vtpmmgr_shutdown
  vtpmmgr: Flush transient keys on shutdown
  vtpmmgr: Flush all transient keys
  vtpmmgr: Shutdown more gracefully
  vtpmmgr: Support GetRandom passthrough on TPM 2.0

 docs/man/xen-vtpmmgr.7.pod         | 18 +++++++++++
 stubdom/Makefile                   |  2 +-
 stubdom/vtpmmgr/init.c             | 49 ++++++++++++++++++++----------
 stubdom/vtpmmgr/marshal.h          | 10 ++++++
 stubdom/vtpmmgr/tpm.c              |  2 +-
 stubdom/vtpmmgr/tpm2.c             |  2 +-
 stubdom/vtpmmgr/vtpm_cmd_handler.c | 48 +++++++++++++++++++++++++++++
 stubdom/vtpmmgr/vtpmmgr.c          | 12 +++++++-
 8 files changed, 123 insertions(+), 20 deletions(-)

-- 
2.30.2



             reply	other threads:[~2021-05-04 12:49 UTC|newest]

Thread overview: 30+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-05-04 12:48 Jason Andryuk [this message]
2021-05-04 12:48 ` [PATCH 1/9] docs: Warn about incomplete vtpmmgr TPM 2.0 support Jason Andryuk
2021-05-04 17:55   ` Andrew Cooper
2021-05-07 15:31   ` Daniel P. Smith
2021-05-04 12:48 ` [PATCH 2/9] vtpmmgr: Print error code to aid debugging Jason Andryuk
2021-05-04 13:03   ` Samuel Thibault
2021-05-07 15:33   ` Daniel P. Smith
2021-05-04 12:48 ` [PATCH 3/9] stubom: newlib: Enable C99 formats for %z Jason Andryuk
2021-05-04 13:08   ` Samuel Thibault
2021-05-07 15:37   ` Daniel P. Smith
2021-05-04 12:48 ` [PATCH 4/9] vtpmmgr: Allow specifying srk_handle for TPM2 Jason Andryuk
2021-05-04 13:13   ` Samuel Thibault
2021-05-04 17:04     ` Jason Andryuk
2021-05-04 17:07       ` Samuel Thibault
2021-05-04 17:27         ` Jason Andryuk
2021-05-04 17:48           ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 5/9] vtpmmgr: Move vtpmmgr_shutdown Jason Andryuk
2021-05-04 13:14   ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 6/9] vtpmmgr: Flush transient keys on shutdown Jason Andryuk
2021-05-04 13:15   ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 7/9] vtpmmgr: Flush all transient keys Jason Andryuk
2021-05-04 13:16   ` Samuel Thibault
2021-05-04 17:05     ` Jason Andryuk
2021-05-04 17:07       ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 8/9] vtpmmgr: Shutdown more gracefully Jason Andryuk
2021-05-04 13:18   ` Samuel Thibault
2021-05-04 12:48 ` [PATCH 9/9] vtpmmgr: Support GetRandom passthrough on TPM 2.0 Jason Andryuk
2021-05-04 13:33   ` Samuel Thibault
2021-05-04 17:23     ` Jason Andryuk
2021-05-04 17:47       ` Samuel Thibault

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210504124842.220445-1-jandryuk@gmail.com \
    --to=jandryuk@gmail.com \
    --cc=dag@newtech.fi \
    --cc=dgdegra@tycho.nsa.gov \
    --cc=iwj@xenproject.org \
    --cc=quan.xu0@gmail.com \
    --cc=samuel.thibault@ens-lyon.org \
    --cc=wl@xen.org \
    --cc=xen-devel@lists.xenproject.org \
    --subject='Re: [PATCH 0/9] vtpmmgr: Some fixes - still incomplete' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).