lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Fri, 24 Jul 2009 14:12:58 -0300
From:	Rajiv Andrade <srajiv@...ux.vnet.ibm.com>
To:	Andy Isaacson <adi@...apodia.org>
Cc:	Valdis.Kletnieks@...edu, Alan Cox <alan@...rguk.ukuu.org.uk>,
	Andy Isaacson <adi@...are.com>, linux-kernel@...r.kernel.org,
	tpmdd-devel@...ts.sourceforge.net, dds@...gle.com,
	Mimi Zohar <zohar@...ux.vnet.ibm.com>,
	Shahbaz Khan <shaz.linux@...il.com>, seiji.munetoh@...il.com
Subject: Re: [PATCH] TPM: DATA_EXPECT bit check bypass

On Mon, 2009-07-20 at 16:28 -0700, Andy Isaacson wrote:
> On Thu, Jul 16, 2009 at 06:20:26PM -0300, Rajiv Andrade wrote:
> > On Thu, 2009-07-16 at 16:08 -0400, Valdis.Kletnieks@...edu wrote:
> > > On Thu, 16 Jul 2009 14:43:32 -0300, Rajiv Andrade said:
> > > 
> > > > @@ -582,6 +585,12 @@ static int tpm_tis_init(struct device *dev, resource_siz
> > > e_t start,
> > > >         tpm_get_timeouts(chip);
> > > >         tpm_continue_selftest(chip);
> > > >  
> > > > +       for (i=0; i < 8; i++)
> > > > +               if (ITPM_ID[i] != to_pnp_dev(dev)->id->id[i])
> > > > +                       break;
> > > > +       if (i == 8)
> > > > +               chip->is_itpm = 1;
> > > > +
> > > 
> > > strcmp() variant of some sort instead?
> > 
> > Wait, is to_pnp_dev(dev)->id->id[i] null terminated? Maybe memcmp() fits
> > better here..
> 
> Rather than checking the PNP ID at this point, I suggest something like:
> 
> (the context here depends on my earlier series, but it's fairly
> obvious.)
> 
> @@ -467,6 +481,11 @@ static int tpm_tis_init(struct device *dev, resource_size_t start,
>  		 "1.2 TPM (%04X:%04X rev %d)\n", vendor & 0xffff,
>  		 vendor >> 16, ioread8(chip->vendor.iobase + TPM_RID(0)));
> 
> +	if (vendor == 0x10208086) {
> +		dev_info(dev, "Intel iTPM workaround enabled\n");
> +		chip->itpm = 1;
> +	}
> +
>  	/* Figure out the capabilities */
>  	intfcaps =
>  	    ioread32(chip->vendor.iobase +
> 
> (I suppose there should be a #define of 0x10208086 somewhere.)
> 

Much better, my patch would break everything in case force option was
set.

> I'll cook up a refreshed patch series.

Great, I'll ack this one when I get it, thanks.

Rajiv
+++

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ