| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 07 Mar 2011 23:55:52 -0300 From: Rajiv Andrade <srajiv@...ux.vnet.ibm.com> To: "Ted Ts'o" <tytso@....edu>, Linus Torvalds <torvalds@...ux-foundation.org>, James Morris <jmorris@...ei.org>, linux-kernel@...r.kernel.org Subject: Re: [REGRESSION] tpm_tis on Lenovo T410 broken in 2.6.38-rc6 On 03/05/2011 01:48 PM, Ted Ts'o wrote: > On Fri, Mar 04, 2011 at 11:44:18AM -0300, Rajiv Andrade wrote: >> The bug was that when running the kernel with IMA, at boot time, it >> issues 3 TPM commands IIRC, given the 2 min timeout, >> when the TPM didn't respond due to it not working with interrupts >> for example, the boot hang for 6 minutes. > At boot time, why don't you just poll? Maybe I'm missing something. Polling is the alternative option there already, in case the TPM doesn't get an IRQ assigned. However, for a reason we've now found out (testing on more platforms before posting), when such happens, the TPM doesn't issue the interrupt signals when the device driver expects, to make wait_event_interruptible_timeout() return before timeout. > Or you could just simply use a different default timeout during the > boot sequence, or simply tell your IMA users to disable it, since if > you are just hacking the TPM to do a fast fail, the IMA is going to be > broken anyway, right? > That's true, but it would be disabled at the bootloader command line, same place the interrupts could be disabled, that causes both to work. However disabling the interrupts at command line was considered to be a workaround in the bugzilla it was reported, so I understood it should work as is for the users. >> Thanks, it is. HZ isn't enough time for this TPM/setup to have short >> timeout commands to succeed, including >> the tpm_get_timeouts(). I was skeptic at first that this would be >> the reason since I have the same machine, >> and was working for me, the reason I asked for these parameters >> setup attempts. > Yes, but you're probably doing different TPM operations than I am.... > I'm not trying to do IMA, I'm trying to login to a WPA2 protected > network where the private key needed to authenticate to the enterprise > wireless network is locked in the TPM. > Ah.. completely different story then, I thought you were seeing the timeouts for _any_ command, sorry. Just to confirm, can you issue a tpm_version? I believe you might have them already, but this requires the tpm-tools and trousers packages installed. Thanks, Rajiv -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists