lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <35286B1AE75A7C47BFF0870081A31B4B387510DB14@SAFEX1MAIL4.st.com>
Date:	Wed, 7 Nov 2012 16:23:14 +0100
From:	Mathias LEBLANC <Mathias.LEBLANC@...com>
To:	Kent Yoder <key@...ux.vnet.ibm.com>
Cc:	Rajiv Andrade <mail@...jiv.net>,
	Marcel Selhorst <tpmdd@...horst.net>,
	Sirrix AG <tpmdd@...rix.com>,
	"tpmdd-devel@...ts.sourceforge.net" 
	<tpmdd-devel@...ts.sourceforge.net>,
	"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
	Jean-Luc BLANC <jean-luc.blanc@...com>
Subject: RE: [PATCH 1/1] TPM: STMicroelectronics ST33 I2C

Hi Kent,

Sorry for sending new driver, it was a mistake.
Today, I will upload the new version of the Linux driver without the errors that you have mentioned in your previous mail.

About :
> +/*
> + * tpm_st33_i2c_ioctl provides 2 handles:
> + * - TPMIOC_CANCEL: allow to CANCEL a TPM commands execution.
> + *   See tpm_stm_i2c_cancel description above
> + * - TPMIOC_TRANSMIT: allow to transmit a TPM commands.
> + * - TPMIOC_HASH: allow to compute a locality 4 hash
> + * - TPMIOC_CHANGELOCALITY: allow to change the current locality

  Can we get rid of the ioctl path?  cancel and transmit are available
through read/write already, but I need help understanding what hash and
change locality would be useful for. If the kernel is running you can
just use the crypto api for a hash operation, right?

  As for changing locality, what's the idea there? If you can just
switch localities at any time with an ioctl and no DRTM, why have it?

[cut]
> +static const struct file_operations tpm_st33_i2c_fops = {
> +     .owner = THIS_MODULE,
> +     .llseek = no_llseek,
> +     .read = tpm_read,
> +     .write = tpm_write,
> +     .open = tpm_open,
> +     .release = tpm_release,
> +};

The TPM specification, specifies all four localities used for different levels
LOCALITY4_HASH by a CPU instruction to start
LOCALITY3 for BIOS
LOCALITY2 for MBR
LOCALITY1 for operation login
LOCALITY0 for common OS tasks.

The use of these localities is agreement with the specifications and must always be down (4, 3, 2, 1, 0) to be sure that the verification steps lower levels will never be altered to ensure "sustainability".
If once the OS loaded, I am able to use the locality 4, I could potentially alter the values ​​of the starting steps below ...
Access to these localities in the driver * Linux * has been given only for the purpose of validation.

________________________________________
From: Kent Yoder [key@...ux.vnet.ibm.com]
Sent: 07 November 2012 16:02
To: Mathias LEBLANC
Cc: Rajiv Andrade; Marcel Selhorst; Sirrix AG; tpmdd-devel@...ts.sourceforge.net; linux-kernel@...r.kernel.org; Jean-Luc BLANC
Subject: Re: [PATCH 1/1] TPM: STMicroelectronics ST33 I2C

On Wed, Nov 07, 2012 at 01:15:09PM +0100, Mathias Leblanc wrote:
>  * STMicroelectronics version 1.2.0, Copyright (C) 2010
>  * STMicroelectronics comes with ABSOLUTELY NO WARRANTY.
>  * This is free software, and you are welcome to redistribute it
>  * under certain conditions.
>
> This is the driver for TPM chip from ST Microelectronics.
>
> If you have a TPM security chip from STMicroelectronics working with
> an I2C, in menuconfig or .config choose the tpm driver on
> device --> tpm and activate the protocol of your choice before compiling
> the kernel.
> The driver will be accessible from within Linux.
>
> Tested on linux x86/x64, beagleboard REV B & XM REV C and CHROMIUM OS
>
> Signed-off-by: Mathias Leblanc <mathias.leblanc@...com>

Hi Mathias,

  I didn't see a reply to my mail from Oct 31, and very little has
changed here.  Did I miss something?

Kent

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ