linux-kernel - Re: [tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

lists.openwall.net		lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC
Open Source and information security mailing list archives

Hash Suite: Windows password security audit tool. GUI, reports in PDF.

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-Id: <9e823fb6-dcc7-a097-1cba-948aeffe2eb6@linux.vnet.ibm.com>
Date:   Fri, 13 Jan 2017 15:35:40 -0500
From:   Stefan Berger <stefanb@...ux.vnet.ibm.com>
To:     Nayna Jain <nayna@...ux.vnet.ibm.com>,
        tpmdd-devel@...ts.sourceforge.net
Cc:     linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [tpmdd-devel] [PATCH v8 2/2] tpm: add securityfs support for TPM
 2.0 firmware event log

On 01/13/2017 01:09 PM, Stefan Berger wrote:
> On 01/11/2017 02:54 AM, Nayna Jain wrote:
>> Unlike the device driver support for TPM 1.2, the TPM 2.0 does
>> not support the securityfs pseudo files for displaying the
>> firmware event log.
>>
>> This patch enables support for providing the TPM 2.0 event log in
>> binary form. TPM 2.0 event log supports a crypto agile format that
>> records multiple digests, which is different from TPM 1.2. This
>> patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
>> event log parser which understand the TPM 2.0 crypto agile format.
>>
>> Signed-off-by: Nayna Jain <nayna@...ux.vnet.ibm.com>
>> ---
>>   drivers/char/tpm/Makefile                          |   2 +-
>>   .../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c}   |  35 ++--
>>   drivers/char/tpm/tpm2_eventlog.c                   | 203 
>> +++++++++++++++++++++
>>   drivers/char/tpm/tpm_acpi.c                        |   3 +
>>   drivers/char/tpm/tpm_eventlog.h                    |  63 +++++++
>>   5 files changed, 291 insertions(+), 15 deletions(-)
>>   rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
>>   create mode 100644 drivers/char/tpm/tpm2_eventlog.c
>>
>>
>> diff --git a/drivers/char/tpm/tpm_acpi.c b/drivers/char/tpm/tpm_acpi.c
>> index b7718c9..169edf3 100644
>> --- a/drivers/char/tpm/tpm_acpi.c
>> +++ b/drivers/char/tpm/tpm_acpi.c
>> @@ -54,6 +54,9 @@ int tpm_read_log_acpi(struct tpm_chip *chip)
>>       u64 len, start;
>>       struct tpm_bios_log *log;
>>
>> +    if (chip->flags & TPM_CHIP_FLAG_TPM2)
>> +        return -ENODEV;
>> +
>
>
> Works with SeaBIOS when this check is disabled.
>

-> Tested-by: Stefan Berger <stefanb@...ux.vnet.ibm.com>