lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Mon, 23 Jan 2017 17:04:22 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     Nayna Jain <nayna@...ux.vnet.ibm.com>
Cc:     tpmdd-devel@...ts.sourceforge.net, peterhuewe@....de,
        tpmdd@...horst.net, jgunthorpe@...idianresearch.com,
        linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH v9 0/2] securityfs support for TPM 2.0 firmware event log

On Mon, Jan 23, 2017 at 02:26:25AM -0500, Nayna Jain wrote:
> The TPM device driver defines ascii and binary methods for
> displaying the TPM 1.2 event log via securityfs files, which are
> needed for validating a TPM quote. The device driver for TPM 2.0
> does not have similar support for displaying the TPM 2.0
> event log. This patch set adds the support for displaying
> TPM 2.0 event log in binary format.
> 
> The parsing mechanism to display the TPM 2.0 event log in binary
> format is implemented as defined in the TPM 2.0 TCG specification[1].
> If the firmware event log support exists and is successfully read,
> the securityfs file is created to provide the event log in binary
> format for both the OF device tree and ACPI.
> 
>    - Patch 1 adds the device tree bindings support for Physical TPM.
>    - Patch 2 adds the support for creating securityfs files and for
>      displaying the TPM 2.0 crypto agile event log in binary format.
> 
> [1] TCG EFI Protocol Specification, Family "2.0" - Section 5 "Event
> Log Structure"
> 
> Changelog History
> 
> v9:
> - Rebased to the Jarkko's latest master branch (9b7f425 tpm: Check size of 
>   response before accessing data)

These rebase comments are something that you should not add to changelog
as you obviously need to do it always.

/Jarkko

> - Patch "tpm: add securityfs support for TPM 2.0 firmware event log" 
>   - Renamed struct tpmt_ha to struct tpm2_hash.
>   - Removed struct tpml_digest_values.
> 
> v8:
> - Rebased to the Jarkko's latest master branch (8e25809 tpm:
>   Do not print an error message when doing TPM auto startup)
> - Patch "tpm: add securityfs support for TPM 2.0 firmware event log" 
>   - Added feedbacks from Jarkko
>     - tpm_read_log_acpi() returns -ENODEV for TPM 2.0.
>     - Fixed code formatting and comments.
> 
> v7:
> - Rebased to the Jarkko's latest master branch (b2505f6 tpm/vtpm:
>   fix kdoc warnings)
> - Included Jarkko's feedbacks on version v6.
> - Cleaned up #defines in tpm2_eventlog.c
>   - renamed HASH_COUNT to TPM2_ACTIVE_PCR_BANKS
>   - deleted MAX_DIGEST_SIZE, used SHA384_DIGEST_SIZE directly from 
>   <crypto/hash_info.h>
>   - deleted MAX_TPM_LOG_MSG. Redefined event[MAX_TPM_LOG_MSG]
>   as event[0].
> 
> v6:
> 
> - Rebased to the Jarkko's latest master branch (e717b5c:tpm: vtpm_proxy: 
>   conditionally call tpm_chip_unregister)
> - Retained securityfs setup functions in tpm_eventlog.c
> - Renamed tpm_eventlog.c to tpm1_eventlog.c
> - Fixed tpm_read_log_of() for NULL check and memcpy function.
> 
> v5:
> 
> - Upstreamed cleanup and fixes as different patchset
> - Rebased to the Jarkko's latest master branch (e5be084 tpm: vtpm_proxy:
>   Do not access host's event log)
> - Patch "tpm: enhance read_log_of() to support Physical TPM event log
>   - New Patch.
> - Patch "tpm: add securityfs support for TPM 2.0 firmware event log"
>   - Moved the changes in read_log_of() to a different patch
>   - TPM 2.0 event log data types are declared in tpm_eventlog.h, tpm2.h
>   is removed.
>   - Included other feedbacks also from Jarkko on aligment and extra
>     line
> 
> v4:
> 
> - Includes feedbacks from Jarkko and Jason.
> - Patch "tpm: define a generic open() method for ascii & bios
> measurements".
>   - Fix indentation issue.
> - Patch "tpm: replace the dynamically allocated bios_dir as
>   struct dentry array".
>   - Continue to use bios_dir_count variable to use is_bad() checks and
>     to maintain correct order for securityfs_remove() during teardown.
>   - Reset chip->bios_dir_count in teardown() function.
> - Patch "tpm: validate the eventlog access before tpm_bios_log_setup".
>   - Retain TPM2 check which was removed in previous patch.
>   - Add tpm_bios_log_setup failure handling.
>   - Remove use of private data from v3 version of patch. Add a
>   new member to struct tpm_chip to achieve the same purpose.
> - Patch "tpm: redefine the read_log method to check for ACPI/OF 
> properties sequentially".
>   - Move replacement of CONFIG_TCG_IBMVTPM with CONFIG_OF to this
>     patch from patch 3.
>   - Replace -1 error code with -ENODEV.
> - Patch "tpm: replace the of_find_node_by_name() with dev of_node
> property".
>   - Uses chip->dev.parent->of_node.
>   - Created separate patch for cleanup of pr_err messages.
> - Patch "tpm: remove printk error messages".
>   - New Patch.
> - Patch "tpm: add the securityfs file support for TPM 2.0 eventlog".
>   - Parses event digests using event alg_id rather than event log header
>     alg_id.
>   - Uses of_property_match_string to differentiate tpm/vtpm compatible
> 
> v3:
> 
> - Includes the review feedbacks as suggested by Jason.
> - Split of patches into one patch per idea.
> - Generic open() method for ascii/bios measurements.
> - Replacement of of **bios_dir with *bios_dir[3].
> - Verifying readlog() is successful before creating securityfs entries.
> - Generic readlog() to check for ACPI/OF in sequence.
> - read_log_of() method now uses of_node propertry rather than
> calling find_device_by_name.
> - read_log differentiates vtpm/tpm using its compatible property.
> - Cleans pr_err with dev_dbg.
> - Commit msgs subject line prefixed with tpm.
> 
> v2:
> 
> - Fixes issues as given in feedback by Jason.
> - Adds documentation for device tree.
> 
> Nayna Jain (2):
>   tpm: enhance read_log_of() to support Physical TPM event log
>   tpm: add securityfs support for TPM 2.0 firmware event log
> 
>  drivers/char/tpm/Makefile                          |   2 +-
>  .../char/tpm/{tpm_eventlog.c => tpm1_eventlog.c}   |  35 ++--
>  drivers/char/tpm/tpm2_eventlog.c                   | 203 +++++++++++++++++++++
>  drivers/char/tpm/tpm_acpi.c                        |   3 +
>  drivers/char/tpm/tpm_eventlog.h                    |  59 ++++++
>  drivers/char/tpm/tpm_of.c                          |  27 ++-
>  6 files changed, 310 insertions(+), 19 deletions(-)
>  rename drivers/char/tpm/{tpm_eventlog.c => tpm1_eventlog.c} (95%)
>  create mode 100644 drivers/char/tpm/tpm2_eventlog.c
> 
> -- 
> 2.5.0
> 

Powered by blists - more mailing lists