lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <c700bf23fcf44221bc179a7b0e6df5c9@infineon.com>
Date:   Mon, 11 Dec 2017 16:08:59 +0000
From:   <Alexander.Steffen@...ineon.com>
To:     <pmenzel@...gen.mpg.de>, <jgg@...pe.ca>
CC:     <linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: RE: [Regression 4.15-rc2] New messages `tpm tpm0: A TPM error (2314)
 occurred continue selftest`

> Dear Jason,
> 
> 
> On 12/08/17 17:18, Jason Gunthorpe wrote:
> > On Fri, Dec 08, 2017 at 05:07:39PM +0100, Paul Menzel wrote:
> >
> >> I have no access to the system right now, but want to point out, that the
> >> log was created by `journactl -k`, so I do not know if that messes with the
> >> time stamps. I checked the output of `dmesg` but didn’t see the TPM
> error
> >> messages in the output – only `tpm_tis MSFT0101:00: 2.0 TPM (device-id
> 0xFE,
> >> rev-id 4)`. Do I need to pass a different error message to `dmesg`?
> >
> > It is a good question, I don't know.. If your kernel isn't setup to
> > timestamp messages then the journalstamp will certainly be garbage.
> >
> > No idea why you wouldn't see the messages in dmesg, if they are not in
> > dmesg they couldn't get into the journal
> 
> It looks like I was running an older Linux kernel version, when running
> `dmesg`. Sorry for the noise. Here are the messages with the Linux
> kernel time stamps, showing that the delays work correctly.
> 
> ```
> $ uname -a
> Linux Ixpees 4.15.0-041500rc2-generic #201712031230 SMP Sun Dec 3
> 17:32:03 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
> $ sudo dmesg | grep TPM
> [    0.000000] ACPI: TPM2 0x000000006F332168 000034 (v03        Tpm2Tabl
> 00000001 AMI  00000000)
> [    1.114355] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0xFE, rev-id 4)
> [    1.125250] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    1.156645] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    1.208053] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    1.299640] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    1.471223] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    1.802819] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    2.454320] tpm tpm0: A TPM error (2314) occurred continue selftest
> [    3.734808] tpm tpm0: TPM self test failed
> [    3.759675] ima: No TPM chip found, activating TPM-bypass! (rc=-19)
> ```

Thanks for the fixed log. So your TPM seems to be rather slow with executing the selftests. Could try to apply the patch that I've just sent you? It ensures that your TPM gets more time to execute all the tests, up to the limit set in the PTP.

(I would have sent that patch also to linux-kernel@...r.kernel.org, since it was included in the discussion, but for some strange reason my mail system declared that to be an "Invalid address"...)

Alexander

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ