lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 Dec 2017 16:31:17 +0100
From:   Javier Martinez Canillas <javierm@...hat.com>
To:     "Shaikh, Azhar" <azhar.shaikh@...el.com>,
        "Alexander.Steffen@...ineon.com" <Alexander.Steffen@...ineon.com>,
        "hdegoede@...hat.com" <hdegoede@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc:     "james@...le.org.uk" <james@...le.org.uk>,
        "arnd@...db.de" <arnd@...db.de>,
        "jarkko.sakkinen@...ux.intel.com" <jarkko.sakkinen@...ux.intel.com>,
        "peterhuewe@....de" <peterhuewe@....de>,
        "jgg@...pe.ca" <jgg@...pe.ca>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>
Subject: Re: [PATCH 0/4] tpm: fix PS/2 devices not working on Braswell systems
 due CLKRUN enabled

Hello Azhar,

On 12/20/2017 04:08 PM, Shaikh, Azhar wrote:

[snip]

>>>
>>>> It seems that on machines with a PS/2 controller connected to the
>>>> LPC bus the BIOS is already doing this, so I've a feeling that it
>>>> not being done on devices with a TPM is a bug in the firmware
>>>
>>> Absolutely agree, system integratos should make sure that all the
>>> devices connected to the LPC either have CLKRUN protocol support and
>>> is enabled or disable the CLKRUN protocol permanently.
>>
>> As far as I understand it, this is exactly the issue here: They know that there
>> are devices that do not support the CLKRUN protocol (the TPM in this case),
>> but they still need to enable it to prevent other issues. So for the TPM to
>> continue to work, CLKRUN needs to be disabled temporarily while the TPM is
>> active.
>>
> 
> Yes that was the reason to have this fix. We needed CLKRUN to be enabled for Braswell SOC . But the TPM in this case SLB9655 does not support CLKRUN (please check this public documentation https://www.infineon.com/dgdl/Infineon-TPM+SLB+9665-DS-v10_15-EN.pdf?fileId=5546d4625185e0e201518b83d9273d87 section 2.3 Power Management). So as Alexander mentioned CLKRUN is disabled while TPM transactions are in progress.
>

Yes I do understand that. Please read my answer to Alexander's email and also
my question (and Hans') about keeping the CLKRUN protocol permanently disabled.

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

Powered by blists - more mailing lists