lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 20 Dec 2017 17:45:16 +0100
From:   Javier Martinez Canillas <javierm@...hat.com>
To:     "Shaikh, Azhar" <azhar.shaikh@...el.com>,
        "Alexander.Steffen@...ineon.com" <Alexander.Steffen@...ineon.com>,
        "hdegoede@...hat.com" <hdegoede@...hat.com>,
        "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>
Cc:     "james@...le.org.uk" <james@...le.org.uk>,
        "arnd@...db.de" <arnd@...db.de>,
        "jarkko.sakkinen@...ux.intel.com" <jarkko.sakkinen@...ux.intel.com>,
        "peterhuewe@....de" <peterhuewe@....de>,
        "jgg@...pe.ca" <jgg@...pe.ca>,
        "gregkh@...uxfoundation.org" <gregkh@...uxfoundation.org>,
        "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>
Subject: Re: [PATCH 0/4] tpm: fix PS/2 devices not working on Braswell systems
 due CLKRUN enabled

Hello Azhar,

On 12/20/2017 04:41 PM, Shaikh, Azhar wrote:
> 
> 
>> -----Original Message-----
>> From: Javier Martinez Canillas [mailto:javierm@...hat.com]
>> Sent: Wednesday, December 20, 2017 7:31 AM
>> To: Shaikh, Azhar <azhar.shaikh@...el.com>;
>> Alexander.Steffen@...ineon.com; hdegoede@...hat.com; linux-
>> kernel@...r.kernel.org
>> Cc: james@...le.org.uk; arnd@...db.de; jarkko.sakkinen@...ux.intel.com;
>> peterhuewe@....de; jgg@...pe.ca; gregkh@...uxfoundation.org; linux-
>> integrity@...r.kernel.org
>> Subject: Re: [PATCH 0/4] tpm: fix PS/2 devices not working on Braswell
>> systems due CLKRUN enabled
>>
>> Hello Azhar,
>>
>> On 12/20/2017 04:08 PM, Shaikh, Azhar wrote:
>>
>> [snip]
>>
>>>>>
>>>>>> It seems that on machines with a PS/2 controller connected to the
>>>>>> LPC bus the BIOS is already doing this, so I've a feeling that it
>>>>>> not being done on devices with a TPM is a bug in the firmware
>>>>>
>>>>> Absolutely agree, system integratos should make sure that all the
>>>>> devices connected to the LPC either have CLKRUN protocol support and
>>>>> is enabled or disable the CLKRUN protocol permanently.
>>>>
>>>> As far as I understand it, this is exactly the issue here: They know
>>>> that there are devices that do not support the CLKRUN protocol (the
>>>> TPM in this case), but they still need to enable it to prevent other
>>>> issues. So for the TPM to continue to work, CLKRUN needs to be
>>>> disabled temporarily while the TPM is active.
>>>>
>>>
>>> Yes that was the reason to have this fix. We needed CLKRUN to be enabled
>> for Braswell SOC . But the TPM in this case SLB9655 does not support CLKRUN
>> (please check this public documentation
>> https://www.infineon.com/dgdl/Infineon-TPM+SLB+9665-DS-v10_15-
>> EN.pdf?fileId=5546d4625185e0e201518b83d9273d87 section 2.3 Power
>> Management). So as Alexander mentioned CLKRUN is disabled while TPM
>> transactions are in progress.
>>>
>>
>> Yes I do understand that. Please read my answer to Alexander's email and
>> also my question (and Hans') about keeping the CLKRUN protocol
>> permanently disabled.
>>
> 
> We had to enable CLKRUN for BSW issues as mentioned here https://www.intel.com/content/www/us/en/processors/pentium/pentium-celeron-n-series-spec-update.html  on Page 24 CHP 49 and Page 25 CHP 51
> 

Thanks for the pointer. But it's still not clear to me after reading the
mentioned erratas why the CLKRUN protocol must be enabled.

CHP49 says "System May Experience Inability to Boot or May Cease Operation"
and that it may be related to the LPC circuitry to stop functioning which
causes the inability to boot when activity is high for several years.

And that the workaround is:

"Firmware code changes for LPC and RTC circuitry and mitigations for SD Card
circuitry have been identified and may be implemented for this erratum."

Is this Firmware code changes to enable the CLKRUN protocol to minimize the
LPC bus activity and so prevent the LPC circuitry to stop functioning?

CHP51 says "LPC Clock Control Using the LPC_CLKRUN# May Not Behave As Expected"
and that the implication is that "The SoC may prevent a peripheral device from
successfully requesting the LPC clock".

So I would say that CLKRUN protocol should NOT be enabled instead since the
CLKRUN# signal is not reliable. Or what am I missing here?

Best regards,
-- 
Javier Martinez Canillas
Software Engineer - Desktop Hardware Enablement
Red Hat

Powered by blists - more mailing lists