lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 11 Nov 2018 13:33:36 -0500
From:   Mimi Zohar <zohar@...ux.ibm.com>
To:     Michael Niewöhner <linux@...ewoehner.de>,
        peterhuewe@....de, jarkko.sakkinen@...ux.intel.com, jgg@...pe.ca,
        arnd@...db.de, linux-integrity@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] Nuvoton NCPT650 TPM 2.0 mode not working

On Sun, 2018-11-11 at 18:55 +0100, Michael Niewöhner wrote:
> Hi all,
> 
> Nuvoton NCPT650 does not work in TPM 2.0 mode with tpm_tis / tpm_i2c_nuvoton
> while it works in TPM 1.2 mode (I can reflash it via UEFI setup).
> Kernel version is 4.19.1
> 
> Kernel config:
> 
> $ cat .config | egrep 'TCG|TPM|CRB|_TIS'
> CONFIG_TCG_TPM=y
> CONFIG_HW_RANDOM_TPM=y
> CONFIG_TCG_TIS_CORE=y
> CONFIG_TCG_TIS=y
> CONFIG_TCG_TIS_SPI=y
> # CONFIG_TCG_TIS_I2C_ATMEL is not set
> # CONFIG_TCG_TIS_I2C_INFINEON is not set
> CONFIG_TCG_TIS_I2C_NUVOTON=y
> # CONFIG_TCG_NSC is not set
> # CONFIG_TCG_ATMEL is not set
> # CONFIG_TCG_INFINEON is not set
> CONFIG_TCG_CRB=y
> # CONFIG_TCG_VTPM_PROXY is not set
> # CONFIG_TCG_TIS_ST33ZP24_I2C is not set
> # CONFIG_TCG_TIS_ST33ZP24_SPI is not set
> 
> 
> TPM 1.2 mode dmesg:
> 
> $ dmesg | egrep -i tis\|tpm\|crb
> [    3.210040] tpm_tis 00:0a: 1.2 TPM (device-id 0xFE, rev-id 2)
> 
> 
> TPM 2.0 mode dmesg:
> 
> $ dmesg | egrep -i tis\|tpm\|crb
> [    0.000000] efi:  ACPI
> 2.0=0x9e457000  ACPI=0x9e457000  SMBIOS=0x9ec44000  SMBIOS
> 3.0=0x9ec43000  TPMEventLog=0x9711f018 
> [    0.003517] ACPI: TPM2 0x000000009E490ED8 000034 (v03 LENOVO TC-
> S06   00001300 AMI  00000000)
> [    4.071550] ima: No TPM chip found, activating TPM-bypass!

It's possible that eventually the TPM is initialized, but not in time
for IMA.  Could you you check to see if the TPM is responding to
userspace commands after boot?

Mimi

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ