lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Sun, 11 Nov 2018 19:50:03 +0100
From:   Michael Niewöhner <linux@...ewoehner.de>
To:     James Bottomley <James.Bottomley@...senPartnership.com>,
        peterhuewe@....de, jarkko.sakkinen@...ux.intel.com, jgg@...pe.ca,
        arnd@...db.de, linux-integrity@...r.kernel.org,
        linux-kernel <linux-kernel@...r.kernel.org>
Subject: Re: [BUG] Nuvoton NCPT650 TPM 2.0 mode not working

Hi James,

On Sun, 2018-11-11 at 10:24 -0800, James Bottomley wrote:
> On Sun, 2018-11-11 at 18:55 +0100, Michael Niewöhner wrote:
> > Hi all,
> > 
> > Nuvoton NCPT650 does not work in TPM 2.0 mode with tpm_tis /
> > tpm_i2c_nuvoton while it works in TPM 1.2 mode (I can reflash it via
> > UEFI setup). Kernel version is 4.19.1
> 
> Not that this helps you, but mine definitely works.  I've got an older
> Dell XPS-13 with a Nuvoton 650 which is software switchable between 1.2
> and 2.0.  This is what mine says
> 
> jejb@...vis:~> dmesg|egrep -i tis\|tpm\|crb
> [    0.000000] efi:  ACPI=0x79419000  ACPI
> 2.0=0x79419000  SMBIOS=0xf0000  TPMEventLog=0x69db3018 
> [    0.012797] ACPI: TPM2 0x0000000079446CC0 000034 (v03        Tpm2Tabl
> 00000001 AMI  00000000)
> [    2.035242] tpm_tis MSFT0101:00: 2.0 TPM (device-id 0xFE, rev-id 2)
> 
> However, this makes me wonder about yours:
> 
> > [    0.003517] ACPI: TPM2 0x000000009E490ED8 000034 (v03 LENOVO TC-
> > S06   00001300 AMI  00000000)
> 
> I thought the Lenovo "upgrade to 2.0" in fact disabled the external TPM
> in favour of the Intel PTT (software TPM in the management engine). 
> Since you apparently have the tpm_crb driver that should find the PTT
> TPM, this might be one of the attachment bugs in the CRB driver ...
> from your ACPI output it looks to be not specifying the Tpm2Tabl.

Well, there are at least two implementations I know of:
For my Lenovo X260 I can choose between Infineon TPM 1.2 or Intel PTT TPM 2.0
This here is my ThinkStation P320 which can choose between PTT 1.2, PTT 2.0,
Nuvoton 1.2 and 2.0. When switchting between 1.2 and 2.0 the Nuvoton gets
reflashed with the appropriate firmware.

> 
> James
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ