lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20181113111204.GD10434@linux.intel.com>
Date:   Tue, 13 Nov 2018 13:12:04 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     "Winkler, Tomas" <tomas.winkler@...el.com>
Cc:     "linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>,
        "linux-security-module@...r.kernel.org" 
        <linux-security-module@...r.kernel.org>,
        James Bottomley <James.Bottomley@...senPartnership.com>,
        "Struk, Tadeusz" <tadeusz.struk@...el.com>,
        Stefan Berger <stefanb@...ux.vnet.ibm.com>,
        Nayna Jain <nayna@...ux.ibm.com>,
        Peter Huewe <peterhuewe@....de>,
        Jason Gunthorpe <jgg@...pe.ca>, Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v5 16/17] tpm: take TPM chip power gating out of
 tpm_transmit()

On Fri, Nov 09, 2018 at 09:37:48PM +0000, Winkler, Tomas wrote:
> > On Thu, Nov 08, 2018 at 06:38:59PM +0000, Winkler, Tomas wrote:
> > > > Call tpm_chip_start() and tpm_chip_stop() in
> > > >
> > > > * tpm_try_get_ops() and tpm_put_ops()
> > > > * tpm_chip_register()
> > > > * tpm2_del_space()
> > > >
> > > > And remove these calls from tpm_transmit(). The core reason for this
> > > > change is that in tpm_vtpm_proxy a locality change requires a
> > > > virtual TPM command (a command made up just for that driver).
> > > >
> > > I don't think you can do that,  locality has to be request for each
> > > command, as  for example tboot can request higher locality any time.
> > 
> > That could be a potential problem. How tboot intervention gets prevented
> > without this patch?
> As it was said, need to request locality and relinquish it for each
> command, I believe thought this is not required for client platforms
> only for servers. 

And what I'm trying to under is why so.

If the intervention can happen at any time that would imply that even if
you would request and relinquish locality for a single TPM command, the
intervention could happen in the middle. That is why I'm asking why
without this patch things are just fine.

/Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ