lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date:   Wed, 13 Feb 2019 10:49:21 +0200
From:   Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
To:     jmorris@...ei.org
Cc:     linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: [GIT PULL] tpmdd updates for Linux v5.1

James,

Quite a fat release this time. I'll try to enumerate the highlights.

Clean up the transmission flow
==============================

Cleaned up the whole transmission flow. Locking of the chip is now done in
the level of tpm_try_get_ops() and tpm_put_ops() instead taking the chip
lock inside tpm_transmit(). The nested calls inside tpm_transmit(), used
with the resource manager, have been refactored out.

Should make easier to perform more complex transactions with the TPM
without making the subsystem a bigger mess (e.g. encrypted channel patches
by James Bottomley).

PPI 1.3 support
===============

TPM PPI 1.3 introduces an additional optional command parameter that may be
needed for some commands. Display the parameter if the command requires
such a parameter. Only command 23 (SetPCRBanks) needs one.

The PPI request file will show output like this then:

   # echo "23 16" > request
   # cat request
   23 16

   # echo "5" > request
   # cat request
   5

Extend all PCR banks in IMA
===========================

Instead of static PCR banks array, the array of available PCR banks is now
allocated dynamically. The digests sizes are determined dynamically using a
probe PCR read without relying crypto's static list of hash algorithms.

This should finally make sealing of measurements in IMA safe and secure.

TPM 2.0 selftests
=================

Added a test suite to tools/testing/selftests/tpm2 previously outside of
the kernel tree: https://github.com/jsakkine-intel/tpm2-scripts.

The following changes since commit 2181e084b26bddca22bc3f23364c15809cfed28b:

  LSM: SafeSetID: remove unused include (2019-01-30 12:29:53 -0800)

are available in the Git repository at:

  git://git.infradead.org/users/jjs/linux-tpmdd.git tags/tpmdd-next-20190213

for you to fetch changes up to 50a81b60bfe075a0023670ff86558abd02536799:

  tpm/ppi: Enable submission of optional command parameter for PPI 1.3 (2019-02-13 09:48:53 +0200)

----------------------------------------------------------------
tpmdd updates for Linux v5.1

----------------------------------------------------------------
Jarkko Sakkinen (21):
      tpm/tpm_crb: Avoid unaligned reads in crb_recv()
      tpm: Fix some name collisions with drivers/char/tpm.h
      selftests: add TPM 2.0 tests
      tpm: Unify the send callback behaviour
      tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
      tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter
      tpm: fix invalid return value in pubek_show()
      tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails
      tpm: print tpm2_commit_space() error inside tpm2_commit_space()
      tpm: declare struct tpm_header
      tpm: access command header through struct in tpm_try_transmit()
      tpm: encapsulate tpm_dev_transmit()
      tpm: clean up tpm_try_transmit() error handling flow
      tpm: move tpm_validate_commmand() to tpm2-space.c
      tpm: move TPM space code out of tpm_transmit()
      tpm: remove @space from tpm_transmit()
      tpm: use tpm_try_get_ops() in tpm-sysfs.c.
      tpm: remove TPM_TRANSMIT_UNLOCKED flag
      tpm: introduce tpm_chip_start() and tpm_chip_stop()
      tpm: take TPM chip power gating out of tpm_transmit()
      tpm: remove @flags from tpm_transmit()

Jerry Snitselaar (2):
      tpm: don't print error message in tpm_transmit_cmd when tpm still testing
      tpm: don't return bool from update_timeouts

Jia Zhang (2):
      tpm: Simplify the measurements loop
      tpm: Fix off-by-one when reading binary_bios_measurements

Roberto Sassu (7):
      tpm: add _head suffix to tcg_efi_specid_event and tcg_pcr_event2
      tpm: dynamically allocate the allocated_banks array
      tpm: rename and export tpm2_digest and tpm2_algorithms
      tpm: retrieve digest size of unknown algorithms with PCR read
      tpm: move tpm_chip definition to include/linux/tpm.h
      KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
      tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()

Stefan Berger (5):
      tpm/ppi: pass function revision ID to tpm_eval_dsm()
      tpm/ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_ID_1
      tpm/ppi: Display up to 101 operations as define for version 1.3
      tpm/ppi: Possibly show command parameter if TPM PPI 1.3 is used
      tpm/ppi: Enable submission of optional command parameter for PPI 1.3

 drivers/char/tpm/eventlog/tpm1.c           |  41 +-
 drivers/char/tpm/eventlog/tpm2.c           |  12 +-
 drivers/char/tpm/st33zp24/i2c.c            |   2 +-
 drivers/char/tpm/st33zp24/spi.c            |   2 +-
 drivers/char/tpm/st33zp24/st33zp24.c       |   2 +-
 drivers/char/tpm/st33zp24/st33zp24.h       |   4 +-
 drivers/char/tpm/tpm-chip.c                | 124 ++++-
 drivers/char/tpm/tpm-dev-common.c          |  44 +-
 drivers/char/tpm/tpm-interface.c           | 327 ++++----------
 drivers/char/tpm/tpm-sysfs.c               | 138 +++---
 drivers/char/tpm/tpm.h                     | 180 ++------
 drivers/char/tpm/tpm1-cmd.c                |  43 +-
 drivers/char/tpm/tpm2-cmd.c                | 208 +++++----
 drivers/char/tpm/tpm2-space.c              |  90 +++-
 drivers/char/tpm/tpm_atmel.c               |   2 +-
 drivers/char/tpm/tpm_crb.c                 |  22 +-
 drivers/char/tpm/tpm_i2c_atmel.c           |  15 +-
 drivers/char/tpm/tpm_i2c_infineon.c        |  17 +-
 drivers/char/tpm/tpm_i2c_nuvoton.c         |  18 +-
 drivers/char/tpm/tpm_ibmvtpm.c             |   8 +-
 drivers/char/tpm/tpm_infineon.c            |   2 +-
 drivers/char/tpm/tpm_nsc.c                 |   2 +-
 drivers/char/tpm/tpm_ppi.c                 |  78 +++-
 drivers/char/tpm/tpm_tis_core.c            |  21 +-
 drivers/char/tpm/tpm_vtpm_proxy.c          |  15 +-
 drivers/char/tpm/xen-tpmfront.c            |   4 +-
 include/linux/tpm.h                        | 129 +++++-
 include/linux/tpm_eventlog.h               |  19 +-
 security/integrity/ima/ima.h               |   1 +
 security/integrity/ima/ima_crypto.c        |  10 +-
 security/integrity/ima/ima_init.c          |   4 +
 security/integrity/ima/ima_queue.c         |  27 +-
 security/keys/trusted.c                    |  73 ++-
 tools/testing/selftests/Makefile           |   1 +
 tools/testing/selftests/tpm2/Makefile      |   4 +
 tools/testing/selftests/tpm2/test_smoke.sh |   4 +
 tools/testing/selftests/tpm2/test_space.sh |   4 +
 tools/testing/selftests/tpm2/tpm2.py       | 696 +++++++++++++++++++++++++++++
 tools/testing/selftests/tpm2/tpm2_tests.py | 227 ++++++++++
 39 files changed, 1876 insertions(+), 744 deletions(-)
 create mode 100644 tools/testing/selftests/tpm2/Makefile
 create mode 100755 tools/testing/selftests/tpm2/test_smoke.sh
 create mode 100755 tools/testing/selftests/tpm2/test_space.sh
 create mode 100644 tools/testing/selftests/tpm2/tpm2.py
 create mode 100644 tools/testing/selftests/tpm2/tpm2_tests.py

Powered by blists - more mailing lists