lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 13 Jun 2019 08:20:41 -0700
From:   Doug Anderson <dianders@...omium.org>
To:     Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc:     Peter Huewe <peterhuewe@....de>,
        Guenter Roeck <groeck@...omium.org>,
        Vadim Sukhomlinov <sukhomlinov@...gle.com>,
        apronin@...omium.org, Matthias Kaehlcke <mka@...omium.org>,
        Stephen Boyd <swboyd@...omium.org>,
        Arnd Bergmann <arnd@...db.de>,
        LKML <linux-kernel@...r.kernel.org>,
        Jason Gunthorpe <jgg@...pe.ca>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-integrity@...r.kernel.org,
        Luigi Semenzato <semenzato@...omium.org>
Subject: Re: [PATCH] tpm: Fix TPM 1.2 Shutdown sequence to prevent future TPM operations

Hi,

On Thu, Jun 13, 2019 at 6:59 AM Jarkko Sakkinen
<jarkko.sakkinen@...ux.intel.com> wrote:
>
> On Wed, Jun 12, 2019 at 10:16:18PM +0300, Jarkko Sakkinen wrote:
> > On Mon, Jun 10, 2019 at 03:01:18PM -0700, Douglas Anderson wrote:
> > > From: Vadim Sukhomlinov <sukhomlinov@...gle.com>
> > >
> > > TPM 2.0 Shutdown involve sending TPM2_Shutdown to TPM chip and disabling
> > > future TPM operations. TPM 1.2 behavior was different, future TPM
> > > operations weren't disabled, causing rare issues. This patch ensures
> > > that future TPM operations are disabled.
> > >
> > > Signed-off-by: Vadim Sukhomlinov <sukhomlinov@...gle.com>
> > > [dianders: resolved merge conflicts with mainline]
> > > Signed-off-by: Douglas Anderson <dianders@...omium.org>
> >
> > Nice catch. Thank you.
> >
> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
>
> Applied to my master branch. I also added a fixes tag.
>
> Can you check that it looks legit to you?

Found the patch in your tree at
<http://git.infradead.org/users/jjs/linux-tpmdd.git/commit/41f15a4f02092d531fb34b42a06e9a1603a7df27>.
I'm decidedly a non-expert here, mostly just wrangling a patch that
someone else came up with.  :-)  ...but let's see...

I think you're asking if the "Fixes" looks sane.  I guess it depends
on what you're trying to accomplish.  Certainly what you've tagged in
"Fixes" marks the point where it would be easiest to backport this fix
to.  ...but I think the problem is much older than that patch.

As I understand it, this problem has existed for much longer.  I
believe that ${SUBJECT} patch evolved from an investigation that Luigi
Semenzato did back in 2013 when we got back some Chromebooks whose
TPMs claimed that they had been "attacked".  Said another way, I
believe it is an evolution of the patch <https://crrev.com/c/57988>
("CHROMIUM: workaround for Infineon TPM broken defensive timeout").

...so technically someone ought to want this on all old kernels.
Maybe keep the "Cc: stable" but remove the "Fixes"?


-Doug

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ