lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <5d2f66c2.1c69fb81.de220.6eb6@mx.google.com>
Date:   Wed, 17 Jul 2019 11:19:45 -0700
From:   Stephen Boyd <swboyd@...omium.org>
To:     Alexander Steffen <Alexander.Steffen@...ineon.com>,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Peter Huewe <peterhuewe@....de>
Cc:     Andrey Pronin <apronin@...omium.org>, linux-kernel@...r.kernel.org,
        Jason Gunthorpe <jgg@...pe.ca>, Arnd Bergmann <arnd@...db.de>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        linux-integrity@...r.kernel.org,
        Duncan Laurie <dlaurie@...omium.org>,
        Guenter Roeck <groeck@...omium.org>,
        Dmitry Torokhov <dtor@...omium.org>
Subject: Re: [PATCH v2 3/6] tpm_tis_spi: add max xfer size

Quoting Alexander Steffen (2019-07-17 01:07:11)
> On 17.07.2019 00:45, Stephen Boyd wrote:
> > From: Andrey Pronin <apronin@...omium.org>
> > 
> > Reject burstcounts larger than 64 bytes reported by tpm.
> 
> This is not the correct thing to do here. To quote the specification:
> 
> "burstCount is defined as the number of bytes that can be written to or 
> read from the data FIFO by the software without incurring a wait state."
> (https://trustedcomputinggroup.org/wp-content/uploads/TCG_PC_Client_Platform_TPM_Profile_PTP_2.0_r1.03_v22.pdf 
> Page 84)

Thanks for pointing this out. I think we were using this SPI driver for
cr50 but then we wrote our own version of this driver with the
differences required to make cr50 work properly. I suspect we can drop
this patch, but we've been carrying it forward for a while now, so I'll
have to check with Andrey and others to make sure it's safe to remove.

> 
> If the FIFO contains 1k of data, it is completely valid for the TPM to 
> report that as its burstCount, there is no need to arbitrarily limit it.
> 
> Also, burstCount is a property of the high-level TIS protocol, that 
> should not really care whether the low-level transfers are done via LPC 
> or SPI (or I2C). Since tpm_tis_spi can only transfer 64 bytes at a time, 
> it is its job to split larger transfers (which it does perfectly fine). 
> This also has the advantage that burstCount needs only to be read once, 
> and then we can do 16 SPI transfers in a row to read that 1k of data. 
> With your change, it will read 64 bytes, then read burstCount again, 
> before reading the next 64 bytes and so on. This unnecessarily limits 
> performance.
> 
> Maybe you can describe the problem you're trying to solve in more 
> detail, so that a better solution can be found, since this is clearly 
> something not intended by the spec.

Right. The burst count we read from cr50 is never going to be larger
than max_xfer_size that we specify in the cr50 driver here, so this is
probably all useless and we can even drop the patch before this one that
adds support for this burst count capping feature.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ