lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20190902142735.6280-1-jsnitsel@redhat.com>
Date:   Mon,  2 Sep 2019 07:27:32 -0700
From:   Jerry Snitselaar <jsnitsel@...hat.com>
To:     linux-integrity@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, Alexey Klimov <aklimov@...hat.com>,
        Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
        Peter Huewe <peterhuewe@....de>, Jason Gunthorpe <jgg@...pe.ca>
Subject: [PATCH v4 0/4] tpm: add update_durations class op to allow override of chip supplied values

We've run into a case where a customer has an STM TPM 1.2 chip
(version 1.2.8.28), that is getting into an inconsistent state and
they end up getting tpm transmit errors.  In really old tpm code this
wasn't seen because the code that grabbed the duration values from the
chip could fail silently, and would proceed to just use default values
and move forward. More recent code though successfully gets the
duration values from the chip, and using those values this particular
chip version gets into the state seen by the customer.

The idea with this patchset is to provide a facility like the
update_timeouts operation to allow the override of chip supplied
values.

changes from v3:
    * Assign value to version when tpm1_getcap is successful for TPM 1.1 device
      not when it fails.

changes from v2:
    * Added patch 1/3
    * Rework tpm_tis_update_durations to make use of new version structs
      and pull tpm1_getcap calls out of loop.

changes from v1:
    * Remove unneeded newline
    * Formatting cleanups
    * Change tpm_tis_update_durations to be a void function, and
      use chip->duration_adjusted to track whether adjustment was
      made.

Jarkko Sakkinen (1):
      tpm: Remove duplicate code from caps_show() in tpm-sysfs.c

Jerry Snitselaar (2):
      tpm: provide a way to override the chip returned durations
      tpm_tis: override durations for STM tpm with firmware 1.2.8.28

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ