| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 19 Jul 2021 15:37:17 +0200
From: Borys Movchan <borysmn@...s.com>
To: Peter Huewe <peterhuewe@....de>,
Jarkko Sakkinen <jarkko@...nel.org>,
Jason Gunthorpe <jgg@...pe.ca>
CC: <kernel@...s.com>, Borys Movchan <borysmn@...s.com>,
<linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH] tpm: Add Upgrade/Reduced mode support for TPM2 modules
On some systems, especially embedded, TPM might start in
Upgrade/Reduced mode due to the previous failure of a firmware
upgrade process. Allow the TPM driver to handle such situations
properly. Enables a possibility for userspace application to
finalize TPM upgrade or recovery if required.
Signed-off-by: Borys Movchan <borysmn@...s.com>
---
drivers/char/tpm/tpm-chip.c | 23 +++++++++++++++--------
drivers/char/tpm/tpm2-cmd.c | 12 ++++++++++--
include/linux/tpm.h | 1 +
3 files changed, 26 insertions(+), 10 deletions(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index ddaeceb7e109..ff2367c447fb 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -574,20 +574,25 @@ static int tpm_get_pcr_allocation(struct tpm_chip *chip)
int tpm_chip_register(struct tpm_chip *chip)
{
int rc;
+ bool limited_mode = false;
rc = tpm_chip_start(chip);
if (rc)
return rc;
rc = tpm_auto_startup(chip);
- if (rc) {
+ if (rc == -EIO) {
+ limited_mode = true;
+ } else if (rc) {
tpm_chip_stop(chip);
return rc;
}
- rc = tpm_get_pcr_allocation(chip);
- tpm_chip_stop(chip);
- if (rc)
- return rc;
+ if (!limited_mode) {
+ rc = tpm_get_pcr_allocation(chip);
+ tpm_chip_stop(chip);
+ if (rc)
+ return rc;
+ }
tpm_sysfs_add_device(chip);
@@ -595,9 +600,11 @@ int tpm_chip_register(struct tpm_chip *chip)
tpm_add_ppi(chip);
- rc = tpm_add_hwrng(chip);
- if (rc)
- goto out_ppi;
+ if (!limited_mode) {
+ rc = tpm_add_hwrng(chip);
+ if (rc)
+ goto out_ppi;
+ }
rc = tpm_add_char_device(chip);
if (rc)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index a25815a6f625..7468353ed67d 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -718,7 +718,8 @@ static int tpm2_startup(struct tpm_chip *chip)
* sequence
* @chip: TPM chip to use
*
- * Returns 0 on success, < 0 in case of fatal error.
+ * Returns 0 on success, -ENODEV in case of fatal error,
+ * -EIO in case of Reduced/Upgrade mode
*/
int tpm2_auto_startup(struct tpm_chip *chip)
{
@@ -729,7 +730,10 @@ int tpm2_auto_startup(struct tpm_chip *chip)
goto out;
rc = tpm2_do_selftest(chip);
- if (rc && rc != TPM2_RC_INITIALIZE)
+ if (rc == TPM2_RC_UPGRADE) {
+ rc = -EIO;
+ goto out;
+ } else if (rc && rc != TPM2_RC_INITIALIZE)
goto out;
if (rc == TPM2_RC_INITIALIZE) {
@@ -743,6 +747,10 @@ int tpm2_auto_startup(struct tpm_chip *chip)
}
rc = tpm2_get_cc_attrs_tbl(chip);
+ if (rc) { /* Succeeded until here, but failed -> reduced mode */
+ rc = -EIO;
+ goto out;
+ }
out:
if (rc > 0)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index aa11fe323c56..e873c42907f0 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -207,6 +207,7 @@ enum tpm2_return_codes {
TPM2_RC_INITIALIZE = 0x0100, /* RC_VER1 */
TPM2_RC_FAILURE = 0x0101,
TPM2_RC_DISABLED = 0x0120,
+ TPM2_RC_UPGRADE = 0x012D,
TPM2_RC_COMMAND_CODE = 0x0143,
TPM2_RC_TESTING = 0x090A, /* RC_WARN */
TPM2_RC_REFERENCE_H0 = 0x0910,
--
2.20.1
Powered by blists - more mailing lists