lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Tue, 10 Aug 2021 19:21:19 +0300
From:   Jarkko Sakkinen <jarkko@...nel.org>
To:     Ross Philipson <ross.philipson@...cle.com>
Cc:     linux-kernel@...r.kernel.org, x86@...nel.org,
        iommu@...ts.linux-foundation.org, linux-integrity@...r.kernel.org,
        linux-doc@...r.kernel.org, dpsmith@...rtussolutions.com,
        tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
        luto@...capital.net, kanth.ghatraju@...cle.com,
        trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v3 14/14] tpm: Allow locality 2 to be set when
 initializing the TPM for Secure Launch

On Mon, Aug 09, 2021 at 12:38:56PM -0400, Ross Philipson wrote:
> The Secure Launch MLE environment uses PCRs that are only accessible from
> the DRTM locality 2. By default the TPM drivers always initialize the
> locality to 0. When a Secure Launch is in progress, initialize the
> locality to 2.
> 
> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> ---
>  drivers/char/tpm/tpm-chip.c | 13 +++++++++++--
>  1 file changed, 11 insertions(+), 2 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index ddaeceb..48b9351 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -23,6 +23,7 @@
>  #include <linux/major.h>
>  #include <linux/tpm_eventlog.h>
>  #include <linux/hw_random.h>
> +#include <linux/slaunch.h>
>  #include "tpm.h"
>  
>  DEFINE_IDR(dev_nums_idr);
> @@ -34,12 +35,20 @@
>  
>  static int tpm_request_locality(struct tpm_chip *chip)
>  {
> -	int rc;
> +	int rc, locality;

        int locality;
        int rc;

>  
>  	if (!chip->ops->request_locality)
>  		return 0;
>  
> -	rc = chip->ops->request_locality(chip, 0);
> +	if (slaunch_get_flags() & SL_FLAG_ACTIVE) {
> +		dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n");
> +		locality = 2;
> +	} else {
> +		dev_dbg(&chip->dev, "setting TPM locality to 0\n");
> +		locality = 0;
> +	}

Please, remove dev_dbg()'s.

> +
> +	rc = chip->ops->request_locality(chip, locality);
>  	if (rc < 0)
>  		return rc;
>  
> -- 
> 1.8.3.1

/Jarkko

Powered by blists - more mailing lists