| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210810162119.htk366pmacrnzdmh@kernel.org>
Date: Tue, 10 Aug 2021 19:21:19 +0300
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Ross Philipson <ross.philipson@...cle.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
iommu@...ts.linux-foundation.org, linux-integrity@...r.kernel.org,
linux-doc@...r.kernel.org, dpsmith@...rtussolutions.com,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
luto@...capital.net, kanth.ghatraju@...cle.com,
trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v3 14/14] tpm: Allow locality 2 to be set when
initializing the TPM for Secure Launch
On Mon, Aug 09, 2021 at 12:38:56PM -0400, Ross Philipson wrote:
> The Secure Launch MLE environment uses PCRs that are only accessible from
> the DRTM locality 2. By default the TPM drivers always initialize the
> locality to 0. When a Secure Launch is in progress, initialize the
> locality to 2.
>
> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> ---
> drivers/char/tpm/tpm-chip.c | 13 +++++++++++--
> 1 file changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
> index ddaeceb..48b9351 100644
> --- a/drivers/char/tpm/tpm-chip.c
> +++ b/drivers/char/tpm/tpm-chip.c
> @@ -23,6 +23,7 @@
> #include <linux/major.h>
> #include <linux/tpm_eventlog.h>
> #include <linux/hw_random.h>
> +#include <linux/slaunch.h>
> #include "tpm.h"
>
> DEFINE_IDR(dev_nums_idr);
> @@ -34,12 +35,20 @@
>
> static int tpm_request_locality(struct tpm_chip *chip)
> {
> - int rc;
> + int rc, locality;
int locality;
int rc;
>
> if (!chip->ops->request_locality)
> return 0;
>
> - rc = chip->ops->request_locality(chip, 0);
> + if (slaunch_get_flags() & SL_FLAG_ACTIVE) {
> + dev_dbg(&chip->dev, "setting TPM locality to 2 for MLE\n");
> + locality = 2;
> + } else {
> + dev_dbg(&chip->dev, "setting TPM locality to 0\n");
> + locality = 0;
> + }
Please, remove dev_dbg()'s.
> +
> + rc = chip->ops->request_locality(chip, locality);
> if (rc < 0)
> return rc;
>
> --
> 1.8.3.1
/Jarkko
Powered by blists - more mailing lists