lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <85154bfe-6bd5-440a-acc1-f01497d59af5@linux.ibm.com>
Date:   Wed, 22 Nov 2023 07:34:33 -0500
From:   Stefan Berger <stefanb@...ux.ibm.com>
To:     Hermin Anggawijaya <hermin.anggawijaya@...iedtelesis.co.nz>,
        peterhuewe@....de, jarkko@...nel.org, jgg@...pe.ca
Cc:     linux-integrity@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH] tpm: Start the tpm2 before running a self test.



On 11/22/23 01:55, Hermin Anggawijaya wrote:
> Before sending a command to attempt the self test, the TPM
> may need to be started, otherwise the self test returns
> TPM2_RC_INITIALIZE value causing a log as follows:
> "tpm tpm0: A TPM error (256) occurred attempting the self test".
> 
> Signed-off-by: Hermin Anggawijaya <hermin.anggawijaya@...iedtelesis.co.nz>
> ---
>   drivers/char/tpm/tpm2-cmd.c | 8 ++++----
>   1 file changed, 4 insertions(+), 4 deletions(-)
> 
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 93545be190a5..0530f3b5f86a 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -737,15 +737,15 @@ int tpm2_auto_startup(struct tpm_chip *chip)
>   	if (rc)
>   		goto out;
>   
> +	rc = tpm2_startup(chip);
> +	if (rc && rc != TPM2_RC_INITIALIZE)
> +		goto out;
> +

Most platforms should have firmware initialize the TPM 2 these days. 
Therefore, a selftest should work and in case it doesn't work you fall 
back to the tpm2_startup below and if you get an error message in the 
log you at least know that you firmware is not up-to-date.

>   	rc = tpm2_do_selftest(chip);
>   	if (rc && rc != TPM2_RC_INITIALIZE)
>   		goto out;
>   
>   	if (rc == TPM2_RC_INITIALIZE) {
> -		rc = tpm2_startup(chip);
> -		if (rc)
> -			goto out;
> -
>   		rc = tpm2_do_selftest(chip);
>   		if (rc)
>   			goto out;

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ