lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <D15DSV117DQZ.3GJOTXCTGZHE9@kernel.org>
Date: Thu, 09 May 2024 23:04:04 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Linus Torvalds" <torvalds@...ux-foundation.org>
Cc: "Peter Huewe" <peterhuewe@....de>, "Jason Gunthorpe" <jgg@...pe.ca>,
 "David Howells" <dhowells@...hat.com>, <keyrings@...r.kernel.org>,
 <linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-6.10-rc1

The following changes since commit 45db3ab70092637967967bfd8e6144017638563c:

  Merge tag '6.9-rc7-ksmbd-fixes' of git://git.samba.org/ksmbd (2024-05-08 10:39:53 -0700)

are available in the Git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1

for you to fetch changes up to 1d479e3cd6520085832a6b432d521eeead2691ba:

  Documentation: tpm: Add TPM security docs toctree entry (2024-05-09 22:30:52 +0300)

----------------------------------------------------------------
Hi,

These are the changes for the TPM driver with a single major new
feature: TPM bus encryption and integrity protection. The key pair
on TPM side is generated from so called null random seed per power
on of the machine [1]. This supports the TPM encryption of the hard
drive by adding layer of protection against bus interposer attacks.

Other than the pull request a few minor fixes and documentation for
tpm_tis to clarify basics of TPM localities for future patch review
discussions (will be extended and refined over times, just a seed).

[1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/

BR, Jarkko

----------------------------------------------------------------
Ard Biesheuvel (1):
      crypto: lib - implement library version of AES in CFB mode

Bagas Sanjaya (1):
      Documentation: tpm: Add TPM security docs toctree entry

Colin Ian King (1):
      tpm/eventlog: remove redundant assignment to variabel ret

James Bottomley (14):
      tpm: Move buffer handling from static inlines to real functions
      tpm: add buffer function to point to returned parameters
      tpm: export the context save and load commands
      tpm: Add NULL primary creation
      tpm: Add TCG mandated Key Derivation Functions (KDFs)
      tpm: Add HMAC session start and end functions
      tpm: Add HMAC session name/handle append
      tpm: Add the rest of the session HMAC API
      tpm: add hmac checks to tpm2_pcr_extend()
      tpm: add session encryption protection to tpm2_get_random()
      KEYS: trusted: Add session encryption protection to the seal/unseal path
      tpm: add the null key name as a sysfs export
      Documentation: add tpm-security.rst
      tpm: disable the TPM if NULL name changes

Jarkko Sakkinen (8):
      Documentation: tpm_tis
      tpm: Remove unused tpm_buf_tag()
      tpm: Remove tpm_send()
      tpm: Update struct tpm_buf documentation comments
      tpm: Store the length of the tpm_buf data separately.
      tpm: TPM2B formatted buffers
      tpm: Add tpm_buf_read_{u8,u16,u32}
      KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers

Michael Haener (1):
      dt-bindings: tpm: Add st,st33ktpm2xi2c

Niklas Schnelle (2):
      char: tpm: handle HAS_IOPORT dependencies
      char: tpm: Keep TPM_INF_IO_PORT define for HAS_IOPORT=n

 .../devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml   |    1 +
 Documentation/security/tpm/index.rst               |    2 +
 Documentation/security/tpm/tpm-security.rst        |  216 ++++
 Documentation/security/tpm/tpm_tis.rst             |   46 +
 drivers/char/tpm/Kconfig                           |   17 +-
 drivers/char/tpm/Makefile                          |    2 +
 drivers/char/tpm/eventlog/acpi.c                   |    1 -
 drivers/char/tpm/tpm-buf.c                         |  252 ++++
 drivers/char/tpm/tpm-chip.c                        |    6 +
 drivers/char/tpm/tpm-interface.c                   |   26 +-
 drivers/char/tpm/tpm-sysfs.c                       |   18 +
 drivers/char/tpm/tpm.h                             |   14 +
 drivers/char/tpm/tpm2-cmd.c                        |   53 +-
 drivers/char/tpm/tpm2-sessions.c                   | 1286 ++++++++++++++++++++
 drivers/char/tpm/tpm2-space.c                      |   11 +-
 drivers/char/tpm/tpm_infineon.c                    |   14 +-
 drivers/char/tpm/tpm_tis_core.c                    |   19 +-
 include/crypto/aes.h                               |    5 +
 include/keys/trusted_tpm.h                         |    2 -
 include/linux/tpm.h                                |  316 +++--
 lib/crypto/Kconfig                                 |    5 +
 lib/crypto/Makefile                                |    3 +
 lib/crypto/aescfb.c                                |  257 ++++
 security/keys/trusted-keys/trusted_tpm1.c          |   23 +-
 security/keys/trusted-keys/trusted_tpm2.c          |  136 ++-
 25 files changed, 2519 insertions(+), 212 deletions(-)
 create mode 100644 Documentation/security/tpm/tpm-security.rst
 create mode 100644 Documentation/security/tpm/tpm_tis.rst
 create mode 100644 drivers/char/tpm/tpm-buf.c
 create mode 100644 drivers/char/tpm/tpm2-sessions.c
 create mode 100644 lib/crypto/aescfb.c

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ