[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-Id: <D15DSV117DQZ.3GJOTXCTGZHE9@kernel.org>
Date: Thu, 09 May 2024 23:04:04 +0300
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Linus Torvalds" <torvalds@...ux-foundation.org>
Cc: "Peter Huewe" <peterhuewe@....de>, "Jason Gunthorpe" <jgg@...pe.ca>,
"David Howells" <dhowells@...hat.com>, <keyrings@...r.kernel.org>,
<linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-6.10-rc1
The following changes since commit 45db3ab70092637967967bfd8e6144017638563c:
Merge tag '6.9-rc7-ksmbd-fixes' of git://git.samba.org/ksmbd (2024-05-08 10:39:53 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1
for you to fetch changes up to 1d479e3cd6520085832a6b432d521eeead2691ba:
Documentation: tpm: Add TPM security docs toctree entry (2024-05-09 22:30:52 +0300)
----------------------------------------------------------------
Hi,
These are the changes for the TPM driver with a single major new
feature: TPM bus encryption and integrity protection. The key pair
on TPM side is generated from so called null random seed per power
on of the machine [1]. This supports the TPM encryption of the hard
drive by adding layer of protection against bus interposer attacks.
Other than the pull request a few minor fixes and documentation for
tpm_tis to clarify basics of TPM localities for future patch review
discussions (will be extended and refined over times, just a seed).
[1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/
BR, Jarkko
----------------------------------------------------------------
Ard Biesheuvel (1):
crypto: lib - implement library version of AES in CFB mode
Bagas Sanjaya (1):
Documentation: tpm: Add TPM security docs toctree entry
Colin Ian King (1):
tpm/eventlog: remove redundant assignment to variabel ret
James Bottomley (14):
tpm: Move buffer handling from static inlines to real functions
tpm: add buffer function to point to returned parameters
tpm: export the context save and load commands
tpm: Add NULL primary creation
tpm: Add TCG mandated Key Derivation Functions (KDFs)
tpm: Add HMAC session start and end functions
tpm: Add HMAC session name/handle append
tpm: Add the rest of the session HMAC API
tpm: add hmac checks to tpm2_pcr_extend()
tpm: add session encryption protection to tpm2_get_random()
KEYS: trusted: Add session encryption protection to the seal/unseal path
tpm: add the null key name as a sysfs export
Documentation: add tpm-security.rst
tpm: disable the TPM if NULL name changes
Jarkko Sakkinen (8):
Documentation: tpm_tis
tpm: Remove unused tpm_buf_tag()
tpm: Remove tpm_send()
tpm: Update struct tpm_buf documentation comments
tpm: Store the length of the tpm_buf data separately.
tpm: TPM2B formatted buffers
tpm: Add tpm_buf_read_{u8,u16,u32}
KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers
Michael Haener (1):
dt-bindings: tpm: Add st,st33ktpm2xi2c
Niklas Schnelle (2):
char: tpm: handle HAS_IOPORT dependencies
char: tpm: Keep TPM_INF_IO_PORT define for HAS_IOPORT=n
.../devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml | 1 +
Documentation/security/tpm/index.rst | 2 +
Documentation/security/tpm/tpm-security.rst | 216 ++++
Documentation/security/tpm/tpm_tis.rst | 46 +
drivers/char/tpm/Kconfig | 17 +-
drivers/char/tpm/Makefile | 2 +
drivers/char/tpm/eventlog/acpi.c | 1 -
drivers/char/tpm/tpm-buf.c | 252 ++++
drivers/char/tpm/tpm-chip.c | 6 +
drivers/char/tpm/tpm-interface.c | 26 +-
drivers/char/tpm/tpm-sysfs.c | 18 +
drivers/char/tpm/tpm.h | 14 +
drivers/char/tpm/tpm2-cmd.c | 53 +-
drivers/char/tpm/tpm2-sessions.c | 1286 ++++++++++++++++++++
drivers/char/tpm/tpm2-space.c | 11 +-
drivers/char/tpm/tpm_infineon.c | 14 +-
drivers/char/tpm/tpm_tis_core.c | 19 +-
include/crypto/aes.h | 5 +
include/keys/trusted_tpm.h | 2 -
include/linux/tpm.h | 316 +++--
lib/crypto/Kconfig | 5 +
lib/crypto/Makefile | 3 +
lib/crypto/aescfb.c | 257 ++++
security/keys/trusted-keys/trusted_tpm1.c | 23 +-
security/keys/trusted-keys/trusted_tpm2.c | 136 ++-
25 files changed, 2519 insertions(+), 212 deletions(-)
create mode 100644 Documentation/security/tpm/tpm-security.rst
create mode 100644 Documentation/security/tpm/tpm_tis.rst
create mode 100644 drivers/char/tpm/tpm-buf.c
create mode 100644 drivers/char/tpm/tpm2-sessions.c
create mode 100644 lib/crypto/aescfb.c
Powered by blists - more mailing lists