lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <9c893c52-e960-4f30-98ce-ba7d873145bb@kernel.org>
Date: Wed, 27 Nov 2024 07:46:44 +0100
From: Jiri Slaby <jirislaby@...nel.org>
To: Linus Torvalds <torvalds@...ux-foundation.org>,
 Linux Kernel Mailing List <linux-kernel@...r.kernel.org>
Cc: Peter Hüwe <PeterHuewe@....de>,
 Jarkko Sakkinen <jarkko@...nel.org>, Jason Gunthorpe <jgg@...pe.ca>,
 linux-integrity@...r.kernel.org, Ard Biesheuvel <ardb@...nel.org>,
 "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>
Subject: TPM/EFI issue [Was: Linux 6.12]

Cc TPM + EFI guys.

On 17. 11. 24, 23:26, Linus Torvalds wrote:
> But before the merge window opens, please give this a quick test to
> make sure we didn't mess anything up. The shortlog below gives you the
> summary for the last week, and nothing really jumps out at me. A
> number of last-minute reverts, and some random fairly small fixes
> fairly spread out in the tree.

Hi,

there is a subtle bug in 6.12 wrt TPM (in TPM, EFI, or perhaps in 
something else):
https://bugzilla.suse.com/show_bug.cgi?id=1233752

Our testing (openQA) fails with 6.12:
https://openqa.opensuse.org/tests/4657304#step/trup_smoke/26

The last good is with 6.11.7:
https://openqa.opensuse.org/tests/4648526

In sum:
TPM is supposed to provide a key for decrypting the root partitition, 
but fails for some reason.

It's extremely hard (so far) to reproduce outside of openQA (esp. when 
trying custom kernels).

Most of the 6.12 TPM stuff already ended in (good) 6.11.7. I tried to 
revert:
   423893fcbe7e tpm: Disable TPM on tpm2_create_primary() failure
from 6.12 but that still fails.

We are debugging this further, this is just so you know.

Or maybe you have some immediate ideas?

thanks,
-- 
js
suse labs

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ