lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <D5Z62H0XCOQM.J4V5ZDH9E7C7@kernel.org>
Date: Sat, 30 Nov 2024 04:44:21 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Christian Heusel" <christian@...sel.eu>
Cc: "Peter Huewe" <peterhuewe@....de>, "Jason Gunthorpe" <jgg@...pe.ca>,
 "James Bottomley" <James.Bottomley@...senpartnership.com>,
 <linux-integrity@...r.kernel.org>, <linux-kernel@...r.kernel.org>,
 <regressions@...ts.linux.dev>
Subject: Re: [REGRESSION][BISECTED] tpm: Popping noise in USB headphones
 since 1b6d7f9eb150

On Tue Nov 26, 2024 at 1:42 PM EET, Christian Heusel wrote:
> On 24/10/25 05:47PM, Jarkko Sakkinen wrote:
> > Yeah, this is on the list.
> > 
> > See: https://bugzilla.kernel.org/show_bug.cgi?id=219383#c5
> > 
> > I had a fix for the AMD boot-time issue already over a month ago
> > but unfortunately took time to get enough feedback.
> > 
> > BR, Jarkko
>
> I'm not sure if this is supposed to be fixed, but AFAIK we hoped that
> the patchset that was mentioned in bugzilla also helped this issue.
>
> The reporter said that the bug is still present in 6.12.1, so this might
> need further poking 🤔

I'd suggest a workaround for the time being.

In 6.12 we added this for (heavy) IMA use:

tpm.disable_pcr_integrity= [HW,TPM]
                        Do not protect PCR registers from unintended physical
                        access, or interposers in the bus by the means of
                        having an integrity protected session wrapped around
                        TPM2_PCR_Extend command. Consider this in a situation
                        where TPM is heavily utilized by IMA, thus protection
                        causing a major performance hit, and the space where
                        machines are deployed is by other means guarded.

Similarly it might make sense to have "tpm.disable_random_integrity"
that disables the feature introduced by the failing commit.

What do you think?

>
> Cheers,
> Chris

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ