lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <D65GMNDAP2VG.1OM0JQG5Q934M@kernel.org>
Date: Sat, 07 Dec 2024 14:16:53 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jiri Slaby" <jirislaby@...nel.org>, "Linus Torvalds"
 <torvalds@...ux-foundation.org>, "Linux Kernel Mailing List"
 <linux-kernel@...r.kernel.org>
Cc: Peter Hüwe <PeterHuewe@....de>, "Jason Gunthorpe"
 <jgg@...pe.ca>, <linux-integrity@...r.kernel.org>, "Ard Biesheuvel"
 <ardb@...nel.org>, "linux-efi@...r.kernel.org" <linux-efi@...r.kernel.org>
Subject: Re: TPM/EFI issue [Was: Linux 6.12]

On Mon Dec 2, 2024 at 9:52 AM EET, Jiri Slaby wrote:
> On 30. 11. 24, 3:49, Jarkko Sakkinen wrote:
> > On Wed Nov 27, 2024 at 8:46 AM EET, Jiri Slaby wrote:
> >> Cc TPM + EFI guys.
> >>
> >> On 17. 11. 24, 23:26, Linus Torvalds wrote:
> >>> But before the merge window opens, please give this a quick test to
> >>> make sure we didn't mess anything up. The shortlog below gives you the
> >>> summary for the last week, and nothing really jumps out at me. A
> >>> number of last-minute reverts, and some random fairly small fixes
> >>> fairly spread out in the tree.
> >>
> >> Hi,
> >>
> >> there is a subtle bug in 6.12 wrt TPM (in TPM, EFI, or perhaps in
> >> something else):
> >> https://bugzilla.suse.com/show_bug.cgi?id=1233752
> >>
> >> Our testing (openQA) fails with 6.12:
> >> https://openqa.opensuse.org/tests/4657304#step/trup_smoke/26
> >>
> >> The last good is with 6.11.7:
> >> https://openqa.opensuse.org/tests/4648526
> >>
> >> In sum:
> >> TPM is supposed to provide a key for decrypting the root partitition,
> >> but fails for some reason.
> >>
> >> It's extremely hard (so far) to reproduce outside of openQA (esp. when
> >> trying custom kernels).
>
> Mark "X".
>
> >> Most of the 6.12 TPM stuff already ended in (good) 6.11.7. I tried to
> >> revert:
> >>     423893fcbe7e tpm: Disable TPM on tpm2_create_primary() failure
> >> from 6.12 but that still fails.
> >>
> >> We are debugging this further, this is just so you know.
> >>
> >> Or maybe you have some immediate ideas?
> > 
> > Nothing immediate but I've had to tweak quite a lot of TPM bus
> > integrity protection feature so it is a possibility that I've
> > made a mistake in a point or another.
> > 
> > Can you bisect the issue possibly?
>
> No, see mark "X" :).
>
> But follow the downstream bug for progress:
> https://bugzilla.suse.com/show_bug.cgi?id=1233752

Just came back from company retrite from BCN.

I can follow this but cannot comment because I've never been
able to get a bugzilla account working for any of SUSE infra
:-)

I was actually surprised that I'm able to view the bug at
all... Bookmarked it and this thread from lore and revisit
like in the middle of the week (my calendar is filled with
meetings Mon/Tue).

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ