| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Z-Bx_-EvcfCzWqr7@kernel.org>
Date: Sun, 23 Mar 2025 22:41:35 +0200
From: Jarkko Sakkinen <jarkko@...nel.org>
To: Nicolai Stange <nstange@...e.de>
Cc: Mimi Zohar <zohar@...ux.ibm.com>,
Roberto Sassu <roberto.sassu@...wei.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
Eric Snowberg <eric.snowberg@...cle.com>,
James Bottomley <James.Bottomley@...senpartnership.com>,
linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [RFC PATCH v2 07/13] tpm: enable bank selection for PCR extend
On Sun, Mar 23, 2025 at 03:09:05PM +0100, Nicolai Stange wrote:
> The existing tpm_pcr_extend() extends all of a PCR's allocated banks with
> the corresponding digest from the provided digests[] argument.
Why not "just" tpm_pcr_extend(). We don't have a concept of
"non-existing tpm_pcr_extend()".
"tpm_pcr_extend() extends the allocated PCR banks ..."
or something.
>
> An upcoming code change to IMA will introduce the need to skip over those
Don't talk about upcoming code changes. Just explain why IMA depends on
the change.
> banks it does not have a hash algorithm implementation available for.
>
> Introduce tpm_pcr_extend_sel() to support this.
>
> tpm_pcr_extend_sel() also expects a digests[] array, always being the
> number of allocated PCR banks in size, just as it's the case for the
> existing tpm_pcr_extend(). In addition to that however, it takes a
> 'banks_skip_mask', and will skip the extension of any bank having its
> corresponding bit set there.
>
> Signed-off-by: Nicolai Stange <nstange@...e.de>
> ---
> drivers/char/tpm/tpm-interface.c | 29 +++++++++++++++++++++++++++--
> drivers/char/tpm/tpm.h | 3 ++-
> drivers/char/tpm/tpm2-cmd.c | 29 +++++++++++++++++++++++++++--
> include/linux/tpm.h | 3 +++
> 4 files changed, 59 insertions(+), 5 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index b1daa0d7b341..88b4496de1df 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -314,6 +314,26 @@ EXPORT_SYMBOL_GPL(tpm_pcr_read);
> */
> int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> struct tpm_digest *digests)
> +{
> + return tpm_pcr_extend_sel(chip, pcr_idx, digests, 0);
> +}
> +EXPORT_SYMBOL_GPL(tpm_pcr_extend);
I'd add just an extra argument to tpm_pcr_extend().
BR, Jarkko
Powered by blists - more mailing lists