| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <aFxuZV3lwd2Uc90g@kernel.org> Date: Thu, 26 Jun 2025 00:47:17 +0300 From: Jarkko Sakkinen <jarkko@...nel.org> To: Sudeep Holla <sudeep.holla@....com> Cc: Yeoreum Yun <yeoreum.yun@....com>, peterhuewe@....de, jgg@...pe.ca, stuart.yoder@....com, linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org, linux-integrity@...r.kernel.org Subject: Re: [PATCH v4 0/2] generate boot_aggregate log in IMA with TPM using CRB over FF-A On Wed, Jun 25, 2025 at 08:35:33PM +0100, Sudeep Holla wrote: > On Wed, Jun 25, 2025 at 08:01:51PM +0300, Jarkko Sakkinen wrote: > > On Wed, Jun 25, 2025 at 07:59:53PM +0300, Jarkko Sakkinen wrote: > > > On Wed, Jun 25, 2025 at 11:36:19AM +0100, Yeoreum Yun wrote: > > > > Hi Jarkko, > > > > > > > > > On Wed, Jun 18, 2025 at 11:23:00AM +0100, Yeoreum Yun wrote: > > > > > > To ensure the TPM device operating over the FF-A protocol with > > > > > > the CRB interface is probed before IMA initialization, > > > > > > the following conditions must be met: > > > > > > > > > > > > 1. The corresponding ffa_device must be registered, > > > > > > which is done via ffa_init(). > > > > > > > > > > > > 2. The tpm_crb_driver must successfully probe this device via > > > > > > tpm_crb_ffa_init(). > > > > > > > > > > > > 3. The tpm_crb driver using CRB over FF-A can then > > > > > > be probed successfully. (See crb_acpi_add() and > > > > > > tpm_crb_ffa_init() for reference.) > > > > > > > > > > > > Unfortunately, ffa_init(), tpm_crb_ffa_init(), and crb_acpi_driver_init() are > > > > > > all registered with device_initcall, which means crb_acpi_driver_init() may > > > > > > be invoked before ffa_init() and tpm_crb_ffa_init() are completed. > > > > > > > > > > I get the ffa_init() part i.e, moving it earlier. However for > > > > > tpm_crb_ffa_init() and crb_acpi_driver_init(), modules.dep > > > > > takes care that they are loaded in order. > > > > > For IMA you will need the driver as built-in but that should > > > > > be handled via kernel config, not via code changes. > > > > > > > > In the case of "module" built, it's true. > > > > However what I tell here is when "tpm_crb" and "tpm_crb_ffa" is built > > > > as "built-in" in this case, it couldn't make a "dependency" between > > > > the same initcall level: here is the case of this. > > > > > > > > 0000000000000888 l .initcall6.init>-------0000000000000000 crb_acpi_driver_init > > > > 000000000000088c l .initcall6.init>-------0000000000000000 tpm_crb_ffa_driver_init > > > > > > > > in this case, wihtout code change, the crb_acpi_driver_init() > > > > is failed since tpm_crb_ffa_driver_init() is called later. > > > > > > > > and this couldn't be solved with kconfig -- > > > > ARM_FFA_TRANSPORT=y && CONFIG_TCG_CRB=y && CONFIG_TCG_CRB_FFA=y. > > > > > > > > The Patch #2 is to proing the tpm_crb_ffa as part of > > > > crb_acpi_driver_init() when TPM uses method ARM-FFA. > > > > > > > > If there's another suggestion, let me know please. > > > > > > Hmm.. I actually got what you mean now. I was looking this from > > > wrong angle. I think we can pick these patches! > > > > > > Reviewed-by: Jarkko Sakkinen <jarkko@...nel.org> > > > > > > > > > > > Thanks > > > > > > > > -- > > > > Sincerely, > > > > Yeoreum Yun > > > > > > BR, Jarkko > > > > Applied. > > If you are applying 1/2 too, feel free to add > > Reviewed-by: Sudeep Holla <sudeep.holla@....com> > > I was initially thinking of taking it separately as there is no strict > build dependency. But I am fine if you can take them together. Hmm.. Yeah, if you insist to take them, that's fine for me too. That said, I'm also happy to take care of them :-) I'll append your review. > > -- > Regards, > Sudeep BR, Jarkko
Powered by blists - more mailing lists