| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20251214153808.73831-1-jarkko@kernel.org> Date: Sun, 14 Dec 2025 17:37:57 +0200 From: Jarkko Sakkinen <jarkko@...nel.org> To: linux-integrity@...r.kernel.org Cc: Ross Philipson <ross.philipson@...cle.com>, Jarkko Sakkinen <jarkko@...nel.org>, David Howells <dhowells@...hat.com>, Paul Moore <paul@...l-moore.com>, James Morris <jmorris@...ei.org>, "Serge E. Hallyn" <serge@...lyn.com>, keyrings@...r.kernel.org (open list:KEYS/KEYRINGS), linux-security-module@...r.kernel.org (open list:SECURITY SUBSYSTEM), linux-kernel@...r.kernel.org (open list) Subject: [PATCH v6 00/11] Streamline TPM2 HMAC sessions Since we cannot at this point cache names of the keys given limitations of the ASN.1 file format, I'll start a fresh patch set. Let's fixup what we can right now. This patch set addresses two major issues in the feature: 1. Dynamic resolution without gain. All kernel sites have at most single handle to authorize. Even if this changes some day this is how it is as of today and we definitely do not want to dictate the future but instead downscale code to the metrics that we have as of today. 2. Eliminate at least one unnnecessary tpm2_read_public() call. Change Log ========== v6: - OK, so I decided to send one more update with managed allocations moved to the tail so that it does not block reviewing more trivial patches. - Trimmed some of the patches and improved commit messages. v5: - I decided to add the managed allocation patch to this and take it from the master branch for the time being, as it needs more eyes despite having already one reviewed-by tag (especially tested-by tags). Jarkko Sakkinen (11): tpm2-sessions: Define TPM2_NAME_MAX_SIZE KEYS: trusted: Open code tpm2_buf_append() KEYS: trusted: Remove dead branch from tpm2_unseal_cmd KEYS: trusted: Re-orchestrate tpm2_read_public() calls tpm2-sessions: Remove AUTH_MAX_NAMES tpm: Orchestrate TPM commands in tpm_get_random() tpm: Send only one at most TPM2_GetRandom command tpm: In tpm_get_random() replace 'retries' with a zero check tpm-buf: Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW tpm-buf: Implement managed allocations tpm-buf: Remove tpm_buf_append_handle drivers/char/tpm/tpm-buf.c | 154 ++++----- drivers/char/tpm/tpm-chip.c | 2 +- drivers/char/tpm/tpm-interface.c | 177 ++++++++++- drivers/char/tpm/tpm-sysfs.c | 23 +- drivers/char/tpm/tpm.h | 3 - drivers/char/tpm/tpm1-cmd.c | 198 ++++-------- drivers/char/tpm/tpm2-cmd.c | 371 +++++++--------------- drivers/char/tpm/tpm2-sessions.c | 272 ++++++---------- drivers/char/tpm/tpm2-space.c | 44 ++- drivers/char/tpm/tpm_vtpm_proxy.c | 30 +- include/linux/tpm.h | 79 +++-- security/keys/trusted-keys/trusted_tpm1.c | 44 +-- security/keys/trusted-keys/trusted_tpm2.c | 329 ++++++++++--------- 13 files changed, 799 insertions(+), 927 deletions(-) -- 2.39.5
Powered by blists - more mailing lists