| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <b94815dc-fc4d-4073-bfd6-31ab99a6b85b@apertussolutions.com>
Date: Sun, 1 Feb 2026 11:20:20 -0500
From: "Daniel P. Smith" <dpsmith@...rtussolutions.com>
To: Jarkko Sakkinen <jarkko@...nel.org>,
Ross Philipson <ross.philipson@...cle.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
linux-integrity@...r.kernel.org, linux-doc@...r.kernel.org,
linux-crypto@...r.kernel.org, kexec@...ts.infradead.org,
linux-efi@...r.kernel.org, iommu@...ts.linux.dev, tglx@...utronix.de,
mingo@...hat.com, bp@...en8.de, hpa@...or.com, dave.hansen@...ux.intel.com,
ardb@...nel.org, mjg59@...f.ucam.org, James.Bottomley@...senpartnership.com,
peterhuewe@....de, jgg@...pe.ca, luto@...capital.net, nivedita@...m.mit.edu,
herbert@...dor.apana.org.au, davem@...emloft.net, corbet@....net,
ebiederm@...ssion.com, dwmw2@...radead.org, baolu.lu@...ux.intel.com,
kanth.ghatraju@...cle.com, andrew.cooper3@...rix.com,
trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v15 01/28] tpm: Initial step to reorganize TPM public
headers
On 1/19/26 18:40, Jarkko Sakkinen wrote:
> On Mon, Dec 15, 2025 at 03:32:49PM -0800, Ross Philipson wrote:
>> Replace the existing public header tpm_command.h with the first two
>> new public headers tpm1.h and tpm_common.h. In addition, related
>> definitions in tpm1_cmd.c were moved to the new tpm1.h.
>>
>> Signed-off-by: Daniel P. Smith <dpsmith@...rtussolutions.com>
>> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
>> ---
>> drivers/char/tpm/tpm-buf.c | 3 +-
>> drivers/char/tpm/tpm1-cmd.c | 13 +-----
>> include/keys/trusted_tpm.h | 1 -
>> include/linux/tpm.h | 3 ++
>> include/linux/tpm1.h | 55 +++++++++++++++++++++++
>> include/linux/tpm_command.h | 30 -------------
>
> Removing tpm_command.h causes unnecessary noise.
>
> It would be better to retain tpm_command.h, and simply supplement
> it with TPM2 constants.
>
> Also, what is the reason to not have both TPM1 and TPM2 in tpm.h?
>
> To put the question in other words: is there something in tpm.h that
> would be incompatible with early boot code?
>
> I'd rather tweak that than have more files...
Every #include in tpm.h will break in the early boot code. I don't see
any way to avoid having one header that is the device driver header that
integrates with mainline features and at least one header that holds the
general TPM definitions.
We will move everything that was broken out into tpm_command.h, making
it the header with the general definitions. I would raise the question
of whether tpm_command.h would be the best name of the file after
definition reloactions
>> include/linux/tpm_common.h | 22 +++++++++
>> security/keys/trusted-keys/trusted_tpm1.c | 1 -
>> security/keys/trusted-keys/trusted_tpm2.c | 1 -
>> 9 files changed, 82 insertions(+), 47 deletions(-)
>> create mode 100644 include/linux/tpm1.h
>> delete mode 100644 include/linux/tpm_command.h
>> create mode 100644 include/linux/tpm_common.h
>>
>> diff --git a/drivers/char/tpm/tpm-buf.c b/drivers/char/tpm/tpm-buf.c
>> index 1cb649938c01..dae23e6de269 100644
>> --- a/drivers/char/tpm/tpm-buf.c
>> +++ b/drivers/char/tpm/tpm-buf.c
>> @@ -3,7 +3,6 @@
>> * Handling of TPM command and other buffers.
>> */
>>
>> -#include <linux/tpm_command.h>
>> #include <linux/module.h>
>> #include <linux/tpm.h>
>>
>> @@ -296,7 +295,7 @@ void tpm1_buf_append_extend(struct tpm_buf *buf, u32 pcr_idx, const u8 *hash)
>> if (buf->flags & TPM_BUF_INVALID)
>> return;
>>
>> - if (!tpm1_buf_is_command(buf, TPM_ORD_EXTEND)) {
>> + if (!tpm1_buf_is_command(buf, TPM_ORD_PCR_EXTEND)) {
>> WARN(1, "tpm_buf: invalid TPM_Extend command\n");
>> buf->flags |= TPM_BUF_INVALID;
>> return;
>> diff --git a/drivers/char/tpm/tpm1-cmd.c b/drivers/char/tpm/tpm1-cmd.c
>> index bc156d7d59f2..f29827b454d2 100644
>> --- a/drivers/char/tpm/tpm1-cmd.c
>> +++ b/drivers/char/tpm/tpm1-cmd.c
>> @@ -18,12 +18,9 @@
>> #include <linux/mutex.h>
>> #include <linux/spinlock.h>
>> #include <linux/freezer.h>
>> -#include <linux/tpm_command.h>
>> #include <linux/tpm_eventlog.h>
>> #include "tpm.h"
>>
>> -#define TPM_MAX_ORDINAL 243
>> -
>> /*
>> * Array with one entry per ordinal defining the maximum amount
>> * of time the chip could take to return the result. The ordinal
>> @@ -308,9 +305,6 @@ unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
>> return duration;
>> }
>>
>> -#define TPM_ORD_STARTUP 153
>> -#define TPM_ST_CLEAR 1
>> -
>> /**
>> * tpm1_startup() - turn on the TPM
>> * @chip: TPM chip to use
>> @@ -478,7 +472,6 @@ int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
>> return rc;
>> }
>>
>> -#define TPM_ORD_GET_CAP 101
>> ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
>> const char *desc, size_t min_cap_length)
>> {
>> @@ -574,7 +567,6 @@ int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
>> return rc;
>> }
>>
>> -#define TPM_ORD_PCRREAD 21
>> int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
>> {
>> int rc;
>> @@ -584,7 +576,7 @@ int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
>> return -ENOMEM;
>>
>> tpm_buf_init(buf, TPM_BUFSIZE);
>> - tpm_buf_reset(buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCRREAD);
>> + tpm_buf_reset(buf, TPM_TAG_RQU_COMMAND, TPM_ORD_PCR_READ);
>> tpm_buf_append_u32(buf, pcr_idx);
>>
>> rc = tpm_transmit_cmd(chip, buf, TPM_DIGEST_SIZE,
>> @@ -599,7 +591,6 @@ int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
>> return rc;
>> }
>>
>> -#define TPM_ORD_CONTINUE_SELFTEST 83
>> /**
>> * tpm1_continue_selftest() - run TPM's selftest
>> * @chip: TPM chip to use
>> @@ -716,8 +707,6 @@ int tpm1_auto_startup(struct tpm_chip *chip)
>> return rc;
>> }
>>
>> -#define TPM_ORD_SAVESTATE 152
>> -
>> /**
>> * tpm1_pm_suspend() - pm suspend handler
>> * @chip: TPM chip to use.
>> diff --git a/include/keys/trusted_tpm.h b/include/keys/trusted_tpm.h
>> index 0fadc6a4f166..3a0fa3bc8454 100644
>> --- a/include/keys/trusted_tpm.h
>> +++ b/include/keys/trusted_tpm.h
>> @@ -3,7 +3,6 @@
>> #define __TRUSTED_TPM_H
>>
>> #include <keys/trusted-type.h>
>> -#include <linux/tpm_command.h>
>>
>> extern struct trusted_key_ops trusted_key_tpm_ops;
>>
>> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
>> index 8da49e8769d5..ef81e0b59657 100644
>> --- a/include/linux/tpm.h
>> +++ b/include/linux/tpm.h
>> @@ -25,6 +25,9 @@
>> #include <crypto/hash_info.h>
>> #include <crypto/aes.h>
>>
>> +#include "tpm_common.h"
>> +#include "tpm1.h"
>> +
>> #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */
>> #define TPM_HEADER_SIZE 10
>> #define TPM_BUFSIZE 4096
>> diff --git a/include/linux/tpm1.h b/include/linux/tpm1.h
>> new file mode 100644
>> index 000000000000..54c6c211eb9e
>> --- /dev/null
>> +++ b/include/linux/tpm1.h
>> @@ -0,0 +1,55 @@
>> +/* SPDX-License-Identifier: GPL-2.0-only */
>> +/*
>> + * Copyright (C) 2004,2007,2008 IBM Corporation
>> + *
>> + * Authors:
>> + * Leendert van Doorn <leendert@...son.ibm.com>
>> + * Dave Safford <safford@...son.ibm.com>
>> + * Reiner Sailer <sailer@...son.ibm.com>
>> + * Kylene Hall <kjhall@...ibm.com>
>> + * Debora Velarde <dvelarde@...ibm.com>
>> + *
>> + * Maintained by: <tpmdd_devel@...ts.sourceforge.net>
>> + *
>> + * Device driver for TCG/TCPA TPM (trusted platform module).
>> + * Specifications at www.trustedcomputinggroup.org
>> + */
>> +#ifndef __LINUX_TPM1_H__
>> +#define __LINUX_TPM1_H__
>> +
>> +/*
>> + * TPM 1.2 Main Specification
>> + * https://trustedcomputinggroup.org/resource/tpm-main-specification/
>> + */
>> +
>> +/* Command TAGS */
>> +enum tpm_command_tags {
>> + TPM_TAG_RQU_COMMAND = 193,
>> + TPM_TAG_RQU_AUTH1_COMMAND = 194,
>> + TPM_TAG_RQU_AUTH2_COMMAND = 195,
>> + TPM_TAG_RSP_COMMAND = 196,
>> + TPM_TAG_RSP_AUTH1_COMMAND = 197,
>> + TPM_TAG_RSP_AUTH2_COMMAND = 198,
>> +};
>> +
>> +/* Command Ordinals */
>> +enum tpm_command_ordinals {
>> + TPM_ORD_CONTINUE_SELFTEST = 83,
>> + TPM_ORD_GET_CAP = 101,
>> + TPM_ORD_GET_RANDOM = 70,
>> + TPM_ORD_PCR_EXTEND = 20,
>> + TPM_ORD_PCR_READ = 21,
>> + TPM_ORD_OSAP = 11,
>> + TPM_ORD_OIAP = 10,
>> + TPM_ORD_SAVESTATE = 152,
>> + TPM_ORD_SEAL = 23,
>> + TPM_ORD_STARTUP = 153,
>> + TPM_ORD_UNSEAL = 24,
>> +};
>> +
>> +/* Other constants */to address your concern over diff churn
>> +#define SRKHANDLE 0x40000000
>> +#define TPM_NONCE_SIZE 20
>> +#define TPM_ST_CLEAR 1
>> +
>> +#endif
>> diff --git a/include/linux/tpm_command.h b/include/linux/tpm_command.h
>> deleted file mode 100644
>> index 02038972a05f..000000000000
>> --- a/include/linux/tpm_command.h
>> +++ /dev/null
>> @@ -1,30 +0,0 @@
>> -/* SPDX-License-Identifier: GPL-2.0 */
>> -#ifndef __LINUX_TPM_COMMAND_H__
>> -#define __LINUX_TPM_COMMAND_H__
>> -
>> -/*
>> - * TPM Command constants from specifications at
>> - * http://www.trustedcomputinggroup.org
>> - */
>> -
>> -/* Command TAGS */
>> -#define TPM_TAG_RQU_COMMAND 193
>> -#define TPM_TAG_RQU_AUTH1_COMMAND 194
>> -#define TPM_TAG_RQU_AUTH2_COMMAND 195
>> -#define TPM_TAG_RSP_COMMAND 196
>> -#define TPM_TAG_RSP_AUTH1_COMMAND 197
>> -#define TPM_TAG_RSP_AUTH2_COMMAND 198
>> -
>> -/* Command Ordinals */
>> -#define TPM_ORD_OIAP 10
>> -#define TPM_ORD_OSAP 11
>> -#define TPM_ORD_EXTEND 20
>> -#define TPM_ORD_SEAL 23
>> -#define TPM_ORD_UNSEAL 24
>> -#define TPM_ORD_GET_RANDOM 70
>> -
>> -/* Other constants */
>> -#define SRKHANDLE 0x40000000
>> -#define TPM_NONCE_SIZE 20
>> -
>> -#endif
>> diff --git a/include/linux/tpm_common.h b/include/linux/tpm_common.h
>> new file mode 100644
>> index 000000000000..b8be669913dd
>> --- /dev/null
>> +++ b/include/linux/tpm_common.h
>> @@ -0,0 +1,22 @@
>> +/* SPDX-License-Identifier: GPL-2.0-only */
>> +/*
>> + * Copyright (C) 2004,2007,2008 IBM Corporation
>> + *
>> + * Authors:
>> + * Leendert van Doorn <leendert@...son.ibm.com>
>> + * Dave Safford <safford@...son.ibm.com>
>> + * Reiner Sailer <sailer@...son.ibm.com>
>> + * Kylene Hall <kjhall@...ibm.com>
>> + * Debora Velarde <dvelarde@...ibm.com>
>> + *
>> + * Maintained by: <tpmdd_devel@...ts.sourceforge.net>
>> + *
>> + * Device driver for TCG/TCPA TPM (trusted platform module).
>> + * Specifications at www.trustedcomputinggroup.org
>> + */
>> +#ifndef __LINUX_TPM_COMMON_H__
>> +#define __LINUX_TPM_COMMON_H__
>> +
>> +#define TPM_MAX_ORDINAL 243
>> +
>> +#endif
>> diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
>> index 6e6a9fb48e63..3717a06a5212 100644
>> --- a/security/keys/trusted-keys/trusted_tpm1.c
>> +++ b/security/keys/trusted-keys/trusted_tpm1.c
>> @@ -17,7 +17,6 @@
>> #include <keys/trusted-type.h>
>> #include <linux/key-type.h>
>> #include <linux/tpm.h>
>> -#include <linux/tpm_command.h>
>>
>> #include <keys/trusted_tpm.h>
>>
>> diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
>> index 0a99bd051a25..e6000c71eeb6 100644
>> --- a/security/keys/trusted-keys/trusted_tpm2.c
>> +++ b/security/keys/trusted-keys/trusted_tpm2.c
>> @@ -9,7 +9,6 @@
>> #include <linux/string.h>
>> #include <linux/err.h>
>> #include <linux/tpm.h>
>> -#include <linux/tpm_command.h>
>>
>> #include <keys/trusted-type.h>
>> #include <keys/trusted_tpm.h>
>> --
>> 2.43.7
>>
>
> BR, Jarkko
V/r,
DPS
Powered by blists - more mailing lists