The kernel currently only loads the kernel module signing key onto the
builtin trusted keyring. Load the module signing key onto the IMA keyring
as well.
Signed-off-by: Nayna Jain
Acked-by: Stefan Berger
---
certs/system_certificates.S | 13 -
certs/system_keyring.c| 50
The "mrproper" target is still looking for build time generated keys in
the kernel root directory instead of certs directory. Fix the path and
remove the names of the files which are no longer generated.
Fixes: cfc411e7fff3 ("Move certificate handling to its own directory")
The kernel build process currently only signs kernel modules when
MODULE_SIG is enabled. Also, sign the kernel modules at build time when
IMA_APPRAISE_MODSIG is enabled.
Signed-off-by: Nayna Jain
Acked-by: Stefan Berger
---
certs/Kconfig | 2 +-
certs/Makefile | 8
init/Kconfig | 6
e reported by kernel test bot.
* Include Jarkko's feedback on patch description.
Nayna Jain (3):
keys: cleanup build time module signing keys
ima: enable signing of modules with build time generated key
ima: enable loading of build time generated key on .ima keyring
Makefile
* Include feedback from Stefan - corrected the Fixes commit id in Patch 1
and cleaned Patch 5/5.
* Fix the issue reported by kernel test bot.
* Include Jarkko's feedback on patch description.
Nayna Jain (3):
keys: cleanup build time module signing keys
ima: enable signing of modules with
The kernel currently only loads the kernel module signing key onto the
builtin trusted keyring. Load the module signing key onto the IMA keyring
as well.
Signed-off-by: Nayna Jain
---
certs/system_certificates.S | 13 +-
certs/system_keyring.c| 47
The kernel build process currently only signs kernel modules when
MODULE_SIG is enabled. Also, sign the kernel modules at build time when
IMA_APPRAISE_MODSIG is enabled.
Signed-off-by: Nayna Jain
---
certs/Kconfig | 2 +-
certs/Makefile | 8
init/Kconfig | 6 +++---
3 files changed
The "mrproper" target is still looking for build time generated keys in
the kernel root directory instead of certs directory. Fix the path and
remove the names of the files which are no longer generated.
Fixes: cfc411e7fff3 ("Move certificate handling to its own directory")
the builtin trusted keyring.
Signed-off-by: Nayna Jain
---
certs/system_keyring.c| 55 ++-
include/keys/system_keyring.h | 9 +-
security/integrity/digsig.c | 4 +++
3 files changed, 54 insertions(+), 14 deletions(-)
diff --git a/certs/system_keyring.c b
)
Signed-off-by: Nayna Jain
---
Makefile| 2 ++
certs/Makefile | 68 ++---
certs/system_certificates.S | 16 -
3 files changed, 80 insertions(+), 6 deletions(-)
diff --git a/Makefile b/Makefile
index a971d4ae40bd
The kernel build process currently only signs kernel modules when
MODULE_SIG is enabled. Also, sign the kernel modules at build time when
IMA_APPRAISE_MODSIG is enabled.
Signed-off-by: Nayna Jain
---
certs/Kconfig | 2 +-
init/Kconfig | 6 +++---
2 files changed, 4 insertions(+), 4 deletions
for IMA_APPRAISE_MODSIG as well
v2:
* Include feedback from Stefan - corrected the Fixes commit id in Patch 1
and cleaned Patch 5/5.
* Fix the issue reported by kernel test bot.
* Include Jarkko's feedback on patch description.
Nayna Jain (5):
keys: cleanup build time module signing keys
keys
-off-by: Nayna Jain
---
Makefile | 3 ++-
certs/Makefile | 15 +++
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index 004163a4e6b3..a971d4ae40bd 100644
--- a/Makefile
+++ b/Makefile
@@ -1473,7 +1473,8 @@ MRPROPER_FILES += include/config
The "mrproper" target is still looking for build time generated keys in
the old path instead of certs/ directory. Fix the path and remove the
names of the files which are no longer generated.
Fixes: fb1179499134 ("modsign: Use single PEM file for autogenerated key")
Signe
trusted keyring.
Signed-off-by: Nayna Jain
---
certs/system_keyring.c| 56 +++
include/keys/system_keyring.h | 9 +-
security/integrity/digsig.c | 4 +++
3 files changed, 55 insertions(+), 14 deletions(-)
diff --git a/certs/system_keyring.c b/certs
Certificates being loaded onto the IMA trusted keyring must be signed by
a key on either the builtin and secondary trusted keyring.
This patch creates and includes in the kernel image an ephemeral CA
key, at build time when IMA_APPRAISE_MODSIG is enabled.
Signed-off-by: Nayna Jain
---
Makefile
The kernel build process currently only signs kernel modules when
MODULE_SIG is enabled. Also, sign the kernel modules at build time when
IMA_APPRAISE_MODSIG is enabled.
Signed-off-by: Nayna Jain
---
certs/Kconfig | 2 +-
init/Kconfig | 6 +++---
2 files changed, 4 insertions(+), 4 deletions
CSR.
Signed-off-by: Nayna Jain
---
Makefile | 3 ++-
certs/Makefile | 15 +++
2 files changed, 13 insertions(+), 5 deletions(-)
diff --git a/Makefile b/Makefile
index af18aab6bbee..9c87fdd600d8 100644
--- a/Makefile
+++ b/Makefile
@@ -1473,7 +1473,8 @@ MRPROPER_FILES
The "mrproper" target is still looking for build time generated keys
in the old path instead of certs/ directory.
This patch fixes the path as well removes the names of the files which
are no longer generated.
Signed-off-by: Nayna Jain
Fixes: 28a68f828266 ("modsign: Use
for IMA_APPRAISE_MODSIG as well
Nayna Jain (5):
keys: cleanup build time module signing keys
keys: generate self-signed module signing key using CSR
ima: update kernel module signing process during build
keys: define build time generated ephemeral kernel CA key
ima: enable loading of build time
not supported for Linux.
2 - Enabled and enforced.
3-9 - Enabled and enforcing; requirements are at the discretion of the
operating system.
The values of ibm,trusted-boot under pseries are interpreted as:
0 - Disabled
1 - Enabled
Signed-off-by: Nayna Jain
Reviewed-by: Daniel Axtens
---
v3:
* fixed
The device-tree property to check secure and trusted boot state is
different for guests(pseries) compared to baremetal(powernv).
This patch updates the existing is_ppc_secureboot_enabled() and
is_ppc_trustedboot_enabled() function to add support for pseries.
Signed-off-by: Nayna Jain
Reviewed
The device-tree property to check secure and trusted boot state is
different for guests(pseries) compared to baremetal(powernv).
This patch updates the existing is_ppc_secureboot_enabled() and
is_ppc_trustedboot_enabled() function to add support for pseries.
Signed-off-by: Nayna Jain
---
arch
o be based on CONFIG_MODULE_SIG
instead.
Fixes: 4238fad366a6 ("powerpc/ima: Add support to initialize ima policy rules")
Signed-off-by: Nayna Jain
---
v2:
* Fixes the patch description to specify the problem more clearly as asked
by Michael Ellerman.
arch/powerpc/kernel/ima_arch.c | 6 ++
This patch updates the arch specific policies for PowernV systems
to add check against blacklisted hashes before doing the verification.
Signed-off-by: Nayna Jain
---
arch/powerpc/kernel/ima_arch.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/arch/powerpc/kernel
This patch deprecates the existing permit_directio flag, instead adds
it as possible value to appraise_flag parameter.
For eg.
appraise_flag=permit_directio
Signed-off-by: Nayna Jain
---
Documentation/ABI/testing/ima_policy | 4 ++--
security/integrity/ima/ima_policy.c | 2 ++
2 files changed
-specific IMA policies if PPC_SECURE_BOOT
config is enabled.
Signed-off-by: Nayna Jain
---
arch/powerpc/Kconfig | 2 ++
arch/powerpc/kernel/Makefile | 2 +-
arch/powerpc/kernel/ima_arch.c | 50 ++
include/linux/ima.h| 3 +-
4 files changed
Secure boot on POWER defines different IMA policies based on the secure
boot state of the system.
This patch defines a function to detect the secure boot state of the
system.
The PPC_SECURE_BOOT config represents the base enablement of secureboot
on POWER.
Signed-off-by: Nayna Jain
---
arch
* Replaced obj-$(CONFIG_IMA) with obj-$(CONFIG_PPC_SECURE_BOOT) in
arch/powerpc/kernel/Makefile
Nayna Jain (2):
powerpc: detect the secure boot mode of the system
powerpc: Add support to initialize ima policy rules
arch/powerpc/Kconfig | 13 ++
arch/powerpc/include/asm/secboot.h
l Suchanek
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Tested-by: Sachin Sant
Tested-by: Michal Suchánek
---
Changelog:
v3:
* Includes Stefan's feedback correctly:
* Fixed handling of rc > 0 error
* Includes Jarkko's feedback related to comment and the function.
v2:
* Includes Jarkk
l Suchanek
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Tested-by: Sachin Sant
Tested-by: Michal Suchánek
---
Changelog:
v2:
* Includes Jarkko's feedbacks
* fixes the function name to tpm_get_pcr_allocation()
* adds new function tpm1_get_pcr_allocation()
* updates patch summary line
a kernel panic during boot.
This patch moves the pcr allocation outside the auto startup function
into tpm_chip_register. This ensures that allocated banks are initialized
in any case.
Fixes: 879b589210a9 ("tpm: retrieve digest size of unknown algorithms with
PCR read")
Signed-off-by:
with
CONFIG_KEXEC_VERIFY_SIG for CONFIG_IMA_ARCH_POLICY
Fixes: d958083a8f640 (x86/ima: define arch_get_ima_policy() for x86)
Signed-off-by: Nayna Jain
Cc: Eric Biederman
Cc: Dave Young
---
security/integrity/ima/Kconfig | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity
Signed-off-by: Nayna Jain
Acked-by: Serge Hallyn
Signed-off-by: Mimi Zohar
---
Changelog:
v2a:
- refactored uefi_blacklist_x509_tbs() and uefi_blacklist_binary()
v2:
- Fixed the checkpatch.pl warnings
v0:
- This patch replaces the loading of certificates onto the secondary
keyring
On 12/12/2018 12:17 AM, James Morris wrote:
On Sun, 9 Dec 2018, Nayna Jain wrote:
+/*
+ * Blacklist an X509 TBS hash.
+ */
+static __init void uefi_blacklist_x509_tbs(const char *source,
+ const void *data, size_t len)
+{
+ char *hash, *p
, this
patch also sets the size of those arrays to zero and removes the definition
of TPM2_ACTIVE_PCR_BANKS.
Signed-off-by: Roberto Sassu
Tested-by: Nayna Jain
Thanks & Regards,
- Nayna
n modified.
Signed-off-by: Roberto Sassu
Acked-by: Mimi Zohar
Reviewed-by: Jarkko Sakkinen
Mimi, Nayna, can you help with testing this (because of the IMA change)?
Tested-by: Nayna Jain
Thanks & Regards,
- Nayna
/Jarkko
facilitate signature verification during kexec. Since the scope of this
keyring is only the platform/firmware keys, it cannot be updated from
userspace.
This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Acked-by: Serge Hallyn
---
From: Dave Howells
Add the data types that are used for containing hashes, keys and
certificates for cryptographic verification along with their corresponding
type GUIDs.
Signed-off-by: David Howells
Acked-by: Nayna Jain
Acked-by: Serge Hallyn
---
Changelog:
v0:
- No changes
include/linux
Howells
Signed-off-by: Nayna Jain
Acked-by: Serge Hallyn
---
Changelog:
v0:
- removed the CONFIG EFI_SIGNATURE_LIST_PARSER
- moved efi_parser.c from certs to security/integrity/platform_certs
directory
v2:
- Fixed the checkpatch.pl warnings
include/linux/efi.h
-by: David Howells
Acked-by: Nayna Jain
Acked-by: Serge Hallyn
---
Changelog:
v0:
- No changes
v2:
- Fixed the checkpatch.pl warnings
security/integrity/platform_certs/load_uefi.c | 45 +--
1 file changed, 35 insertions(+), 10 deletions(-)
diff --git a/security/integrity
system
blacklist keyring and forbid any module signed with those from loading and
forbid the use within the kernel of any key with a matching hash.
This facility is enabled by setting CONFIG_LOAD_UEFI_KEYS.
Signed-off-by: Josh Boyer
Signed-off-by: David Howells
Signed-off-by: Nayna Jain
Acked
-appraisal access to those original keys, now
loaded on the platform keyring, needed for verifying the kernel image
and initramfs signatures.
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Acked-by: Serge Hallyn
- replace 'rc' with 'xattr_len' when calling integrity_digsig_verify
The patch refactors integrity_load_x509(), making it a wrapper for a new
function named integrity_add_key(). This patch also defines a new
function named integrity_load_cert() for loading the platform keys.
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Acked-by: Serge Hallyn
---
security
r (2):
efi: Import certificates from UEFI Secure Boot
efi: Allow the "db" UEFI variable to be suppressed
Nayna Jain (3):
integrity: Define a trusted platform keyring
integrity: Load certs to the platform keyring
ima: Support platform keyring for kernel a
facilitate signature verification during kexec. Since the scope of this
keyring is only the platform/firmware keys, it cannot be updated from
userspace.
This keyring can be enabled by setting CONFIG_INTEGRITY_PLATFORM_KEYRING.
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Acked-by: Serge Hallyn
---
On 12/05/2018 05:10 AM, Jarkko Sakkinen wrote:
On Tue, Dec 04, 2018 at 09:21:35AM +0100, Roberto Sassu wrote:
Currently the TPM driver allows other kernel subsystems to read only the
SHA1 PCR bank. This patch modifies the parameters of tpm_pcr_read() and
tpm2_pcr_read() to pass a tpm_digest
On 12/05/2018 05:10 AM, Jarkko Sakkinen wrote:
On Tue, Dec 04, 2018 at 09:21:35AM +0100, Roberto Sassu wrote:
Currently the TPM driver allows other kernel subsystems to read only the
SHA1 PCR bank. This patch modifies the parameters of tpm_pcr_read() and
tpm2_pcr_read() to pass a tpm_digest
On 11/07/2018 03:11 PM, Roberto Sassu wrote:
On 11/7/2018 7:14 AM, Nayna Jain wrote:
On 11/06/2018 08:31 PM, Roberto Sassu wrote:
This patch removes the hard-coded limit of the active_banks array size.
The hard-coded limit in static array active_banks[] represents the
maximum possible
On 11/07/2018 03:11 PM, Roberto Sassu wrote:
On 11/7/2018 7:14 AM, Nayna Jain wrote:
On 11/06/2018 08:31 PM, Roberto Sassu wrote:
This patch removes the hard-coded limit of the active_banks array size.
The hard-coded limit in static array active_banks[] represents the
maximum possible
On 11/06/2018 08:31 PM, Roberto Sassu wrote:
This patch removes the hard-coded limit of the active_banks array size.
The hard-coded limit in static array active_banks[] represents the
maximum possible banks.
A TPM might have three banks, but only one bank may be active.
To confirm my
On 11/06/2018 08:31 PM, Roberto Sassu wrote:
This patch removes the hard-coded limit of the active_banks array size.
The hard-coded limit in static array active_banks[] represents the
maximum possible banks.
A TPM might have three banks, but only one bank may be active.
To confirm my
ve Nuvoton TPM 2.0, tested for that.
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain (For TPM 2.0)
Thanks & Regards,
- Nayna
ve Nuvoton TPM 2.0, tested for that.
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain (For TPM 2.0)
Thanks & Regards,
- Nayna
On 10/17/2018 05:54 PM, Winkler, Tomas wrote:
ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
- rc = i2c_nuvoton_wait_for_data_avail(chip,
-tpm_calc_ordinal_duration(chip,
-
On 10/17/2018 05:54 PM, Winkler, Tomas wrote:
ordinal = be32_to_cpu(*((__be32 *) (buf + 6)));
- rc = i2c_nuvoton_wait_for_data_avail(chip,
-tpm_calc_ordinal_duration(chip,
-
On 10/17/2018 12:15 PM, Tomas Winkler wrote:
diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c
b/drivers/char/tpm/tpm_i2c_nuvoton.c
index caa86b19c76d..5d20e98b844f 100644
--- a/drivers/char/tpm/tpm_i2c_nuvoton.c
+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
@@ -370,6 +370,7 @@ static int
On 10/17/2018 12:15 PM, Tomas Winkler wrote:
diff --git a/drivers/char/tpm/tpm_i2c_nuvoton.c
b/drivers/char/tpm/tpm_i2c_nuvoton.c
index caa86b19c76d..5d20e98b844f 100644
--- a/drivers/char/tpm/tpm_i2c_nuvoton.c
+++ b/drivers/char/tpm/tpm_i2c_nuvoton.c
@@ -370,6 +370,7 @@ static int
On 09/29/2018 04:00 AM, Tomas Winkler wrote:
Reimplement tpm1_continue_selftest() using tpm_buf structure.
This is the last command using the old tpm_cmd_t structure
and now the structure can be removed.
Cc: Nayna Jain
Signed-off-by: Tomas Winkler
Reviewed-by: Jarkko Sakkinen
Tested
On 09/29/2018 04:00 AM, Tomas Winkler wrote:
Reimplement tpm1_continue_selftest() using tpm_buf structure.
This is the last command using the old tpm_cmd_t structure
and now the structure can be removed.
Cc: Nayna Jain
Signed-off-by: Tomas Winkler
Reviewed-by: Jarkko Sakkinen
Tested
IZE,
+ TPM_DIGEST_SIZE, 0, log_msg);
+
+ tpm_buf_destroy();
+ return rc;
+}
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain
Sorry for bit delay in testing.
Thanks & Regards,
- Nayna
IZE,
+ TPM_DIGEST_SIZE, 0, log_msg);
+
+ tpm_buf_destroy();
+ return rc;
+}
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain
Sorry for bit delay in testing.
Thanks & Regards,
- Nayna
On 09/29/2018 04:00 AM, Tomas Winkler wrote:
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 73511cd89bef..a97d72fcda5b 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -544,8 +544,10 @@ int tpm_startup(struct tpm_chip *chip);
ssize_t tpm_getcap(struct
On 09/29/2018 04:00 AM, Tomas Winkler wrote:
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index 73511cd89bef..a97d72fcda5b 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -544,8 +544,10 @@ int tpm_startup(struct tpm_chip *chip);
ssize_t tpm_getcap(struct
On 09/29/2018 04:00 AM, Tomas Winkler wrote:
+unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
+{
+ int duration_idx = TPM_UNDEFINED;
+ int duration = 0;
+
+ /*
+* We only have a duration table for protected commands, where the upper
+
On 09/29/2018 04:00 AM, Tomas Winkler wrote:
+unsigned long tpm1_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
+{
+ int duration_idx = TPM_UNDEFINED;
+ int duration = 0;
+
+ /*
+* We only have a duration table for protected commands, where the upper
+
From: Nayna Jain
This patch removes the code duplication in ima_init_policy() by defining
a new function named add_rules(). The new function adds the rules to the
initial IMA policy, the custom policy or both based on the policy mask
(IMA_DEFAULT_POLICY, IMA_CUSTOM_POLICY).
Signed-off-by: Nayna
From: Nayna Jain
This patch removes the code duplication in ima_init_policy() by defining
a new function named add_rules(). The new function adds the rules to the
initial IMA policy, the custom policy or both based on the policy mask
(IMA_DEFAULT_POLICY, IMA_CUSTOM_POLICY).
Signed-off-by: Nayna
On 10/02/2018 06:12 AM, Jarkko Sakkinen wrote:
On Sat, Sep 29, 2018 at 01:30:20AM +0300, Tomas Winkler wrote:
Move tpm1_pcr_extend to tpm1-cmd.c and remove
unused pcrextend_header structure and
EXTEND_PCR_RESULT_SIZE and EXTEND_PCR_RESULT_BODY_SIZE
defines.
Fixes warning:
On 10/02/2018 06:12 AM, Jarkko Sakkinen wrote:
On Sat, Sep 29, 2018 at 01:30:20AM +0300, Tomas Winkler wrote:
Move tpm1_pcr_extend to tpm1-cmd.c and remove
unused pcrextend_header structure and
EXTEND_PCR_RESULT_SIZE and EXTEND_PCR_RESULT_BODY_SIZE
defines.
Fixes warning:
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
Factor out TPM 1.x commands calculation into tpm1-cmd.c file.
and change the prefix from tpm_ to tpm1_.
No functional change is done here.
Signed-off-by: Tomas Winkler
Tested-by: Jarkko Sakkinen
---
V2-V3: Rebase
V4: 1. Remove the licence
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
Factor out TPM 1.x commands calculation into tpm1-cmd.c file.
and change the prefix from tpm_ to tpm1_.
No functional change is done here.
Signed-off-by: Tomas Winkler
Tested-by: Jarkko Sakkinen
---
V2-V3: Rebase
V4: 1. Remove the licence
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
1. TPM2_CC_LAST has moved from 182 to 193
2. Convert tpm2_ordinal_duration from an array into a switch statement,
as there are not so many commands that require special duration
relative to a number of commands, the switch statement
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
1. TPM2_CC_LAST has moved from 182 to 193
2. Convert tpm2_ordinal_duration from an array into a switch statement,
as there are not so many commands that require special duration
relative to a number of commands, the switch statement
On 09/19/2018 07:36 PM, Jarkko Sakkinen wrote:
On Tue, Sep 18, 2018 at 12:34:45PM +0300, Tomas Winkler wrote:
Move tpm1_pcr_extend to tpm1-cmd.c and remove
unused pcrextend_header structure.
Fixes warning:
drivers/char/tpm/tpm-interface.c:609:38: warning: ‘pcrextend_header’ defined
but not
On 09/19/2018 07:36 PM, Jarkko Sakkinen wrote:
On Tue, Sep 18, 2018 at 12:34:45PM +0300, Tomas Winkler wrote:
Move tpm1_pcr_extend to tpm1-cmd.c and remove
unused pcrextend_header structure.
Fixes warning:
drivers/char/tpm/tpm-interface.c:609:38: warning: ‘pcrextend_header’ defined
but not
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
Reimplement tpm1_continue_selftest() using tpm_buf structure.
This is the last command using the old tpm_cmd_t structure
and now the structure can be removed.
Signed-off-by: Tomas Winkler
Reviewed-by: Jarkko Sakkinen
Tested-by: Jarkko Sakkinen
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
Reimplement tpm1_continue_selftest() using tpm_buf structure.
This is the last command using the old tpm_cmd_t structure
and now the structure can be removed.
Signed-off-by: Tomas Winkler
Reviewed-by: Jarkko Sakkinen
Tested-by: Jarkko Sakkinen
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
TPM manual startup is used only from within TPM 1.x or TPM 2.x
code, hence remove tpm_startup() function from tpm-interface.c
and add two static functions implementations tpm1_startup()
and tpm2_startup() into to tpm1-cmd.c and tpm2-cmd.c
On 09/21/2018 07:28 PM, Tomas Winkler wrote:
TPM manual startup is used only from within TPM 1.x or TPM 2.x
code, hence remove tpm_startup() function from tpm-interface.c
and add two static functions implementations tpm1_startup()
and tpm2_startup() into to tpm1-cmd.c and tpm2-cmd.c
On 03/26/2018 05:44 PM, Jarkko Sakkinen wrote:
In order to make struct tpm_buf the first class object for constructing TPM
commands, migrate tpm2_get_tpm_pt() to use it.
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Reviewed-by: Nayna Jain<na...@linux.vnet.ibm.co
On 03/26/2018 05:44 PM, Jarkko Sakkinen wrote:
In order to make struct tpm_buf the first class object for constructing TPM
commands, migrate tpm2_get_tpm_pt() to use it.
Signed-off-by: Jarkko Sakkinen
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain
Thanks & Regards,
- N
;
Reviewed-by: Nayna Jain<na...@linux.vnet.ibm.com>
Tested-by: Nayna Jain<na...@linux.vnet.ibm.com>
Thanks & Regards,
- Nayna
---
drivers/char/tpm/tpm2-cmd.c | 37 +
1 file changed, 21 insertions(+), 16 deletions(-)
diff --git a/d
On 03/26/2018 05:44 PM, Jarkko Sakkinen wrote:
In order to make struct tpm_buf the first class object for constructing TPM
commands, migrate tpm2_probe() to use it.
Signed-off-by: Jarkko Sakkinen
Acked-by: Jay Freyensee
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain
Thanks & Reg
.
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Reviewed-by: Nayna Jain<na...@linux.vnet.ibm.com>
Tested-by: Nayna Jain<na...@linux.vnet.ibm.com>
---
drivers/char/tpm/tpm2-cmd.c | 44
1 file changed, 12 insertion
.
Signed-off-by: Jarkko Sakkinen
Reviewed-by: Nayna Jain
Tested-by: Nayna Jain
---
drivers/char/tpm/tpm2-cmd.c | 44
1 file changed, 12 insertions(+), 32 deletions(-)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index
rc = -EFAULT;
goto out;
}
Probably, all the changes related to the use of tpm_buf_length() could
be a separate patch in itself ?
Otherwise,
Tested-by: Nayna Jain<na...@linux.vnet.ibm.com>
Thanks & Regards,
- Nayna
goto out;
}
Probably, all the changes related to the use of tpm_buf_length() could
be a separate patch in itself ?
Otherwise,
Tested-by: Nayna Jain
Thanks & Regards,
- Nayna
1msec
Nayna Jain (2):
tpm: reduce poll sleep time in tpm_transmit()
tpm: reduce polling time to usecs for even finer granularity
drivers/char/tpm/tpm-interface.c | 2 +-
drivers/char/tpm/tpm.h | 5 -
drivers/char/tpm/tpm_tis_core.c | 11 +++
3 files changed, 8
1msec
Nayna Jain (2):
tpm: reduce poll sleep time in tpm_transmit()
tpm: reduce polling time to usecs for even finer granularity
drivers/char/tpm/tpm-interface.c | 2 +-
drivers/char/tpm/tpm.h | 5 -
drivers/char/tpm/tpm_tis_core.c | 11 +++
3 files changed, 8
improved from ~14 sec to ~10.7 sec.
[1] All tests are performed on an x86 based, locked down, single purpose
closed system. It has Infineon TPM 1.2 using LPC Bus.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Reviewed-by: Mimi Zohar <zo...@linux.vnet.ibm.com>
Acked-by: J
improved from ~14 sec to ~10.7 sec.
[1] All tests are performed on an x86 based, locked down, single purpose
closed system. It has Infineon TPM 1.2 using LPC Bus.
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Acked-by: Jay Freyensee
Reviewed-by: Jarkko Sakkinen
Tested-by: Jarkko Sakkinen
g 20MHz clock and 64-byte transfers, it would take about 120 usec
to move 256B of data. Sending 1kB would take about 500 usec. If the
transactions are done using 4 bytes at a time, then it would take about
1 msec. to transfer 1kB of data."
Signed-off-by: Nayna Jain <na...@linu
g 20MHz clock and 64-byte transfers, it would take about 120 usec
to move 256B of data. Sending 1kB would take about 500 usec. If the
transactions are done using 4 bytes at a time, then it would take about
1 msec. to transfer 1kB of data."
Signed-off-by: Nayna Jain
Reviewed-by: Mimi Zohar
Rev
10.4:
"This command(TPM2_GetTestResult) returns manufacturer-specific information
regarding the results of a self-test and an indication of the test status.
Signed-off-by: Nayna Jain <na...@linux.vnet.ibm.com>
Tested-by: Mimi Zohar <zo...@linux.vnet.ibm.com> (on Pi with TPM 2.0)
10.4:
"This command(TPM2_GetTestResult) returns manufacturer-specific information
regarding the results of a self-test and an indication of the test status.
Signed-off-by: Nayna Jain
Tested-by: Mimi Zohar (on Pi with TPM 2.0)
Tested-by: Stefan Berger (With QEMU with
swtpm TP
On 05/10/2018 06:11 PM, Nayna Jain wrote:
On 05/08/2018 10:04 PM, J Freyensee wrote:
do {
- tpm_msleep(TPM_POLL_SLEEP);
+ tpm_msleep(TPM_TIMEOUT_POLL);
I'm just curious why it was decided to still use tpm_msleep() here
instead of usleep_range() which
On 05/10/2018 06:11 PM, Nayna Jain wrote:
On 05/08/2018 10:04 PM, J Freyensee wrote:
do {
- tpm_msleep(TPM_POLL_SLEEP);
+ tpm_msleep(TPM_TIMEOUT_POLL);
I'm just curious why it was decided to still use tpm_msleep() here
instead of usleep_range() which
On 05/08/2018 10:04 PM, J Freyensee wrote:
do {
- tpm_msleep(TPM_POLL_SLEEP);
+ tpm_msleep(TPM_TIMEOUT_POLL);
I'm just curious why it was decided to still use tpm_msleep() here
instead of usleep_range() which was used in the 2nd patch.
TPM_TIMEOUT_POLL is
On 05/08/2018 10:04 PM, J Freyensee wrote:
do {
- tpm_msleep(TPM_POLL_SLEEP);
+ tpm_msleep(TPM_TIMEOUT_POLL);
I'm just curious why it was decided to still use tpm_msleep() here
instead of usleep_range() which was used in the 2nd patch.
TPM_TIMEOUT_POLL is
1 - 100 of 302 matches
Mail list logo