subject:"Re\: \[tpmdd\-devel\] \[PATCH v5 3\/3\] tpm\: add securityfs support for TPM 2.0 firmware event log"

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

2016-11-26 Thread Jarkko Sakkinen

On Thu, Nov 24, 2016 at 09:51:03PM -0500, Stefan Berger wrote:
> On 11/24/2016 04:10 PM, Jarkko Sakkinen wrote:
> > On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote:
> > > Unlike the device driver support for TPM 1.2, the TPM 2.0 does
> > > not support the securityfs pseudo files for displaying the
> > > firmware event log.
> > > 
> > > This patch enables support for providing the TPM 2.0 event log in
> > > binary form. TPM 2.0 event log supports a crypto agile format that
> > > records multiple digests, which is different from TPM 1.2. This
> > > patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
> > > event log parser which understand the TPM 2.0 crypto agile format.
> > > 
> > > Signed-off-by: Nayna Jain 
> > I don't want to say much about this before I've tested it. I wonder
> > what cheap hardware I could use to test this. Any advice is on this
> > from anyone is much appreciated.
> 
> Virtual hardware would be cheap :-)
> 
> I tested this series with QEMU + vTPM + SeaBIOS with TPM 1.2 + TPM 2 support
> (basing the log on ACPI). I had to fix an endianess issue on the SeaBIOS
> side, which made it work. So for this version of the patches I can give it
> my tested-by:
> 
> Tested-by: Stefan Berger 

Your Tested-by is much appreciated because the 4.10 release cycle has
shown how important it is to exercise code changes with tpm_vtpm_proxy
to catch all the regressions. I still would like to run these changes
with a real hardware to be able to trust them, though.

/Jarkko

--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

2016-11-25 Thread Jason Gunthorpe

On Thu, Nov 24, 2016 at 11:10:57PM +0200, Jarkko Sakkinen wrote:
> On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote:
> > Unlike the device driver support for TPM 1.2, the TPM 2.0 does
> > not support the securityfs pseudo files for displaying the
> > firmware event log.
> > 
> > This patch enables support for providing the TPM 2.0 event log in
> > binary form. TPM 2.0 event log supports a crypto agile format that
> > records multiple digests, which is different from TPM 1.2. This
> > patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
> > event log parser which understand the TPM 2.0 crypto agile format.
> > 
> > Signed-off-by: Nayna Jain 
> 
> I don't want to say much about this before I've tested it. I wonder
> what cheap hardware I could use to test this. Any advice is on this
> from anyone is much appreciated.

If you found a small ARM system with TPM you could customize the uboot
to build an event log and pass it in via DT.

Not sure how much work that would be, does uboot have tpm code
already?

Jason

--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

2016-11-25 Thread Jarkko Sakkinen

On Thu, Nov 24, 2016 at 09:51:03PM -0500, Stefan Berger wrote:
> On 11/24/2016 04:10 PM, Jarkko Sakkinen wrote:
> > On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote:
> > > Unlike the device driver support for TPM 1.2, the TPM 2.0 does
> > > not support the securityfs pseudo files for displaying the
> > > firmware event log.
> > > 
> > > This patch enables support for providing the TPM 2.0 event log in
> > > binary form. TPM 2.0 event log supports a crypto agile format that
> > > records multiple digests, which is different from TPM 1.2. This
> > > patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
> > > event log parser which understand the TPM 2.0 crypto agile format.
> > > 
> > > Signed-off-by: Nayna Jain 
> > I don't want to say much about this before I've tested it. I wonder
> > what cheap hardware I could use to test this. Any advice is on this
> > from anyone is much appreciated.
> 
> Virtual hardware would be cheap :-)
> 
> I tested this series with QEMU + vTPM + SeaBIOS with TPM 1.2 + TPM 2 support
> (basing the log on ACPI). I had to fix an endianess issue on the SeaBIOS
> side, which made it work. So for this version of the patches I can give it
> my tested-by:
> 
> Tested-by: Stefan Berger 

Thanks.

/Jarkko

--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

2016-11-24 Thread Stefan Berger

On 11/24/2016 04:10 PM, Jarkko Sakkinen wrote:
> On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote:
>> Unlike the device driver support for TPM 1.2, the TPM 2.0 does
>> not support the securityfs pseudo files for displaying the
>> firmware event log.
>>
>> This patch enables support for providing the TPM 2.0 event log in
>> binary form. TPM 2.0 event log supports a crypto agile format that
>> records multiple digests, which is different from TPM 1.2. This
>> patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
>> event log parser which understand the TPM 2.0 crypto agile format.
>>
>> Signed-off-by: Nayna Jain 
> I don't want to say much about this before I've tested it. I wonder
> what cheap hardware I could use to test this. Any advice is on this
> from anyone is much appreciated.

Virtual hardware would be cheap :-)

I tested this series with QEMU + vTPM + SeaBIOS with TPM 1.2 + TPM 2 
support (basing the log on ACPI). I had to fix an endianess issue on the 
SeaBIOS side, which made it work. So for this version of the patches I 
can give it my tested-by:

Tested-by: Stefan Berger 


>
> /Jarkko
>
> --
> ___
> tpmdd-devel mailing list
> tpmdd-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
>


--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

2016-11-24 Thread Jarkko Sakkinen

On Wed, Nov 23, 2016 at 12:27:37PM -0500, Nayna Jain wrote:
> Unlike the device driver support for TPM 1.2, the TPM 2.0 does
> not support the securityfs pseudo files for displaying the
> firmware event log.
> 
> This patch enables support for providing the TPM 2.0 event log in
> binary form. TPM 2.0 event log supports a crypto agile format that
> records multiple digests, which is different from TPM 1.2. This
> patch enables the tpm_bios_log_setup for TPM 2.0  and adds the
> event log parser which understand the TPM 2.0 crypto agile format.
> 
> Signed-off-by: Nayna Jain 

I don't want to say much about this before I've tested it. I wonder
what cheap hardware I could use to test this. Any advice is on this
from anyone is much appreciated.

/Jarkko

--
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

Re: [tpmdd-devel] [PATCH v5 3/3] tpm: add securityfs support for TPM 2.0 firmware event log

5 matches

Site Navigation

Mail list logo

Footer information