Re: [PATCH v6 08/11] tpm: Driver for supporting multiple emulated TPMs

On Wed, Mar 09, 2016 at 12:39:27PM -0500, Stefan Berger wrote: > This patch implements a driver for supporting multiple emulated TPMs in a > system. > > The driver implements a device /dev/vtpmx that is used to created > a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side that >

Re: [PATCH v8 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

On Fri, Mar 18, 2016 at 10:52:00AM +0200, Jarkko Sakkinen wrote: > On Thu, Mar 17, 2016 at 01:45:20PM -0400, Stefan Berger wrote: > > On 03/16/2016 04:42 PM, Jarkko Sakkinen wrote: > > >On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote: > > >>+ > >

Re: [PATCH v8 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

ese > commands and delivers them to an emulated TPM. Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> My testing procedure was: * Wine running TPM 2.0 simulator on the host side. [1] * QEMU running an OS image with this patch. [2] * Wrote a script for proxying the simulator:

Re: [tpmdd-devel] [PATCH v7 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

On Sat, Mar 12, 2016 at 06:27:13PM -0500, Stefan Berger wrote: > Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote on 03/12/2016 >01:51:54 PM: > >> >> On Fri, Mar 11, 2016 at 09:51:03PM -0500, Stefan Berger wrote: >> > This patch impl

Re: [PATCH v6 08/11] tpm: Driver for supporting multiple emulated TPMs

On Thu, Mar 10, 2016 at 12:32:15PM -0500, Stefan Berger wrote: > On 03/10/2016 11:39 AM, Jarkko Sakkinen wrote: > >+/* above flags */ > >+#define VTPM_FLAG_TPM2 1 /* emulator is TPM 2 */ > >+ > >+/* all supported flags */ > >+#define VTPM_FLAGS_ALL

Re: [PATCH v7 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

On Fri, Mar 11, 2016 at 09:51:03PM -0500, Stefan Berger wrote: > This patch implements a proxy driver for supporting multiple emulated TPMs > in a system. > > The driver implements a device /dev/vtpmx that is used to created > a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side

Re: [v9,3/4] tpm: Initialize TPM and get durations and timeouts

On Tue, Mar 29, 2016 at 02:19:13PM -0400, Stefan Berger wrote: > Add the retrieval of TPM 1.2 durations and timeouts. Since this requires > the startup of the TPM, do this for TPM 1.2 and TPM 2. > > Signed-off-by: Stefan Berger > CC: linux-ker...@vger.kernel.org > CC:

Re: [PATCH v9 4/4] tpm: Add documentation for the tpm_vtpm device driver

r documentation. > > Update the documentation for the ioctl numbers. > > Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> > CC: linux-ker...@vger.kernel.org > CC: linux-doc@vger.kernel.org > CC: linux-...@vger.kernel.org Reviewed-by: Jarkko Sakkinen

Re: [PATCH v9 2/4] tpm: Proxy driver for supporting multiple emulated TPMs

ese > commands and delivers them to an emulated TPM. > > Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> > CC: linux-ker...@vger.kernel.org > CC: linux-doc@vger.kernel.org > CC: linux-...@vger.kernel.org Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@lin

Re: [PATCH v9 2/4] tpm: Proxy driver for supporting multiple emulated TPMs

On Thu, Apr 07, 2016 at 11:49:44AM -0400, Stefan Berger wrote: > On 04/07/2016 08:35 AM, Jarkko Sakkinen wrote: > >On Tue, Mar 29, 2016 at 02:19:12PM -0400, Stefan Berger wrote: > >>This patch implements a proxy driver for supporting multiple emulated TPMs > >>in a

Re: [PATCH v8 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

On Wed, Mar 16, 2016 at 11:49:04AM -0600, Jason Gunthorpe wrote: > On Wed, Mar 16, 2016 at 02:09:16PM +0200, Jarkko Sakkinen wrote: > > On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote: > > > Alternative to this would be to have /dev/vtpmx create: > > > &g

Re: [PATCH v8 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote: > This patch implements a proxy driver for supporting multiple emulated TPMs > in a system. > > The driver implements a device /dev/vtpmx that is used to created > a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side

Re: [v9,3/4] tpm: Initialize TPM and get durations and timeouts

On Tue, Apr 05, 2016 at 12:56:26PM +0300, Jarkko Sakkinen wrote: > On Thu, Mar 31, 2016 at 08:58:47AM -0400, Stefan Berger wrote: > > On 03/31/2016 04:24 AM, Jarkko Sakkinen wrote: > > >On Tue, Mar 29, 2016 at 02:19:13PM -0400, Stefan Berger wrote: > > >>Add the

Re: [v9,3/4] tpm: Initialize TPM and get durations and timeouts

On Thu, Mar 31, 2016 at 08:58:47AM -0400, Stefan Berger wrote: > On 03/31/2016 04:24 AM, Jarkko Sakkinen wrote: > >On Tue, Mar 29, 2016 at 02:19:13PM -0400, Stefan Berger wrote: > >>Add the retrieval of TPM 1.2 durations and timeouts. Since this requires > >>the startup

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote: > On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > >

Re: [PATCH v11 4/4] tpm: Add documentation for the tpm_vtpm_proxy device driver

r documentation. > > Update the documentation for the ioctl numbers. > > Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> > Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> &g

Re: [PATCH v11 3/4] tpm: Proxy driver for supporting multiple emulated TPMs

ibm.com> > Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com> Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> /Jarkko > > CC: linux-ker...@vger.kernel.org > CC: linux-doc@vger.kernel.org

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by > > applications to set aside private regions of code and data. The code > > outside the

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote: > On 2016-04-29 16:17, Jarkko Sakkinen wrote: > >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote: > >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote: > >>>Intel(R) SGX is a se

Re: [PATCH 5/6] intel_sgx: driver documentation

On Mon, Apr 25, 2016 at 01:01:06PM -0700, Andy Lutomirski wrote: > On 04/25/2016 10:34 AM, Jarkko Sakkinen wrote: > >+SGX_IOCTL_ENCLAVE_INIT > >+ > >+Initializes an enclave given by SIGSTRUCT and EINITTOKEN. Executes EINIT > >leaf > >+instruction that will c

Re: [PATCH 0/6] Intel Secure Guard Extensions

On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote: > > * Andy Lutomirski wrote: > > > > What new syscalls would be needed for ssh to get all this support? > > > > This patchset or similar, plus some user code and an enclave to use. > > > > Sadly, on current

Re: [PATCH 3/3] tpm: move documentation under Documentation/security

On Mon, Nov 07, 2016 at 03:37:52PM -0700, Jonathan Corbet wrote: > On Thu, 3 Nov 2016 17:57:52 -0600 > Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote: > > > In order too make Documentation root directory cleaner move the tpm > > directory under Documenta

Re: ASCII diagrams and RST/Sphinx documentation

On Mon, Nov 07, 2016 at 03:58:42PM +0200, Jani Nikula wrote: > On Sat, 05 Nov 2016, Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote: > > Hi > > > > I recently submitted patches to move the existing TPM driver > > documentation to the new scheme. There is on

Re: [PATCH 2/3] tpm: transition tpm_vtpm_proxy documentation to the Sphinx

On Thu, Nov 03, 2016 at 05:57:51PM -0600, Jarkko Sakkinen wrote: > Transitioned the tpm_vtpm_proxy documentation to the Sphinx > infrastructure and removed parts from the documentation that are easier > to pull from the sources. Restructured vtpm_proxy.h and tpm_vtpm_proxy.c > to b

[PATCH] tpm: transition tpm_vtpm_proxy documentation to the Sphinx

-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> --- Documentation/index.rst| 1 + Documentation/tpm/index.rst| 7 +++ .../tpm/{tpm_vtpm_proxy.txt => tpm_vtpm_proxy.rst} | 53 +--- drivers/char/tpm/tpm_vtp

Re: [tpmdd-devel] [PATCH] tpm: transition tpm_vtpm_proxy documentation to the Sphinx

Thanks for the comments. I'll revise this. /Jarkko On Wed, Nov 02, 2016 at 03:26:00PM -0700, Stefan Berger wrote: > Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote on 11/02/2016 >12:01:56 PM: > >> >> Transitioned the tpm_vtpm_proxy

Re: [PATCH] tpm: transition tpm_vtpm_proxy documentation to the Sphinx

On Thu, Nov 03, 2016 at 10:21:36AM +0200, Jani Nikula wrote: > On Wed, 02 Nov 2016, Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote: > > Transitioned the tpm_vtpm_proxy documentation to the Sphinx > > infrastructure and removed parts from the documentation that are ea

[PATCH 2/3] tpm: transition tpm_vtpm_proxy documentation to the Sphinx

-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> --- Documentation/index.rst| 1 + Documentation/tpm/index.rst| 7 +++ .../tpm/{tpm_vtpm_proxy.txt => tpm_vtpm_proxy.rst} | 55 +++--- 3 files changed, 25 insertio

[PATCH 3/3] tpm: move documentation under Documentation/security

In order too make Documentation root directory cleaner move the tpm directory under Documentation/security. Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> --- Documentation/index.rst | 2 +- Documentation/security/index.rst

Re: [PATCH 3/3] tpm: move documentation under Documentation/security

On Fri, Nov 04, 2016 at 02:06:00PM +0200, Jani Nikula wrote: > On Fri, 04 Nov 2016, Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote: > > In order too make Documentation root directory cleaner move the tpm > > directory under Documentation/security. > > FWI

Re: [PATCH v5 11/11] intel_sgx: driver documentation

On Mon, Nov 27, 2017 at 09:03:39AM -0800, Sean Christopherson wrote: > I have a branch based on Jarkko's patches (I believe it's up-to-date with v5) > that implements what I described.  I'd be happy to send RFC patches if that > would help. That would only slow things down. The code is easy to

[PATCH v6 11/11] intel_sgx: driver documentation

Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> --- Documentation/index.rst | 1 + Documentation/x86/intel_sgx.rst | 101 2 files changed, 102 insertions(+) create mode 100644 Documentation/x86/intel_sgx.rst diff

[PATCH v6 00/11] Intel SGX Driver

_encl_release to sgx_encl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Haim Cohen (1): x86: add SGX MSRs to msr-index.h Jarkko Sakkinen (8): intel_sgx: updated MAINTAINERS x86: define IA32_FEATUE_CONTROL.SGX_LC intel_sgx: driver for Intel Software Guard Extensions intel_sgx: ptr

Re: [PATCH v5 11/11] intel_sgx: driver documentation

On Tue, Nov 28, 2017 at 10:37:48PM +0200, Jarkko Sakkinen wrote: > On Mon, Nov 27, 2017 at 09:03:39AM -0800, Sean Christopherson wrote: > > I have a branch based on Jarkko's patches (I believe it's up-to-date with > > v5) > > that implements what I described.  I'd be happ

[PATCH v9 0/7] Intel SGX Driver

_pids * moved sgx_encl_release to sgx_encl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkko Sakkinen (5): intel_sgx: updated MAINTAINERS intel_sgx: driver for Intel Software Guard Extensions intel_sgx: ptrace() support intel_sgx: driver documentation intel_sgx: in-kernel launch encla

[PATCH v9 6/7] intel_sgx: driver documentation

Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> Tested-by: Serge Ayoun <serge.ay...@intel.com> --- Documentation/index.rst | 1 + Documentation/x86/intel_sgx.rst | 101 2 files changed, 102 insertions(+) create

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue, Dec 12, 2017 at 03:07:50PM +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to > > set aside private regions of code and data. The code outside the encl

[PATCH v8 0/8] Intel SGX Driver

cl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkko Sakkinen (6): intel_sgx: updated MAINTAINERS intel_sgx: driver for Intel Software Guard Extensions intel_sgx: ptrace() support intel_sgx: driver documentation fs/pipe.c: export create_pipe_files() intel_sgx: in-kernel l

[PATCH v8 6/8] intel_sgx: driver documentation

Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> Tested-by: Serge Ayoun <serge.ay...@intel.com> --- Documentation/index.rst | 1 + Documentation/x86/intel_sgx.rst | 101 2 files changed, 102 insertions(+) create

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote: > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > Intel(R) SGX is a set of CPU instructions that can be used by applications > > to > > set aside private regions of code and data. The code outside the encl

Re: [PATCH v5 11/11] intel_sgx: driver documentation

t the silly moderation spam of that list. Please disable that > > nonsense. > > > > > On Mon, Nov 13, 2017 at 09:45:28PM +0200, Jarkko Sakkinen wrote: > > > Is SGX considered architectural or not? A quick search of the SDM > > > includes it in Volume 3: > >

Re: [PATCH v5 11/11] intel_sgx: driver documentation

On Sat, Nov 18, 2017 at 12:34:33AM +0100, Thomas Gleixner wrote: > This is architecural. From the cursory read of that series it seems there > are two parts to it: > > 1) The actual core handling, which should be in arch/x86 because that > hardly qualifies as a 'platform' device driver. >

[PATCH v7 0/8] Intel SGX Driver

ions when sgx in not enabled. * Removed cruft rdmsr-calls from sgx_set_pubkeyhash_msrs(). * return -ENOMEM in sgx_alloc_page() when VA pages consume too much space * removed unused global sgx_nr_pids * moved sgx_encl_release to sgx_encl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkk

[PATCH v7 6/8] intel_sgx: driver documentation

Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> --- Documentation/index.rst | 1 + Documentation/x86/intel_sgx.rst | 101 2 files changed, 102 insertions(+) create mode 100644 Documentation/x86/intel_sgx.rst diff

[PATCH] Documentation: support kernel enforcement

I'm sorry that I forgot to add my name on time. Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> --- Documentation/process/kernel-enforcement-statement.rst | 1 + 1 file changed, 1 insertion(+) diff --git a/Documentation/process/kernel-enforcement-statement.rst b/Documen

Re: [PATCH v6 00/11] Intel SGX Driver

On Wed, Dec 20, 2017 at 01:33:46AM +0200, Jarkko Sakkinen wrote: > On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote: > > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote: > > > Intel(R) SGX is a set of CPU instructions that can be used by > > > applications

[PATCH v10 0/7] Intel SGX Driver

cl.c * return -ERESTARTSYS instead of -EINTR in sgx_encl_init() Jarkko Sakkinen (5): intel_sgx: updated MAINTAINERS intel_sgx: driver for Intel Software Guard Extensions intel_sgx: ptrace() support intel_sgx: driver documentation intel_sgx: in-kernel launch enclave Kai Huang (1): x86: add SG

[PATCH v10 6/7] intel_sgx: driver documentation

Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> Tested-by: Serge Ayoun <serge.ay...@intel.com> --- Documentation/index.rst | 1 + Documentation/x86/intel_sgx.rst | 168 2 files changed, 169 insertions(+) create

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Jan 04, 2018 at 03:06:43AM -0600, Dr. Greg Wettstein wrote: > If we are talking about the issues motivating the KPTI work I don't > have any useful information beyond what is raging through the industry > right now. > > With respect to SGX, the issues giving rise to KPTI are

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > and the MELTATOMBOMBA4 worm which uses this exploit? > > Ced Everything going out of L1 gets encrypted. This is done to defend against peripheral like

Re: [PATCH v6 00/11] Intel SGX Driver

On Tue, Jan 09, 2018 at 03:50:23PM -0600, Dr. Greg Wettstein wrote: > > Everything going out of L1 gets encrypted. This is done to defend > > against peripheral like adversaries and should work also against > > meltdown. > > I don't believe this is an architecturally correct assertion. The >

Re: [PATCH v6 00/11] Intel SGX Driver

On Thu, Feb 08, 2018 at 09:46:53AM +0100, Pavel Machek wrote: > On Tue 2018-01-09 16:27:30, Jarkko Sakkinen wrote: > > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote: > > > So how does this protect against the MELTDOWN attack (CVE-2017-5754) > > > and th