On Wed, Mar 09, 2016 at 12:39:27PM -0500, Stefan Berger wrote:
> This patch implements a driver for supporting multiple emulated TPMs in a
> system.
>
> The driver implements a device /dev/vtpmx that is used to created
> a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side that
>
On Fri, Mar 18, 2016 at 10:52:00AM +0200, Jarkko Sakkinen wrote:
> On Thu, Mar 17, 2016 at 01:45:20PM -0400, Stefan Berger wrote:
> > On 03/16/2016 04:42 PM, Jarkko Sakkinen wrote:
> > >On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote:
> > >>+
> >
ese
> commands and delivers them to an emulated TPM.
Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
My testing procedure was:
* Wine running TPM 2.0 simulator on the host side. [1]
* QEMU running an OS image with this patch. [2]
* Wrote a script for proxying the simulator:
On Sat, Mar 12, 2016 at 06:27:13PM -0500, Stefan Berger wrote:
> Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote on 03/12/2016
>01:51:54 PM:
>
>>
>> On Fri, Mar 11, 2016 at 09:51:03PM -0500, Stefan Berger wrote:
>> > This patch impl
On Thu, Mar 10, 2016 at 12:32:15PM -0500, Stefan Berger wrote:
> On 03/10/2016 11:39 AM, Jarkko Sakkinen wrote:
> >+/* above flags */
> >+#define VTPM_FLAG_TPM2 1 /* emulator is TPM 2 */
> >+
> >+/* all supported flags */
> >+#define VTPM_FLAGS_ALL
On Fri, Mar 11, 2016 at 09:51:03PM -0500, Stefan Berger wrote:
> This patch implements a proxy driver for supporting multiple emulated TPMs
> in a system.
>
> The driver implements a device /dev/vtpmx that is used to created
> a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side
On Tue, Mar 29, 2016 at 02:19:13PM -0400, Stefan Berger wrote:
> Add the retrieval of TPM 1.2 durations and timeouts. Since this requires
> the startup of the TPM, do this for TPM 1.2 and TPM 2.
>
> Signed-off-by: Stefan Berger
> CC: linux-ker...@vger.kernel.org
> CC:
r documentation.
>
> Update the documentation for the ioctl numbers.
>
> Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
> CC: linux-ker...@vger.kernel.org
> CC: linux-doc@vger.kernel.org
> CC: linux-...@vger.kernel.org
Reviewed-by: Jarkko Sakkinen
ese
> commands and delivers them to an emulated TPM.
>
> Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
> CC: linux-ker...@vger.kernel.org
> CC: linux-doc@vger.kernel.org
> CC: linux-...@vger.kernel.org
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@lin
On Thu, Apr 07, 2016 at 11:49:44AM -0400, Stefan Berger wrote:
> On 04/07/2016 08:35 AM, Jarkko Sakkinen wrote:
> >On Tue, Mar 29, 2016 at 02:19:12PM -0400, Stefan Berger wrote:
> >>This patch implements a proxy driver for supporting multiple emulated TPMs
> >>in a
On Wed, Mar 16, 2016 at 11:49:04AM -0600, Jason Gunthorpe wrote:
> On Wed, Mar 16, 2016 at 02:09:16PM +0200, Jarkko Sakkinen wrote:
> > On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote:
>
> > Alternative to this would be to have /dev/vtpmx create:
> >
> &g
On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote:
> This patch implements a proxy driver for supporting multiple emulated TPMs
> in a system.
>
> The driver implements a device /dev/vtpmx that is used to created
> a client device pair /dev/tpmX (e.g., /dev/tpm10) and a server side
On Tue, Apr 05, 2016 at 12:56:26PM +0300, Jarkko Sakkinen wrote:
> On Thu, Mar 31, 2016 at 08:58:47AM -0400, Stefan Berger wrote:
> > On 03/31/2016 04:24 AM, Jarkko Sakkinen wrote:
> > >On Tue, Mar 29, 2016 at 02:19:13PM -0400, Stefan Berger wrote:
> > >>Add the
On Thu, Mar 31, 2016 at 08:58:47AM -0400, Stefan Berger wrote:
> On 03/31/2016 04:24 AM, Jarkko Sakkinen wrote:
> >On Tue, Mar 29, 2016 at 02:19:13PM -0400, Stefan Berger wrote:
> >>Add the retrieval of TPM 1.2 durations and timeouts. Since this requires
> >>the startup
On Mon, Apr 25, 2016 at 10:53:52AM -0700, Greg KH wrote:
> On Mon, Apr 25, 2016 at 08:34:07PM +0300, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> >
r documentation.
>
> Update the documentation for the ioctl numbers.
>
> Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
&g
ibm.com>
> Reviewed-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
Reviewed-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Tested-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
/Jarkko
>
> CC: linux-ker...@vger.kernel.org
> CC: linux-doc@vger.kernel.org
On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the
On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by
> > applications to set aside private regions of code and data. The code
> > outside the
On Mon, May 02, 2016 at 11:37:52AM -0400, Austin S. Hemmelgarn wrote:
> On 2016-04-29 16:17, Jarkko Sakkinen wrote:
> >On Tue, Apr 26, 2016 at 09:00:10PM +0200, Pavel Machek wrote:
> >>On Mon 2016-04-25 20:34:07, Jarkko Sakkinen wrote:
> >>>Intel(R) SGX is a se
On Mon, Apr 25, 2016 at 01:01:06PM -0700, Andy Lutomirski wrote:
> On 04/25/2016 10:34 AM, Jarkko Sakkinen wrote:
> >+SGX_IOCTL_ENCLAVE_INIT
> >+
> >+Initializes an enclave given by SIGSTRUCT and EINITTOKEN. Executes EINIT
> >leaf
> >+instruction that will c
On Wed, Apr 27, 2016 at 10:18:05AM +0200, Ingo Molnar wrote:
>
> * Andy Lutomirski wrote:
>
> > > What new syscalls would be needed for ssh to get all this support?
> >
> > This patchset or similar, plus some user code and an enclave to use.
> >
> > Sadly, on current
On Mon, Nov 07, 2016 at 03:37:52PM -0700, Jonathan Corbet wrote:
> On Thu, 3 Nov 2016 17:57:52 -0600
> Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote:
>
> > In order too make Documentation root directory cleaner move the tpm
> > directory under Documenta
On Mon, Nov 07, 2016 at 03:58:42PM +0200, Jani Nikula wrote:
> On Sat, 05 Nov 2016, Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote:
> > Hi
> >
> > I recently submitted patches to move the existing TPM driver
> > documentation to the new scheme. There is on
On Thu, Nov 03, 2016 at 05:57:51PM -0600, Jarkko Sakkinen wrote:
> Transitioned the tpm_vtpm_proxy documentation to the Sphinx
> infrastructure and removed parts from the documentation that are easier
> to pull from the sources. Restructured vtpm_proxy.h and tpm_vtpm_proxy.c
> to b
-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
Documentation/index.rst| 1 +
Documentation/tpm/index.rst| 7 +++
.../tpm/{tpm_vtpm_proxy.txt => tpm_vtpm_proxy.rst} | 53 +---
drivers/char/tpm/tpm_vtp
Thanks for the comments. I'll revise this.
/Jarkko
On Wed, Nov 02, 2016 at 03:26:00PM -0700, Stefan Berger wrote:
> Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote on 11/02/2016
>12:01:56 PM:
>
>>
>> Transitioned the tpm_vtpm_proxy
On Thu, Nov 03, 2016 at 10:21:36AM +0200, Jani Nikula wrote:
> On Wed, 02 Nov 2016, Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote:
> > Transitioned the tpm_vtpm_proxy documentation to the Sphinx
> > infrastructure and removed parts from the documentation that are ea
-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
Documentation/index.rst| 1 +
Documentation/tpm/index.rst| 7 +++
.../tpm/{tpm_vtpm_proxy.txt => tpm_vtpm_proxy.rst} | 55 +++---
3 files changed, 25 insertio
In order too make Documentation root directory cleaner move the tpm
directory under Documentation/security.
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
Documentation/index.rst | 2 +-
Documentation/security/index.rst
On Fri, Nov 04, 2016 at 02:06:00PM +0200, Jani Nikula wrote:
> On Fri, 04 Nov 2016, Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote:
> > In order too make Documentation root directory cleaner move the tpm
> > directory under Documentation/security.
>
> FWI
On Mon, Nov 27, 2017 at 09:03:39AM -0800, Sean Christopherson wrote:
> I have a branch based on Jarkko's patches (I believe it's up-to-date with v5)
> that implements what I described. I'd be happy to send RFC patches if that
> would help.
That would only slow things down. The code is easy to
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
Documentation/index.rst | 1 +
Documentation/x86/intel_sgx.rst | 101
2 files changed, 102 insertions(+)
create mode 100644 Documentation/x86/intel_sgx.rst
diff
_encl_release to sgx_encl.c
* return -ERESTARTSYS instead of -EINTR in sgx_encl_init()
Haim Cohen (1):
x86: add SGX MSRs to msr-index.h
Jarkko Sakkinen (8):
intel_sgx: updated MAINTAINERS
x86: define IA32_FEATUE_CONTROL.SGX_LC
intel_sgx: driver for Intel Software Guard Extensions
intel_sgx: ptr
On Tue, Nov 28, 2017 at 10:37:48PM +0200, Jarkko Sakkinen wrote:
> On Mon, Nov 27, 2017 at 09:03:39AM -0800, Sean Christopherson wrote:
> > I have a branch based on Jarkko's patches (I believe it's up-to-date with
> > v5)
> > that implements what I described. I'd be happ
_pids
* moved sgx_encl_release to sgx_encl.c
* return -ERESTARTSYS instead of -EINTR in sgx_encl_init()
Jarkko Sakkinen (5):
intel_sgx: updated MAINTAINERS
intel_sgx: driver for Intel Software Guard Extensions
intel_sgx: ptrace() support
intel_sgx: driver documentation
intel_sgx: in-kernel launch encla
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Tested-by: Serge Ayoun <serge.ay...@intel.com>
---
Documentation/index.rst | 1 +
Documentation/x86/intel_sgx.rst | 101
2 files changed, 102 insertions(+)
create
On Tue, Dec 12, 2017 at 03:07:50PM +0100, Pavel Machek wrote:
> On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to
> > set aside private regions of code and data. The code outside the encl
cl.c
* return -ERESTARTSYS instead of -EINTR in sgx_encl_init()
Jarkko Sakkinen (6):
intel_sgx: updated MAINTAINERS
intel_sgx: driver for Intel Software Guard Extensions
intel_sgx: ptrace() support
intel_sgx: driver documentation
fs/pipe.c: export create_pipe_files()
intel_sgx: in-kernel l
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Tested-by: Serge Ayoun <serge.ay...@intel.com>
---
Documentation/index.rst | 1 +
Documentation/x86/intel_sgx.rst | 101
2 files changed, 102 insertions(+)
create
On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote:
> On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote:
> > Intel(R) SGX is a set of CPU instructions that can be used by applications
> > to
> > set aside private regions of code and data. The code outside the encl
t the silly moderation spam of that list. Please disable that
> > nonsense.
> >
> > > On Mon, Nov 13, 2017 at 09:45:28PM +0200, Jarkko Sakkinen wrote:
> > > Is SGX considered architectural or not? A quick search of the SDM
> > > includes it in Volume 3:
> >
On Sat, Nov 18, 2017 at 12:34:33AM +0100, Thomas Gleixner wrote:
> This is architecural. From the cursory read of that series it seems there
> are two parts to it:
>
> 1) The actual core handling, which should be in arch/x86 because that
> hardly qualifies as a 'platform' device driver.
>
ions when sgx in not enabled.
* Removed cruft rdmsr-calls from sgx_set_pubkeyhash_msrs().
* return -ENOMEM in sgx_alloc_page() when VA pages consume too much space
* removed unused global sgx_nr_pids
* moved sgx_encl_release to sgx_encl.c
* return -ERESTARTSYS instead of -EINTR in sgx_encl_init()
Jarkk
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
Documentation/index.rst | 1 +
Documentation/x86/intel_sgx.rst | 101
2 files changed, 102 insertions(+)
create mode 100644 Documentation/x86/intel_sgx.rst
diff
I'm sorry that I forgot to add my name on time.
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
---
Documentation/process/kernel-enforcement-statement.rst | 1 +
1 file changed, 1 insertion(+)
diff --git a/Documentation/process/kernel-enforcement-statement.rst
b/Documen
On Wed, Dec 20, 2017 at 01:33:46AM +0200, Jarkko Sakkinen wrote:
> On Tue, 2017-12-12 at 15:07 +0100, Pavel Machek wrote:
> > On Sat 2017-11-25 21:29:17, Jarkko Sakkinen wrote:
> > > Intel(R) SGX is a set of CPU instructions that can be used by
> > > applications
cl.c
* return -ERESTARTSYS instead of -EINTR in sgx_encl_init()
Jarkko Sakkinen (5):
intel_sgx: updated MAINTAINERS
intel_sgx: driver for Intel Software Guard Extensions
intel_sgx: ptrace() support
intel_sgx: driver documentation
intel_sgx: in-kernel launch enclave
Kai Huang (1):
x86: add SG
Signed-off-by: Jarkko Sakkinen <jarkko.sakki...@linux.intel.com>
Tested-by: Serge Ayoun <serge.ay...@intel.com>
---
Documentation/index.rst | 1 +
Documentation/x86/intel_sgx.rst | 168
2 files changed, 169 insertions(+)
create
On Thu, Jan 04, 2018 at 03:06:43AM -0600, Dr. Greg Wettstein wrote:
> If we are talking about the issues motivating the KPTI work I don't
> have any useful information beyond what is raging through the industry
> right now.
>
> With respect to SGX, the issues giving rise to KPTI are
On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote:
> So how does this protect against the MELTDOWN attack (CVE-2017-5754)
> and the MELTATOMBOMBA4 worm which uses this exploit?
>
> Ced
Everything going out of L1 gets encrypted. This is done to defend
against peripheral like
On Tue, Jan 09, 2018 at 03:50:23PM -0600, Dr. Greg Wettstein wrote:
> > Everything going out of L1 gets encrypted. This is done to defend
> > against peripheral like adversaries and should work also against
> > meltdown.
>
> I don't believe this is an architecturally correct assertion. The
>
On Thu, Feb 08, 2018 at 09:46:53AM +0100, Pavel Machek wrote:
> On Tue 2018-01-09 16:27:30, Jarkko Sakkinen wrote:
> > On Thu, Jan 04, 2018 at 03:17:24PM +0100, Cedric Blancher wrote:
> > > So how does this protect against the MELTDOWN attack (CVE-2017-5754)
> > > and th
53 matches
Mail list logo