Re: [tpmdd-devel] [Ibmtpm20tss-users] add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms

James Bottomley wrote on 01/04/2017 02:45:21 PM: > > James is proposing using the Decrypt op to do this job. > > I believe the TCG has decided this is the only way to sign arbitrary > data. My suspicion is that this was an omission, not a decision. In fact, Part 1

Re: [tpmdd-devel] add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms

Jason Gunthorpe wrote on 01/04/2017 01:54:34 PM: > We don't need the algorithm in the TPM. We just need to be able to RSA > sign an arbitary OID + externally computed hash like TPM 1.2 could. > > What is the recommended way to create a key with a sign-only

Re: [tpmdd-devel] [Ibmtpm20tss-users] add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms

On Wed, 2017-01-04 at 11:54 -0700, Jason Gunthorpe wrote: > On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote: > >Jason Gunthorpe wrote on > > 01/03/2017 > >07:42:17 PM: > >> > ... but my current TPM doesn't understand > >> > anything

Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands

James Bottomley wrote on 01/04/2017 01:19:36 PM: > From: James Bottomley > To: Stefan Berger/Watson/IBM@IBMUS, Jarkko Sakkinen > > Cc: linux-security-mod...@vger.kernel.org, tpmdd- >

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Wed, 2017-01-04 at 11:31 -0700, Jason Gunthorpe wrote: > On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote: > > > > > But this is not trousers, this is an in-kernel 0666 char dev > > > > that will be active on basically every Linux system with a TPM. > > > > I think we have a

Re: [tpmdd-devel] add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms

On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote: >Jason Gunthorpe wrote on 01/03/2017 >07:42:17 PM: >> > ... but my current TPM doesn't understand >> > anything other than sha1 or sha256, so it wouldn't allow more state >of >

Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands

On Wed, Jan 04, 2017 at 01:04:59PM -0500, Stefan Berger wrote: >> @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe); >> */ >> int tpm2_auto_startup(struct tpm_chip *chip) >> { >> + u32 nr_commands; >> int rc; >> + int i; >> >> rc =

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

"Dr. Greg Wettstein" wrote on 01/04/2017 11:12:41 AM: > The kernel needs a resource manager. Everyone needs to think VERY > hard and VERY, VERY carefully about what gets put into the kernel. In > making a decision, put the ABSOLUTE smallest amount of code into the >

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote: > > > But this is not trousers, this is an in-kernel 0666 char dev that > > > will be active on basically every Linux system with a TPM. I think > > > we have a duty to be very conservative here. > > Just to note on this that

Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands

On Wed, 2017-01-04 at 13:04 -0500, Stefan Berger wrote: > Jarkko Sakkinen wrote on 01/02/2017 > 08:22:08 AM: > > > --- a/drivers/char/tpm/tpm2-cmd.c > > +++ b/drivers/char/tpm/tpm2-cmd.c > > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe); > > */ > > int

Re: [tpmdd-devel] [Ibmtpm20tss-users] [TrouSerS-tech] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

Trimmed the CC list a bit. Where does this discussion really belong? Trousers is for TPM 1.2, and it's not a TSS or TPM device driver issue. If you're all TCG members, the TCG's TPM WG is the real place to go if you want to get something fixed. James Bottomley

Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands

Jarkko Sakkinen wrote on 01/02/2017 08:22:08 AM: > --- a/drivers/char/tpm/tpm2-cmd.c > +++ b/drivers/char/tpm/tpm2-cmd.c > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe); > */ > int tpm2_auto_startup(struct tpm_chip *chip) > { > + u32 nr_commands; >

[tpmdd-devel] [RESEND][RFC] tpm_tis: broken on TPMs with a static burst count

(Resending as no reply received, this time with CCs to TPM maintainers and author of the original commit). Hi all, Commit 1107d065fdf1 (tpm_tis: Introduce intermediate layer for TPM access) broke TPM support on ThinkPad X61S (and likely also on other machines which use TPMs with a static burst

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Wed, Jan 04, 2017 at 02:58:10PM +0200, Jarkko Sakkinen wrote: > On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote: > > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote: > > > > > OK, so I put a patch together that does this (see below). It all works > > > nicely

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Wed, 2017-01-04 at 14:50 +0200, Jarkko Sakkinen wrote: > On Tue, Jan 03, 2017 at 05:17:32PM -0700, Jason Gunthorpe wrote: > > On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote: [...] > > > > Even if TPM 2 has a stronger password based model, I still > > > > think the kernel should

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Tue, Jan 03, 2017 at 09:47:21PM -0800, Andy Lutomirski wrote: > On 01/02/2017 09:26 PM, James Bottomley wrote: > > On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote: > > > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote: > > > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Tue, Jan 03, 2017 at 02:47:02PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote: > > > > I'm not sure about this. Why you couldn't have a very thin daemon > > > that prepares the file descriptor and sends it through UDS socket to > > > a

Re: [tpmdd-devel] [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for TPM 2.0

On Tue, Jan 03, 2017 at 12:16:34PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote: > > > > Added a ioctl for

Re: [tpmdd-devel] [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for TPM 2.0

On Tue, Jan 03, 2017 at 11:46:27AM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote: > > > > Added a ioctl for

Re: [tpmdd-devel] [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip

On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote: > > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > > > > Since there is

Re: [tpmdd-devel] [TrouSerS-tech] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

On Tue, Jan 03, 2017 at 04:40:53PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 03, 2017 at 03:22:56PM -0800, James Bottomley wrote: > > > I think it is very important to natively support the sign-only key > > > usage restriction. TPM1.2 goes so far as to declare keys that can be > > > used for

Re: [tpmdd-devel] [PATCH v7 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

On 01/03/2017 07:03 PM, Jarkko Sakkinen wrote: > On Tue, Jan 03, 2017 at 01:09:18PM +0530, Nayna wrote: >> >> >> On 01/03/2017 03:42 AM, Jarkko Sakkinen wrote: >>> On Sun, Dec 11, 2016 at 12:35:33AM -0500, Nayna Jain wrote: Unlike the device driver support for TPM 1.2, the TPM 2.0 does