Re: [tpmdd-devel] [PATCH 01/23] TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev

On Fri, 2018-08-24 at 09:25 +0300, Jarkko Sakkinen wrote: > On Fri, Aug 24, 2018 at 09:24:34AM +0300, Jarkko Sakkinen wrote: > > On Tue, Aug 21, 2018 at 12:30:04PM -0600, Jason Gunthorpe wrote: > > > On Tue, Aug 21, 2018 at 04:56:56PM +0100, David Howells wrote: > > > > Add newly registered TPMs

Re: [tpmdd-devel] [PATCH] tpm: improve tpm_tis send() performance by ignoring burstcount

On Mon, 2017-08-14 at 13:56 +0300, Jarkko Sakkinen wrote: > > > Since the main concern about this change is breaking old systems that > > > might potentially have other peripherals hanging off the LPC bus, can > > > we define a new Kconfig option, with the default as 'N'? > > > > > > Mimi > > >

Re: [tpmdd-devel] [PATCH] tpm: improve tpm_tis send() performance by ignoring burstcount

On Mon, 2017-08-14 at 13:56 +0300, Jarkko Sakkinen wrote: > > > > I would like to see tpm_msleep() wrapper to replace current msleep() > > > > usage across the subsystem before considering this. I.e. wrapper that > > > > internally uses usleep_range(). This way we can mechanically convert > > > >

Re: [tpmdd-devel] [PATCH] tpm: improve tpm_tis send() performance by ignoring burstcount

On Fri, 2017-08-11 at 14:14 +0300, Jarkko Sakkinen wrote: > On Wed, Aug 09, 2017 at 11:00:36PM +0200, Peter Huewe wrote: > > Hi Ken, > > (again speaking only on my behalf, not my employer) > > > > > Does anyone know of platforms where this occurs? > > > I suspect (but not sure) that the days of

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v3 0/6] Updated API for TPM 2.0 PCR extend

On Wed, 2017-07-05 at 11:18 -0400, Ken Goldman wrote: > On 6/28/2017 1:28 PM, Jarkko Sakkinen wrote: > > On Mon, Jun 26, 2017 at 08:33:59AM -0400, Mimi Zohar wrote: > >> On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote: > >>> On Wed, Jun 21, 2017 at 04:29:3

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v3 0/6] Updated API for TPM 2.0 PCR extend

On Wed, 2017-06-28 at 20:28 +0300, Jarkko Sakkinen wrote: > On Mon, Jun 26, 2017 at 08:33:59AM -0400, Mimi Zohar wrote: > > On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote: > > > On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote: > > > &g

Re: [tpmdd-devel] [PATCH v3 3/6] tpm: introduce tpm_pcr_bank_info structure with digest_size from TPM

On Wed, 2017-06-21 at 16:29 +0200, Roberto Sassu wrote: > This patch introduces the new structure tpm_pcr_bank_info to store > information regarding PCR banks. The next patch will replace the array of > TPM algorithms IDs with an array of the new structure. > > tpm_pcr_bank_info contains the TPM

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v3 0/6] Updated API for TPM 2.0 PCR extend

On Mon, 2017-06-26 at 16:56 +0200, Roberto Sassu wrote: > On 6/26/2017 2:33 PM, Mimi Zohar wrote: > > On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote: > >> On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote: > > > > > >> To move this forw

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v3 0/6] Updated API for TPM 2.0 PCR extend

On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote: > On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote: > To move this forward and be more constructive here's how I see it > should be done (along the lines, draft): > > int tpm_pcr_extend(u32 chip_num, int pcr_idx, unsigned

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v2 3/5] tpm: pass multiple digests to tpm_pcr_extend()

On Tue, 2017-05-30 at 09:28 +0200, Roberto Sassu wrote: > On 5/30/2017 5:29 AM, Mimi Zohar wrote: > > On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > >> @@ -876,29 +925,46 @@ static int tpm1_pcr_extend(struct tpm_chip *chip, > >> int pcr_idx, const u8 *ha

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v2 4/5] keys, trusted: modify arguments of tpm_pcr_extend()

On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > pcrlock() has been modified to pass the correct arguments > to tpm_pcr_extend(): the pointer of a tpm2_digest structure containing > a random value generated by tpm_get_random() and the size of the array (1). If the number of arguments is

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH v2 3/5] tpm: pass multiple digests to tpm_pcr_extend()

On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote: > The tpm_pcr_extend() definition has been modified to take an array of > tpm2_digest structures, and the size of the array as arguments. > > The function now checks if callers provided a digests for each active > PCR bank (or a SHA1 digest

Re: [tpmdd-devel] [Linux-ima-devel] [PATCH 0/4] Extend TPM 2.0 PCR banks each with corresponding digest

Hi Jarkko, On Wed, 2017-04-05 at 15:16 +0300, Jarkko Sakkinen wrote: > On Wed, Mar 29, 2017 at 12:24:48PM +0200, Roberto Sassu wrote: > > tpm_pcr_extend() was originally designed to extend a TPM 1.2 PCR with > > a SHA1 digest. With TPM 2.0, multiple hash algorithms can be supported, > > but, at

Re: [tpmdd-devel] Support for Crypto Agile format in IMA

On Fri, 2017-03-10 at 17:28 +0100, Roberto Sassu wrote: > On 3/10/2017 4:36 PM, Ken Goldman wrote: > > It's not a TCG standard, just a way of making sure the unused PCR bank > > doesn't remain at zero, permitting forged measurements. > > > > As for the verifier, I ignore the bank I'm not

Re: [tpmdd-devel] Support for Crypto Agile format in IMA

On Wed, 2017-03-08 at 18:11 +0100, Roberto Sassu wrote: > On 3/8/2017 5:29 PM, Mimi Zohar wrote: > > The reason for extending multiple TPM banks is to prevent user space > > from being able to extend unused TPM banks with whatever they want and > > then quote those banks, base

Re: [tpmdd-devel] [RFC PATCH] tpm: msleep() delays - replace with usleep_range() in i2c nuvoton driver

On Thu, 2017-03-02 at 10:33 +0200, Jarkko Sakkinen wrote: > On Fri, Feb 24, 2017 at 12:29:02PM -0500, Mimi Zohar wrote: > > On Fri, 2017-02-24 at 19:01 +0200, Jarkko Sakkinen wrote: > > > On Thu, Feb 23, 2017 at 06:46:18PM -0500, Mimi Zohar wrote: > > > > Commi

Re: [tpmdd-devel] [PATCH] tpm: Fix expected number of response bytes of TPM1.2 PCR Extend

On Fri, 2017-02-17 at 20:45 +0200, Jarkko Sakkinen wrote: > On Fri, Feb 17, 2017 at 07:46:38AM -0500, Mimi Zohar wrote: > > Hi James, > > > > On Wed, 2017-02-15 at 20:09 +0200, Jarkko Sakkinen wrote: > > > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger

Re: [tpmdd-devel] [PATCH] tpm: Fix expected number of response bytes of TPM1.2 PCR Extend

oblem where IMA gets errors with every PCR Extend. > > > > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") > > Signed-off-by: Stefan Berger <stef...@linux.vnet.ibm.com> > > Acked-by: Mimi Zohar <zo...@us.ibm.com> > > R

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, 2017-02-01 at 12:30 +0200, Jarkko Sakkinen wrote: > On Tue, Jan 31, 2017 at 05:31:50PM -0500, Mimi Zohar wrote: > > On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote: > > > On Tue, 31 Jan 2017, Jarkko Sakkinen wrote: > > > > > > > James, >

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote: > On Tue, 31 Jan 2017, Jarkko Sakkinen wrote: > > > James, > > > > The discussion is about two features: > > > > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks > >instead of just SHA-1 banks. It is recommended by

Re: [tpmdd-devel] [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

On Tue, 2017-01-03 at 00:15 +0200, Jarkko Sakkinen wrote: > On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote: > > IMA extends its hash measurements in the TPM PCRs, based on policy. > > The existing in-kernel TPM extend function extends only the SHA1 > > PCR bank. TPM 2.0 defines

Re: [tpmdd-devel] [Linux-ima-devel] TPM microconf at Linux Plumbers Conference?

On Tue, 2016-06-07 at 01:38 +0100, Matthew Garrett wrote: > On Mon, Jun 06, 2016 at 08:35:55PM -0400, Mimi Zohar wrote: > > > Did you consider submitting this as an Linux Security Summit (LSS) > > discussion topic? > > Yes, I've submitted something for that, bu

Re: [tpmdd-devel] Question on Linux TSS architecture design (kernel vs. user space access)

On Tue, 2016-01-05 at 09:43 +, Fuchs, Andreas wrote: > > > I'd like to get a list of people interested to work on some conceptual > > > stuff > > > first though. > > > > I don't care in what process the patches are implemented. I can review > > and test patches once there is something real