will store the identifier
and the digest size of TPM algorithms in the tpm_chip structure.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm2-cmd.c | 34 +-
1 file changed, 21 insertions(+), 13 deletions(-)
diff --git a/drivers/char/tp
for this issue. If a TPM
algorithm is not known by the crypto subsystem, the TPM driver retrieves
the digest size from the TPM with a PCR read. All the PCR banks are
extended, even if the algorithm is not yet supported by the crypto
subsystem.
Roberto Sassu (3):
tpm: move PCR read code to static function
log (they are included in the Crypto Agile
format defined by TCG); crypto identifiers will be used to calculate
digests using the crypto subsystem; digest sizes will be used to truncate
digests calculated with different algorithms.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.
. The array of algorithms (active_banks)
has been replaced with an array of active_pcr_bank_info, a new structure
containing both the TPM algorithm identifier and the digest size.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 4 +--
drivers/ch
On 6/26/2017 2:33 PM, Mimi Zohar wrote:
On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote:
On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote:
To move this forward and be more constructive here's how I see it
should be done (along the lines, draft):
int tpm_pcr_extend(u32
On 6/24/2017 11:03 AM, Jarkko Sakkinen wrote:
On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote:
The first version of the patch set can be retrieved at the URL:
https://sourceforge.net/p/tpmdd/mailman/message/35756302/
The patches should be applied on top of the next branch
On 6/24/2017 11:03 AM, Jarkko Sakkinen wrote:
On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote:
The first version of the patch set can be retrieved at the URL:
https://sourceforge.net/p/tpmdd/mailman/message/35756302/
The patches should be applied on top of the next branch
tpm2_do_selftest() performs a PCR read during the TPM initialization phase.
This patch replaces the PCR read code with a call to tpm2_pcr_read().
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm2-cmd.c | 31 +--
1 file chan
tpm2_pcr_read() now builds the PCR read command buffer with tpm_buf
functions. This solution is preferred to using a tpm2_cmd structure,
as tpm_buf functions provide protection against buffer overflow.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm2-cmd.
On 6/23/2017 12:26 PM, Jarkko Sakkinen wrote:
On Wed, Jun 21, 2017 at 04:29:38PM +0200, Roberto Sassu wrote:
This patch introduces the new structure tpm_pcr_bank_info to store
information regarding PCR banks. The next patch will replace the array of
TPM algorithms IDs with an array of the new
On 6/23/2017 11:55 AM, Jarkko Sakkinen wrote:
On Wed, Jun 21, 2017 at 04:29:37PM +0200, Roberto Sassu wrote:
tpm2_do_selftest() performs a PCR read during the TPM initialization phase.
This patch replaces the PCR read code with a call to
tpm2_pcr_read_tpm_buf(). tpm2_do_selftest() parses
On 6/22/2017 12:14 PM, Jarkko Sakkinen wrote:
On Wed, Jun 21, 2017 at 04:29:36PM +0200, Roberto Sassu wrote:
tpm2_pcr_read() now uses tpm_buf functions to build the TPM command
to read a PCR. Those functions are preferred to passing a tpm2_cmd
structure, as they provide protection against
modified to use the
digest size retrieved from the TPM instead of that from the crypto
subsystem.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 4 ++--
drivers/char/tpm/tpm.h | 2 +-
drivers/char/tpm/tpm2-cmd.c
a digest for each PCR bank.
Callers of tpm_pcr_extend(), pcrlock() and ima_pcr_extend(), have been
modified to pass the new arguments. They pass to tpm_pcr_extend() an array
with one element, containing the same SHA1 digest they were passing before
this patch.
Signed-off-by: Roberto Sassu
(TPM_ACTIVE_BANKS_MAX definition).
A tpm_pcr_bank_info structure is also returned if the TPM version is 1.2.
The advantage of this choice is that the code for extending a PCR with
multiple digests will work regardless of the TPM version.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.
tpm2_do_selftest() performs a PCR read during the TPM initialization phase.
This patch replaces the PCR read code with a call to
tpm2_pcr_read_tpm_buf(). tpm2_do_selftest() parses the result of the
TPM command, in order to retrieve the return code.
Signed-off-by: Roberto Sassu <roberto
measurements. Instead, the digest size
is retrieved from the output buffer of a PCR read, without relying
on the crypto subsystem.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm.h | 11 ---
drivers/char/tpm/tpm2-cmd.
s supported algorithms also for TPM 1.2
- fixed return values of tpm2_pcr_algo_to_crypto() and
tpm2_pcr_algo_from_crypto() if TPM support is disabled in the kernel
- tpm_pcr_extend() arguments checked by tpm_pcr_check_input()
- modified parameters of tpm_pcr_extend()
Roberto Sassu (6):
tpm: use
because callers of the new function obtain different information from
the output buffer: tpm2_pcr_read() gets the digest, tpm2_do_selftest()
will get the command return code and tpm2_get_pcr_allocation() will get
the digest size.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
d
On 5/30/2017 2:06 PM, Mimi Zohar wrote:
On Tue, 2017-05-30 at 09:36 +0200, Roberto Sassu wrote:
On 5/30/2017 5:35 AM, Mimi Zohar wrote:
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
pcrlock() has been modified to pass the correct arguments
to tpm_pcr_extend(): the pointer
On 5/30/2017 1:25 PM, Mimi Zohar wrote:
On Tue, 2017-05-30 at 09:28 +0200, Roberto Sassu wrote:
On 5/30/2017 5:29 AM, Mimi Zohar wrote:
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
@@ -876,29 +925,46 @@ static int tpm1_pcr_extend(struct tpm_chip *chip, int
pcr_idx, const u8
On 5/24/2017 10:25 PM, Jarkko Sakkinen wrote:
On Wed, May 24, 2017 at 10:33:54AM -0700, Jarkko Sakkinen wrote:
On Mon, May 22, 2017 at 09:21:28AM +0200, Roberto Sassu wrote:
On 5/20/2017 3:22 PM, Jarkko Sakkinen wrote:
On Mon, May 15, 2017 at 04:22:22PM +0200, Roberto Sassu wrote:
On 5/15
On 5/24/2017 7:35 PM, Jarkko Sakkinen wrote:
On Mon, May 22, 2017 at 11:07:54AM +0200, Roberto Sassu wrote:
On 5/20/2017 3:18 PM, Jarkko Sakkinen wrote:
On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
On 5/15/2017 3:18 PM, Roberto Sassu wrote:
On 5/15/2017 12:36 PM, Jarkko
On 5/30/2017 5:29 AM, Mimi Zohar wrote:
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
The tpm_pcr_extend() definition has been modified to take an array of
tpm2_digest structures, and the size of the array as arguments.
The function now checks if callers provided a digests for each
On 5/20/2017 3:18 PM, Jarkko Sakkinen wrote:
> On Wed, May 17, 2017 at 10:42:35AM +0200, Roberto Sassu wrote:
>> On 5/15/2017 3:18 PM, Roberto Sassu wrote:
>>>
>>>
>>> On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
>>>> On Fri, May 0
On 5/20/2017 3:22 PM, Jarkko Sakkinen wrote:
> On Mon, May 15, 2017 at 04:22:22PM +0200, Roberto Sassu wrote:
>> On 5/15/2017 1:16 PM, Jarkko Sakkinen wrote:
>>> On Fri, May 05, 2017 at 04:21:49PM +0200, Roberto Sassu wrote:
>>>> tpm_pcr_algorithms() returns to i
On 5/15/2017 12:36 PM, Jarkko Sakkinen wrote:
> On Fri, May 05, 2017 at 04:21:48PM +0200, Roberto Sassu wrote:
>> This function allows TPM users to know which algorithms the TPM supports.
>> It stores the algorithms in a static array of 'enum tpm2_algorithms',
>> al
st.
It has been introduced to maintain compatibility with applications that
expect to interact with a TPM 1.2, and provide only a SHA1 digest.
In this case, the behavior of tpm_pcr_extend() is unchanged and
remaining PCR banks are extended with that digest, padded with zeros.
Signed-off-by: Rob
for completeness, is instead used
by tpm2_seal_trusted() to perform the opposite conversion.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
v2
- fixed return values of tpm2_pcr_algo_to_crypto() and
tpm2_pcr_algo_from_crypto() if TPM support is disabled in the kernel
drivers/ch
()
- modified callers of tpm_pcr_extend()
Roberto Sassu (5):
tpm: introduce tpm_pcr_algorithms()
tpm: introduce tpm_pcr_algo_to_crypto() and tpm_pcr_algo_from_crypto()
tpm: pass multiple digests to tpm_pcr_extend()
keys, trusted: modify arguments of tpm_pcr_extend()
ima: modify arguments of
On 5/4/2017 11:24 AM, Jarkko Sakkinen wrote:
> On Wed, May 03, 2017 at 06:19:08PM +0200, Roberto Sassu wrote:
>> This patch set moves TPM 1.2 specific code to a new function called
>> tpm1_pcr_extend(). The purpose of splitting is to isolate TPM 2.0 code,
>> so that it can be
buffer overflow. It is called by
tpm_pcr_extend() and tpm_pm_suspend().
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 41 +++-
1 file changed, 24 insertions(+), 17 deletions(-)
diff --git a/drivers/char/t
buffer overflow. It is called by
tpm_pcr_extend() and tpm_pm_suspend().
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 41 +++-
1 file changed, 24 insertions(+), 17 deletions(-)
diff --git a/drivers/char/t
Move CPU native value to big-endian conversion of ordinals to the
tpm_input_header declarations.
With the previous and this patch it will now be possible to modify TPM 1.2
functions to use tpm_buf_init(), which expects CPU native value for the
tag and ordinal arguments.
Signed-off-by: Roberto
are already converted,
passing them to the function will undo the previous conversion.
This patch moves the conversion of TPM_TAG_RQU_COMMAND from the tpm.h
header file in the driver directory to the tpm_input_header declarations
in the driver interface and tpm-sysfs.c.
Signed-off-by: Roberto
endianness conversion in TPM_TAG_RQU_COMMAND definition
- removed '#include ' in tpm-interface.c
and tpm-sysfs.c
- restored TPM_ORD_ definitions in tpm-interface.c and tpm-sysfs.c
Roberto Sassu (3):
tpm: move endianness conversion of TPM_TAG_RQU_COMMAND to
tpm_input_header
tpm: move endianness
onversion to the tpm_input_header
declaration.
Probably, the Reviewed-by in your previous email was for patch 1/3.
Thanks
Roberto
>
> /Jarkko
>
>>
>> Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
>> ---
>> drivers/char/tpm/tpm-interface.c | 19
buffer overflow. It is called by
tpm_pcr_extend() and tpm_pm_suspend().
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 46 +---
1 file changed, 24 insertions(+), 22 deletions(-)
diff --git a/drivers/char/t
in the tpm_input_header
declarations.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 15 ---
drivers/char/tpm/tpm-sysfs.c | 3 ++-
drivers/char/tpm/tpm.h | 2 --
3 files changed, 10 insertions(+), 10 deletions(-)
diff
to the previous method, offers
protection against buffer overflow. Moreover, CPU native to big-endian
conversion has been removed from tags and ordinals definition, as it is
already done by tpm_buf_init().
Roberto Sassu (3):
tpm: use CPU native value for TPM_TAG_RQU_COMMAND
tpm: move ordinals definition
On 4/7/2017 9:31 PM, Jarkko Sakkinen wrote:
>> would you have any objection if the new functions work
>> regardless of the TPM version?
>
> Yes, you should not add multiple functions that do the same thing
> essentially. Please rework tpm_pcr_extend instead.
This means that callers of
On 4/5/2017 4:36 PM, Roberto Sassu wrote:
> I have a question. As you can see in the IMA patch, I'm calling
> tpm_is_tpm2() to determine if I should invoke tpm_pcr_extend(),
> for TPM 1.2, or tpm_pcr_extend_digests(), for TPM 2.0.
>
> Should the new function work with TPM 1.2? I
On 4/5/2017 3:50 PM, Roberto Sassu wrote:
> As I mentioned earlier, it is used in this patch:
>
> https://sourceforge.net/p/linux-ima/mailman/message/35757195/
I have a question. As you can see in the IMA patch, I'm calling
tpm_is_tpm2() to determine if I should invoke tpm_pcr_extend()
On 4/5/2017 3:43 PM, Jarkko Sakkinen wrote:
> Which one is needed for IMA? I mean for in-kernel API you should not add
> any extra flexibility. Please implement the patch set with the minimal
> flexibility in mind. Just enough to get IMA uses cases done and explain
> in the commit messages your
On 4/5/2017 2:14 PM, Jarkko Sakkinen wrote:
> On Wed, Mar 29, 2017 at 12:24:52PM +0200, Roberto Sassu wrote:
>> Allow TPM users to provide a digest for each PCR bank,
>> for the extend operation.
>>
>> Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
&g
On 4/5/2017 2:13 PM, Jarkko Sakkinen wrote:
> On Wed, Mar 29, 2017 at 12:24:51PM +0200, Roberto Sassu wrote:
>> Return the algorithms supported by the TPM. The limit
>> (TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.
>>
>> Signed-off-by: Roberto Sass
On 4/5/2017 2:12 PM, Jarkko Sakkinen wrote:
> On Wed, Mar 29, 2017 at 12:24:49PM +0200, Roberto Sassu wrote:
>> TCG mandates that all PCR banks must be extended during the same operation.
>> tpm2_pcr_extend() will check whether all digests have been provided.
>>
>> The
On 3/30/2017 11:16 AM, Nayna wrote:
> Why can't we export existing tpm2_pcr_extend() and use that directly ?
tpm2_pcr_extend() requires the tpm_chip structure, which is
not exposed outside. Translation from chip_num to tpm_chip
should be done in tpm-interface.c (see tpm_seal_trusted()).
Roberto
Introduce these functions to convert between TPM and crypto algorithm IDs.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 51
drivers/char/tpm/tpm.h | 11 -
drivers/char/tpm/tpm2
Allow TPM users to provide a digest for each PCR bank,
for the extend operation.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 31 +++
drivers/char/tpm/tpm.h | 6 --
include/linux/tpm.h
Return the algorithms supported by the TPM. The limit
(TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.
Signed-off-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm-interface.c | 39 +++
drivers/char/tpm/tpm.h
-by: Roberto Sassu <roberto.sa...@huawei.com>
---
drivers/char/tpm/tpm2-cmd.c | 23 +++
1 file changed, 23 insertions(+)
diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 881aea9..f4d534c 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/ch
On 3/10/2017 4:36 PM, Ken Goldman wrote:
> It's not a TCG standard, just a way of making sure the unused PCR bank
> doesn't remain at zero, permitting forged measurements.
>
> As for the verifier, I ignore the bank I'm not interested in. I don't
> verify the truncated/padded bank.
On 3/8/2017 5:29 PM, Mimi Zohar wrote:
> The reason for extending multiple TPM banks is to prevent user space
> from being able to extend unused TPM banks with whatever they want and
> then quote those banks, based on a bogus list. I wouldn't say that
> padding/truncating the unused TPM banks is
On 3/7/2017 7:10 PM, Ken Goldman wrote:
> Since a lot of design work has gone into this, and there are
> implementations, my thought would be to see if it can be used rather
> than designing something new.
IMA format is different: the event type is not sent after the PCR.
>
>>> The TPM IDs
55 matches
Mail list logo