Re: [tpmdd-devel] [PATCH 0/4] Extend TPM 2.0 PCR banks each with corresponding digest

[Roberto Sassu]

On 3/30/2017 11:16 AM, Nayna wrote:
> Why can't we export existing tpm2_pcr_extend() and use that directly ?

tpm2_pcr_extend() requires the tpm_chip structure, which is
not exposed outside. Translation from chip_num to tpm_chip
should be done in tpm-interface.c (see tpm_seal_trusted()).

Roberto

--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: [tpmdd-devel] [PATCH 0/4] Extend TPM 2.0 PCR banks each with corresponding digest

[Nayna]

On 03/29/2017 03:54 PM, Roberto Sassu wrote:
> tpm_pcr_extend() was originally designed to extend a TPM 1.2 PCR with
> a SHA1 digest. With TPM 2.0, multiple hash algorithms can be supported,
> but, at the moment, only one digest can be passed to the function.
>
> Since TCG mandates that all PCR banks must be extended, commit c1f92b4
> (tpm: enhance TPM 2.0 PCR extend to support multiple banks) filled
> the gap by padding the SHA1 digest passed to tpm_pcr_extend(), to extend
> remaining PCR banks.
>
> This patch set adds support for providing a digest for each PCR bank.
>
> The first patch adds an additional check to tpm2_pcr_extend() to ensure
> that all digests have been provided (to meet TCG specs).
>
> The second patch provides a mechanism for TPM users to convert a TPM
> algorithm ID to a crypto ID and vice-versa, so that they can calculate
> the digest of an event data by using the crypto subsystem.
>
> The third patch allows TPM users to know which hash algorithms the TPM
> supports. Since the limit of active banks is fixed (the size of the
> active_banks array in the tpm_chip structure), the new function
> tpm_pcr_algorithms() accepts as input a sized array.
>
> The fourth patch introduces tpm_pcr_extend_digests(), which accepts
> as input a sized array of tpm2_digest structures. Each array element
> contains the algorithm and the digest for a PCR bank.

Why can't we export existing tpm2_pcr_extend() and use that directly ?

Thanks & Regards,
 - Nayna


>
> Roberto Sassu (4):
>tpm: check whether all digests have been provided for TPM 2.0 extend
>tpm: introduce tpm2_pcr_algo_to_crypto() and
>  tpm2_pcr_algo_from_crypto()
>tpm: introduce tpm_pcr_algorithms()
>tpm: introduce tpm_extend_pcr_digests()
>
>   drivers/char/tpm/tpm-interface.c | 121 
> +++
>   drivers/char/tpm/tpm.h   |  19 +-
>   drivers/char/tpm/tpm2-cmd.c  |  65 +++--
>   include/linux/tpm.h  |  44 ++
>   4 files changed, 200 insertions(+), 49 deletions(-)
>


--
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
___
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel