Re: [tpmdd-devel] [PATCH v7 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

On 01/03/2017 03:42 AM, Jarkko Sakkinen wrote: > On Sun, Dec 11, 2016 at 12:35:33AM -0500, Nayna Jain wrote: >> Unlike the device driver support for TPM 1.2, the TPM 2.0 does >> not support the securityfs pseudo files for displaying the >> firmware event log. >> >> This patch enables support for

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote: > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote: > > > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote: > > > > This patch set adds support for TPM

Re: [tpmdd-devel] [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for TPM 2.0

On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote: > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote: > > Added a ioctl for creating a TPM space. The space is isolated from the > > other users of the TPM. Only a process holding the file with the handle > > can access

Re: [tpmdd-devel] [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip

On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote: > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > > Since there is only one thread using TPM chip at a time to transmit data > > we can migrate struct tpm_buf to struct tpm_chip. This makes the use of > > it more

Re: [tpmdd-devel] [PATCH v2 0/2] tpm: enhance TPM 2.0 extend function to support multiple PCR banks

On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote: > IMA extends its hash measurements in the TPM PCRs, based on policy. > The existing in-kernel TPM extend function extends only the SHA1 > PCR bank. TPM 2.0 defines multiple PCR banks, to support different > hash algorithms. The TCG TPM

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote: > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote: > > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote: > > > This patch set adds support for TPM spaces that provide a context > > > for isolating and swapping

Re: [tpmdd-devel] [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for TPM 2.0

On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote: > Added a ioctl for creating a TPM space. The space is isolated from the > other users of the TPM. Only a process holding the file with the handle > can access the objects and only objects that are created through that > file handle

Re: [tpmdd-devel] [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip

On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote: > Since there is only one thread using TPM chip at a time to transmit data > we can migrate struct tpm_buf to struct tpm_chip. This makes the use of > it more fail safe as the buffer is allocated from heap when the device > is

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote: > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote: > > This patch set adds support for TPM spaces that provide a context > > for isolating and swapping transient objects. This patch set does > > not yet include support for

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide a context > for isolating and swapping transient objects. This patch set does > not yet include support for isolating policy and HMAC sessions but > it is trivial to add once the

Re: [tpmdd-devel] TPM 2.0 device driver blocking open

On Mon, 2017-01-02 at 15:15 +, Fuchs, Andreas wrote: > That's why current TSS 2.0 and TSS 1.2 assumed a resource-manager in > UserSpace We already discussed this at Plumbers. the problem is that the kernel itself needs access to the TPM (in both Linux and Windows as far as I can tell). If

[tpmdd-devel] [PATCH RFC 1/4] tpm: migrate struct tpm_buf to struct tpm_chip

Since there is only one thread using TPM chip at a time to transmit data we can migrate struct tpm_buf to struct tpm_chip. This makes the use of it more fail safe as the buffer is allocated from heap when the device is created and not for every transaction. This is needed characteristic for the

[tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

This patch set adds support for TPM spaces that provide a context for isolating and swapping transient objects. This patch set does not yet include support for isolating policy and HMAC sessions but it is trivial to add once the basic approach is settled (and that's why I created an RFC patch

[tpmdd-devel] [PATCH RFC 4/4] tpm: add the infrastructure for TPM space for TPM 2.0

Added a ioctl for creating a TPM space. The space is isolated from the other users of the TPM. Only a process holding the file with the handle can access the objects and only objects that are created through that file handle can be accessed. Signed-off-by: Jarkko Sakkinen

[tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0 commands

Check for every TPM 2.0 command that the command code is supported and the command buffer has at least the length that can contain the header and the handle area. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-interface.c | 32