[tpmdd-devel] Fixing TPM_RC_CONTEXT_GAP

TPM_RC_CONTEXT_GAP is an error the TPM is allowed to return when the counter that ensures the uniqueness of context saved sessions overflows. The solution, according to the manual, is to re-load and save the oldest session because that frees the old value causing the gap. This leads to a

Re: [tpmdd-devel] [PATCH v6 0/2] enhance TPM 2.0 extend function to support multiple PCR banks

On Wed, Jan 25, 2017 at 10:45:35PM +0200, Jarkko Sakkinen wrote: > On Fri, Jan 20, 2017 at 12:05:11PM -0500, Nayna Jain wrote: > > IMA extends its hash measurements in the TPM PCRs, based on policy. > > The existing in-kernel TPM extend function extends only the SHA1 > > PCR bank. TPM 2.0 defines

Re: [tpmdd-devel] [PATCH] tpm_tis: use default timeout value if chip reports it as zero

On 25.01.2017 23:58, Jarkko Sakkinen wrote: > On Wed, Jan 25, 2017 at 10:26:44PM +0100, Maciej S. Szmigiero wrote: >> On 25.01.2017 21:09, Jarkko Sakkinen wrote: >>> On Tue, Jan 24, 2017 at 02:42:29PM +0100, Maciej S. Szmigiero wrote: On 24.01.2017 13:01, Jarkko Sakkinen wrote: > On Mon,

Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, Jan 25, 2017 at 04:22:45PM -0500, Ken Goldman wrote: > > You do not need to send a new patch set version as long as this > > one gets peer tested. And it needs to be tested without hacks > > like plumbing TCPA with TPM 2.0 in QEMU. OF code paths needs to > > be peer tested to be more

Re: [tpmdd-devel] [PATCH v6 0/2] enhance TPM 2.0 extend function to support multiple PCR banks

On Thu, Jan 26, 2017 at 12:52:52AM +0200, Jarkko Sakkinen wrote: > On Thu, Jan 26, 2017 at 12:04:01AM +0200, Jarkko Sakkinen wrote: > > On Wed, Jan 25, 2017 at 04:08:55PM -0500, Stefan Berger wrote: > > > On 01/25/2017 03:45 PM, Jarkko Sakkinen wrote: > > > > On Fri, Jan 20, 2017 at 12:05:11PM

Re: [tpmdd-devel] [PATCH v6 0/2] enhance TPM 2.0 extend function to support multiple PCR banks

On Thu, Jan 26, 2017 at 12:04:01AM +0200, Jarkko Sakkinen wrote: > On Wed, Jan 25, 2017 at 04:08:55PM -0500, Stefan Berger wrote: > > On 01/25/2017 03:45 PM, Jarkko Sakkinen wrote: > > > On Fri, Jan 20, 2017 at 12:05:11PM -0500, Nayna Jain wrote: > > > > IMA extends its hash measurements in the

[tpmdd-devel] [PATCH v6 2/2] tpm: enhance TPM 2.0 PCR extend to, support multiple banks

> The current TPM 2.0 device driver extends only the SHA1 PCR bank > but the TCG Specification[1] recommends extending all active PCR > banks, to prevent malicious users from setting unused PCR banks with > fake measurements and quoting them. > > The existing in-kernel interface(tpm_pcr_extend())

Re: [tpmdd-devel] [PATCH RFC] tpm: define a command filter

On Wed, Jan 25, 2017 at 10:21:37PM +0200, Jarkko Sakkinen wrote: > There should be anyway someway to limit what commands can be sent but > I understand your point. What is the filter for? James and I talked about a filter to create a safer cdev for use by users. However tpms0 cannot be that

Re: [tpmdd-devel] [PATCH v6 0/2] enhance TPM 2.0 extend function to support multiple PCR banks

On Wed, Jan 25, 2017 at 04:08:55PM -0500, Stefan Berger wrote: > On 01/25/2017 03:45 PM, Jarkko Sakkinen wrote: > > On Fri, Jan 20, 2017 at 12:05:11PM -0500, Nayna Jain wrote: > > > IMA extends its hash measurements in the TPM PCRs, based on policy. > > > The existing in-kernel TPM extend function

Re: [tpmdd-devel] [PATCH v6 0/2] enhance TPM 2.0 extend function to support multiple PCR banks

On 01/25/2017 03:45 PM, Jarkko Sakkinen wrote: > On Fri, Jan 20, 2017 at 12:05:11PM -0500, Nayna Jain wrote: >> IMA extends its hash measurements in the TPM PCRs, based on policy. >> The existing in-kernel TPM extend function extends only the SHA1 >> PCR bank. TPM 2.0 defines multiple PCR banks,

Re: [tpmdd-devel] [PATCH v6 0/2] enhance TPM 2.0 extend function to support multiple PCR banks

On Fri, Jan 20, 2017 at 12:05:11PM -0500, Nayna Jain wrote: > IMA extends its hash measurements in the TPM PCRs, based on policy. > The existing in-kernel TPM extend function extends only the SHA1 > PCR bank. TPM 2.0 defines multiple PCR banks, to support different > hash algorithms. The TCG TPM

Re: [tpmdd-devel] [PATCH RFC] tpm: define a command filter

On Tue, Jan 24, 2017 at 12:07:07PM -0700, Jason Gunthorpe wrote: > On Tue, Jan 24, 2017 at 04:36:00PM +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 23, 2017 at 05:19:18PM -0700, Jason Gunthorpe wrote: > > > On Tue, Jan 24, 2017 at 02:02:52AM +0200, Jarkko Sakkinen wrote: > > > > This commit adds a

Re: [tpmdd-devel] [PATCH] tpm_tis: use default timeout value if chip reports it as zero

On Tue, Jan 24, 2017 at 02:42:29PM +0100, Maciej S. Szmigiero wrote: > On 24.01.2017 13:01, Jarkko Sakkinen wrote: > > On Mon, Jan 23, 2017 at 06:23:55PM +0100, Maciej S. Szmigiero wrote: > >> On 16.01.2017 17:39, Jarkko Sakkinen wrote: > >>> On Mon, Jan 16, 2017 at 03:58:26PM +0100, Maciej S.

Re: [tpmdd-devel] [PATCH v6 2/2] tpm: enhance TPM 2.0 PCR extend to support multiple banks

On Tue, Jan 24, 2017 at 06:34:54PM +0530, Nayna wrote: > > > On 01/24/2017 05:29 PM, Jarkko Sakkinen wrote: > > On Mon, Jan 23, 2017 at 10:11:48PM +0530, Nayna wrote: > > > > > > > > > On 01/23/2017 08:49 PM, Jarkko Sakkinen wrote: > > > > On Fri, Jan 20, 2017 at 12:05:13PM -0500, Nayna Jain

Re: [tpmdd-devel] [PATCH] tpm/tpm_i2c_infineon: ensure no ongoing commands on shutdown

On Mon, Jan 16, 2017 at 11:33:18AM +0200, Jarkko Sakkinen wrote: > On Fri, Jan 13, 2017 at 04:42:30PM -0800, Andrey Pronin wrote: > > On Fri, Jan 13, 2017 at 05:28:57PM -0700, Jason Gunthorpe wrote: > > > On Fri, Jan 13, 2017 at 04:09:54PM -0800, Andrey Pronin wrote: > > > > Resetting TPM while

Re: [tpmdd-devel] [PATCH] tpm: remove tpm_read_index and tpm_write_index from tpm.h

On Wed, Jan 25, 2017 at 04:48:58PM +0200, Jarkko Sakkinen wrote: > These are non-generic functions and do not belong to tpm.h. > > Signed-off-by: Jarkko Sakkinen Reviewed-by: Jason Gunthorpe Jason

[tpmdd-devel] [PATCH] tpm: remove tpm_read_index and tpm_write_index from tpm.h

These are non-generic functions and do not belong to tpm.h. Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm.h | 11 --- drivers/char/tpm/tpm_atmel.h | 6 ++ drivers/char/tpm/tpm_nsc.c | 12 3 files changed, 18

Re: [tpmdd-devel] [PATCH RFC v3 5/5] tpm2: expose resource manager via a device link /dev/tpms

On Wed, Jan 25, 2017 at 03:40:04PM +0200, Jarkko Sakkinen wrote: > On Mon, Jan 23, 2017 at 02:16:37PM -0800, James Bottomley wrote: > > On Mon, 2017-01-23 at 23:42 +0200, Jarkko Sakkinen wrote: > > > On Mon, Jan 23, 2017 at 06:58:23PM +0200, Jarkko Sakkinen wrote: > > > > On Mon, Jan 23, 2017 at

Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support for TPM 2.0 firmware event log

On Tue, Jan 24, 2017 at 03:41:22PM +0530, Nayna wrote: > > > On 01/23/2017 08:43 PM, Jarkko Sakkinen wrote: > > On Mon, Jan 23, 2017 at 02:26:27AM -0500, Nayna Jain wrote: > > > Unlike the device driver support for TPM 1.2, the TPM 2.0 does > > > not support the securityfs pseudo files for