Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On 02/01/2017 02:20 AM, Jarkko Sakkinen wrote: > On Wed, Feb 01, 2017 at 12:14:12AM +0530, Nayna wrote: >>> I already sent my pull request to 4.11 and even today I found something >>> fishy. You declared a function local array by using a variable in "tpm: >>> enhance TPM 2.0 PCR extend to

[tpmdd-devel] [PATCH v3] tpm2: add session handle context saving and restoring to the space code

Sessions are different from transient objects in that their handles may not be virtualized (because they're used for some hmac calculations). Additionally when a session is context saved, a vestigial memory remains in the TPM and if it is also flushed, that will be lost and the session context

Re: [tpmdd-devel] [PATCH 2/2] tpm2-space: add handling for global session exhaustion

On Mon, 2017-01-30 at 00:02 +0200, Jarkko Sakkinen wrote: > On Fri, Jan 27, 2017 at 04:33:54PM -0800, James Bottomley wrote: > > In a TPM2, sessions can be globally exhausted once there are > > TPM_PT_ACTIVE_SESSION_MAX of them (even if they're all context > > saved). > > The Strategy for handling

Re: [tpmdd-devel] Resource manager tabrm5 fails sessions

On Tue, 2017-01-31 at 15:57 -0500, Ken Goldman wrote: > Should tabrm5 have the session swapping yet? Is there a different > head I should be using? Jarkko's branch doesn't currently have sessions. If you want the session code, it's here:

Re: [tpmdd-devel] [PATCH v2 1/2] tpm2: add session handle context saving and restoring to the space code

On Tue, 2017-01-31 at 18:21 +0200, Jarkko Sakkinen wrote: [...] > Now that I understand what is happening I'll give some code level > feedback. Overally I think this is in really good shape! Thanks! [...] > On Fri, Jan 27, 2017 at 04:32:38PM -0800, James Bottomley wrote: > > ---

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote: > On Tue, 31 Jan 2017, Jarkko Sakkinen wrote: > > > James, > > > > The discussion is about two features: > > > > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks > >instead of just SHA-1 banks. It is recommended by

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, Feb 01, 2017 at 08:46:32AM +1100, James Morris wrote: > On Tue, 31 Jan 2017, Jarkko Sakkinen wrote: > > > James, > > > > The discussion is about two features: > > > > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks > >instead of just SHA-1 banks. It is

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Tue, 31 Jan 2017, Jarkko Sakkinen wrote: > James, > > The discussion is about two features: > > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks >instead of just SHA-1 banks. It is recommended by TCG to do so in >order to prevent malicious use of PCRs. > 2. TPM

[tpmdd-devel] Resource manager tabrm5 fails sessions

Should tabrm5 have the session swapping yet? Is there a different head I should be using? I have the following test: create a primary storage key create 2 signing keys under the storage key, each with a different password load all 2 keys create an hmac session sign

Re: [tpmdd-devel] [PATCH] tpm: fix a sparse error in tpm-interface.c

On Tue, Jan 31, 2017 at 11:10:41AM -0800, James Bottomley wrote: > On Tue, 2017-01-31 at 20:07 +0200, Jarkko Sakkinen wrote: > > drivers/char/tpm//tpm-interface.c:492:42: warning: bad assignment ( > > -=) > > to restricted __be32 > > > > Fixes: 0883743825e3 ("TPM: sysfs functions consolidation")

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, Feb 01, 2017 at 12:14:12AM +0530, Nayna wrote: > > I already sent my pull request to 4.11 and even today I found something > > fishy. You declared a function local array by using a variable in "tpm: > > enhance TPM 2.0 PCR extend to support multiple banks" (max_active_banks > > or

Re: [tpmdd-devel] [PATCH] tpm: fix a sparse error in tpm-sysfs.c

On Tue, Jan 31, 2017 at 01:43:59PM -0500, Stefan Berger wrote: > drivers/char/tpm/tpm-sysfs.c:161:25: warning: expression using sizeof bool > > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") > Signed-off-by: Stefan Berger > --- >

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Tue, Jan 31, 2017 at 07:46:59PM +0200, Jarkko Sakkinen wrote: > On Mon, Jan 30, 2017 at 03:08:42PM +0530, Nayna wrote: > > > > > From: "Ken Goldman" > > > > > > Date: 26-Jan-2017 2:53 AM > > > Subject: Re: [tpmdd-devel] [PATCH v9

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On Tue, 2017-01-31 at 14:28 -0500, Ken Goldman wrote: > On 1/30/2017 11:04 AM, James Bottomley wrote: > > > > This depends what your threat model is. For ssh keys, you worry > > that someone might be watching, so you use HMAC authority even for > > a local TPM. > > If someone can "watch" my

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On 1/30/2017 11:04 AM, James Bottomley wrote: > > This depends what your threat model is. For ssh keys, you worry > that someone might be watching, so you use HMAC authority even for a > local TPM. If someone can "watch" my local process, they can capture my password anyway. Does using a

Re: [tpmdd-devel] [PATCH] tpm: fix a sparse error in tpm-interface.c

On Tue, 2017-01-31 at 20:07 +0200, Jarkko Sakkinen wrote: > drivers/char/tpm//tpm-interface.c:492:42: warning: bad assignment ( > -=) > to restricted __be32 > > Fixes: 0883743825e3 ("TPM: sysfs functions consolidation") > Signed-off-by: Jarkko Sakkinen > --- >

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On 01/31/2017 11:16 PM, Jarkko Sakkinen wrote: > On Mon, Jan 30, 2017 at 03:08:42PM +0530, Nayna wrote: >> >>> From: "Ken Goldman" >> > >>> Date: 26-Jan-2017 2:53 AM >>> Subject: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs >>>

[tpmdd-devel] [PATCH] tpm: fix a sparse error in tpm-sysfs.c

drivers/char/tpm/tpm-sysfs.c:161:25: warning: expression using sizeof bool Fixes: c659af78eb7b ("tpm: Check size of response before accessing data") Signed-off-by: Stefan Berger --- drivers/char/tpm/tpm.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff

[tpmdd-devel] [PATCH] tpm: fix type errors in tpm_tis_spi.c

In these functions u16 or u32 was used as __le16 or __le32: - tpm_tis_spi_read16 - tpm_tis_spi_read32 - tpm_tis_spi_write32 Fixes: 0edbfea537d1 ("tpm/tpm_tis_spi: Add support for spi phy") Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm_tis_spi.c | 17

[tpmdd-devel] [PATCH] tpm: fix a sparse error in tpm-interface.c

drivers/char/tpm//tpm-interface.c:492:42: warning: bad assignment (-=) to restricted __be32 Fixes: 0883743825e3 ("TPM: sysfs functions consolidation") Signed-off-by: Jarkko Sakkinen --- drivers/char/tpm/tpm-interface.c | 2 +- 1 file changed, 1 insertion(+), 1

Re: [tpmdd-devel] Fwd: Re: [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Mon, Jan 30, 2017 at 03:08:42PM +0530, Nayna wrote: > > > From: "Ken Goldman" > > > > Date: 26-Jan-2017 2:53 AM > > Subject: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs > > support,for TPM 2.0 firmware event log > > To:

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On Mon, Jan 30, 2017 at 02:13:08PM -0800, James Bottomley wrote: > On Mon, 2017-01-30 at 23:58 +0200, Jarkko Sakkinen wrote: > > On Mon, Jan 30, 2017 at 08:04:55AM -0800, James Bottomley wrote: > > > On Sun, 2017-01-29 at 19:52 -0500, Ken Goldman wrote: > > > > On 1/27/2017 5:04 PM, James

Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs support, for TPM 2.0 firmware event log

On Wed, Jan 25, 2017 at 04:22:45PM -0500, Ken Goldman wrote: > > You do not need to send a new patch set version as long as this > > one gets peer tested. And it needs to be tested without hacks > > like plumbing TCPA with TPM 2.0 in QEMU. OF code paths needs to > > be peer tested to be more