On Mon, 2016-01-04 at 20:19 +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 04, 2016 at 04:22:25PM +, Fuchs, Andreas wrote:
> > > On Sat, Jan 02, 2016 at 01:39:57PM -0700, Jason Gunthorpe wrote:
> > > > Ie the first step would be to create a new /dev/ node for the
> > > > 'virtualized' tpm (vs the
On Tue, 2016-01-05 at 09:43 +, Fuchs, Andreas wrote:
> > > I'd like to get a list of people interested to work on some conceptual
> > > stuff
> > > first though.
> >
> > I don't care in what process the patches are implemented. I can review
> > and test patches once there is something real to
On Tue, 2016-01-19 at 11:08 -0700, Jason Gunthorpe wrote:
> On Tue, Jan 19, 2016 at 12:53:40PM -0500, Stefan Berger wrote:
> >This series has absolutely nothing to do with resource
> >management.
>
> Sure the patch doesn't, but the proposed application does.
>
> Linux namespaces is all ab
On Mon, 2016-06-06 at 19:57 +0100, Matthew Garrett wrote:
> Hi,
>
> I'm looking into running a TPM microconference at the Linux Plubmers
> Conference in Santa Fe the first week of November. Right now we have a
> bunch of individual pieces of TPM-related technology, but little overall
> coherenc
On Tue, 2016-06-07 at 01:38 +0100, Matthew Garrett wrote:
> On Mon, Jun 06, 2016 at 08:35:55PM -0400, Mimi Zohar wrote:
>
> > Did you consider submitting this as an Linux Security Summit (LSS)
> > discussion topic?
>
> Yes, I've submitted something for that,
Hi Jarkko,
On Fri, 2016-08-12 at 12:14 +0300, Jarkko Sakkinen wrote:
> On Tue, Aug 09, 2016 at 10:10:30AM +0300, Jarkko Sakkinen wrote:
> PS. One related topic worth of discussing would be event log handover
> from boot loader to the OS. We need to find some defacto approach for
> it shared by di
On Tue, 2017-01-03 at 00:15 +0200, Jarkko Sakkinen wrote:
> On Fri, Dec 30, 2016 at 02:02:28PM -0500, Nayna Jain wrote:
> > IMA extends its hash measurements in the TPM PCRs, based on policy.
> > The existing in-kernel TPM extend function extends only the SHA1
> > PCR bank. TPM 2.0 defines multiple
On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote:
> On Tue, 31 Jan 2017, Jarkko Sakkinen wrote:
>
> > James,
> >
> > The discussion is about two features:
> >
> > 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks
> >instead of just SHA-1 banks. It is recommended by
On Wed, 2017-02-01 at 12:30 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 31, 2017 at 05:31:50PM -0500, Mimi Zohar wrote:
> > On Wed, 2017-02-01 at 08:46 +1100, James Morris wrote:
> > > On Tue, 31 Jan 2017, Jarkko Sakkinen wrote:
> > >
> > > > James,
>
oblem where IMA gets errors with every PCR Extend.
> >
> > Fixes: c659af78eb7b ("tpm: Check size of response before accessing data")
> > Signed-off-by: Stefan Berger
> > Acked-by: Mimi Zohar
>
> Reviewed-by: Jarkko Sakkinen
This patch needs to be incl
On Fri, 2017-02-17 at 20:45 +0200, Jarkko Sakkinen wrote:
> On Fri, Feb 17, 2017 at 07:46:38AM -0500, Mimi Zohar wrote:
> > Hi James,
> >
> > On Wed, 2017-02-15 at 20:09 +0200, Jarkko Sakkinen wrote:
> > > On Wed, Feb 15, 2017 at 11:56:23AM -0500, Stefan Berger
On Thu, 2017-02-23 at 09:36 +, Likun (Hw) wrote:
> Hi,
>
> * Is there any plan to support other evm_hmac algorithms (like
> we done on ima file data hash algorithm), the sha2 or other recent
> algorithms are more hardened than sha1 after all.
The EVM hmac values are system local, so
- 2:760s | 0:015 - 3:967s0:014 - 0:418s
250 hz: 0:028 - 1:954s | 0:040 - 4:096s0:016 - 0:816s
This patch replaces the msleep() with usleep_range() calls in the
i2c nuvoton driver with a consistent max range value.
Signed-of-by: Mimi Zohar
Reviewed-by: Nayna Jain
---
On Thu, 2017-02-23 at 17:00 -0700, Jason Gunthorpe wrote:
> On Thu, Feb 23, 2017 at 06:46:18PM -0500, Mimi Zohar wrote:
> > Commit 500462a9de65 "timers: Switch to a non-cascading wheel" replaced
> > the 'classic' timer wheel, which aimed for near 'exact
On Fri, 2017-02-24 at 19:01 +0200, Jarkko Sakkinen wrote:
> On Thu, Feb 23, 2017 at 06:46:18PM -0500, Mimi Zohar wrote:
> > Commit 500462a9de65 "timers: Switch to a non-cascading wheel" replaced
> > the 'classic' timer wheel, which aimed for near 'exact
On Thu, 2017-03-02 at 10:33 +0200, Jarkko Sakkinen wrote:
> On Fri, Feb 24, 2017 at 12:29:02PM -0500, Mimi Zohar wrote:
> > On Fri, 2017-02-24 at 19:01 +0200, Jarkko Sakkinen wrote:
> > > On Thu, Feb 23, 2017 at 06:46:18PM -0500, Mimi Zohar wrote:
> > > > Commit 500
On Wed, 2017-03-08 at 10:58 +0100, Roberto Sassu wrote:
> On 3/7/2017 10:12 PM, Mimi Zohar wrote:
> > With the "header" and boot-aggregate records for each kexec, the
> > attestation server can determine which hash algorithm was used for
> > extending the differe
On Wed, 2017-03-08 at 18:11 +0100, Roberto Sassu wrote:
> On 3/8/2017 5:29 PM, Mimi Zohar wrote:
> > The reason for extending multiple TPM banks is to prevent user space
> > from being able to extend unused TPM banks with whatever they want and
> > then quote those banks, base
On Thu, 2017-03-09 at 13:05 +0200, Jarkko Sakkinen wrote:
> On Tue, Mar 07, 2017 at 08:39:20AM -0500, Mimi Zohar wrote:
> > On Thu, 2017-03-02 at 10:33 +0200, Jarkko Sakkinen wrote:
> > > On Fri, Feb 24, 2017 at 12:29:02PM -0500, Mimi Zohar wrote:
> > > > On Fri, 201
On Fri, 2017-03-10 at 17:28 +0100, Roberto Sassu wrote:
> On 3/10/2017 4:36 PM, Ken Goldman wrote:
> > It's not a TCG standard, just a way of making sure the unused PCR bank
> > doesn't remain at zero, permitting forged measurements.
> >
> > As for the verifier, I ignore the bank I'm not interested
a delays for every TPM
> operation.
>
> This patch calls usleep_range() only if retry is to be done.
>
> Signed-off-by: Nayna Jain
> Cc: sta...@vger.kernel.org (linux-4.8)
> Reviewed-by: Mimi Zohar
Either Reviewed-by/Acked-by is fine.
Can you pick up this patch and rep
Hi Jarkko,
On Wed, 2017-04-05 at 15:16 +0300, Jarkko Sakkinen wrote:
> On Wed, Mar 29, 2017 at 12:24:48PM +0200, Roberto Sassu wrote:
> > tpm_pcr_extend() was originally designed to extend a TPM 1.2 PCR with
> > a SHA1 digest. With TPM 2.0, multiple hash algorithms can be supported,
> > but, at th
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> The tpm_pcr_extend() definition has been modified to take an array of
> tpm2_digest structures, and the size of the array as arguments.
>
> The function now checks if callers provided a digests for each active
> PCR bank (or a SHA1 digest f
On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> pcrlock() has been modified to pass the correct arguments
> to tpm_pcr_extend(): the pointer of a tpm2_digest structure containing
> a random value generated by tpm_get_random() and the size of the array (1).
If the number of arguments is w
On Tue, 2017-05-30 at 09:28 +0200, Roberto Sassu wrote:
> On 5/30/2017 5:29 AM, Mimi Zohar wrote:
> > On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> >> @@ -876,29 +925,46 @@ static int tpm1_pcr_extend(struct tpm_chip *chip,
> >> int pcr_idx, const u8 *ha
On Tue, 2017-05-30 at 09:36 +0200, Roberto Sassu wrote:
> On 5/30/2017 5:35 AM, Mimi Zohar wrote:
> > On Fri, 2017-05-05 at 16:21 +0200, Roberto Sassu wrote:
> >> pcrlock() has been modified to pass the correct arguments
> >> to tpm_pcr_extend(): the pointer of a tpm2_
On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote:
> On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote:
> To move this forward and be more constructive here's how I see it
> should be done (along the lines, draft):
>
> int tpm_pcr_extend(u32 chip_num, int pcr_idx, unsigned int
On Mon, 2017-06-26 at 16:56 +0200, Roberto Sassu wrote:
> On 6/26/2017 2:33 PM, Mimi Zohar wrote:
> > On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote:
> >> On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote:
> >
> >
> >> To move this forw
On Wed, 2017-06-21 at 16:29 +0200, Roberto Sassu wrote:
> This patch introduces the new structure tpm_pcr_bank_info to store
> information regarding PCR banks. The next patch will replace the array of
> TPM algorithms IDs with an array of the new structure.
>
> tpm_pcr_bank_info contains the TPM a
On Wed, 2017-06-28 at 20:28 +0300, Jarkko Sakkinen wrote:
> On Mon, Jun 26, 2017 at 08:33:59AM -0400, Mimi Zohar wrote:
> > On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote:
> > > On Wed, Jun 21, 2017 at 04:29:35PM +0200, Roberto Sassu wrote:
> >
> >
>
On Wed, 2017-07-05 at 11:18 -0400, Ken Goldman wrote:
> On 6/28/2017 1:28 PM, Jarkko Sakkinen wrote:
> > On Mon, Jun 26, 2017 at 08:33:59AM -0400, Mimi Zohar wrote:
> >> On Sat, 2017-06-24 at 11:03 +0200, Jarkko Sakkinen wrote:
> >>> On Wed, Jun 21, 2017 at 04:29:3
Hi Roberto,
[cc'ing tpmdd-devel]
On Tue, 2017-07-25 at 17:44 +0200, Roberto Sassu wrote:
> This patch set applies on top of kernel v4.13-rc2.
>
> IMA, for each file matching policy rules, calculates a digest, creates
> a new entry in the measurement list and extends a TPM PCR with the digest
> o
On Fri, 2017-08-11 at 14:14 +0300, Jarkko Sakkinen wrote:
> On Wed, Aug 09, 2017 at 11:00:36PM +0200, Peter Huewe wrote:
> > Hi Ken,
> > (again speaking only on my behalf, not my employer)
> >
> > > Does anyone know of platforms where this occurs?
> > > I suspect (but not sure) that the days of Su
On Mon, 2017-08-14 at 13:56 +0300, Jarkko Sakkinen wrote:
> > > > I would like to see tpm_msleep() wrapper to replace current msleep()
> > > > usage across the subsystem before considering this. I.e. wrapper that
> > > > internally uses usleep_range(). This way we can mechanically convert
> > > >
On Mon, 2017-08-14 at 13:56 +0300, Jarkko Sakkinen wrote:
> > > Since the main concern about this change is breaking old systems that
> > > might potentially have other peripherals hanging off the LPC bus, can
> > > we define a new Kconfig option, with the default as 'N'?
> > >
> > > Mimi
> >
>
On Fri, 2018-08-24 at 09:25 +0300, Jarkko Sakkinen wrote:
> On Fri, Aug 24, 2018 at 09:24:34AM +0300, Jarkko Sakkinen wrote:
> > On Tue, Aug 21, 2018 at 12:30:04PM -0600, Jason Gunthorpe wrote:
> > > On Tue, Aug 21, 2018 at 04:56:56PM +0100, David Howells wrote:
> > > > Add newly registered TPMs to
36 matches
Mail list logo