diff mbox series

tpm: remove file header documentation from tpm2-sessions.c

Message ID 20240915123315.10999-1-jarkko@kernel.org (mailing list archive)
State New
Headers show
Series tpm: remove file header documentation from tpm2-sessions.c | expand

Commit Message

Jarkko Sakkinen Sept. 15, 2024, 12:33 p.m. UTC
The documentation in the file header is duplicate documentation, which
is already addressed elsewhere (tpm-security.rs and function associated
documentations). In addition remove the invalid newline character after
the SPDX tag.

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
It is good time to remove this finally before doing anything else.
Unless someone commits to maintain this part of the file, I will just
take it away because I have neither intention nor motivation to maintain
it. Came right on front when I started to look into kernel command-line
and optimizations for session life-time so thus the patch. I'll include
this later on to a larger patch set.
 drivers/char/tpm/tpm2-sessions.c | 65 --------------------------------
 1 file changed, 65 deletions(-)

Comments

Jarkko Sakkinen Sept. 15, 2024, 12:47 p.m. UTC | #1
On Sun Sep 15, 2024 at 3:33 PM EEST, Jarkko Sakkinen wrote:
> The documentation in the file header is duplicate documentation, which
> is already addressed elsewhere (tpm-security.rs and function associated
> documentations). In addition remove the invalid newline character after
> the SPDX tag.
>
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> ---
> It is good time to remove this finally before doing anything else.
> Unless someone commits to maintain this part of the file, I will just
> take it away because I have neither intention nor motivation to maintain
> it. Came right on front when I started to look into kernel command-line
> and optimizations for session life-time so thus the patch. I'll include
> this later on to a larger patch set.

Moving forward to actual fixes is to fixup tpm_chip_boostrap() as
follows:

1. Saving the handle and not saving the context in the null key
   creation. I.e. rip of create_primary_null() or whatever the
   function was called.
2. Use that handle to go through selftest.
3. Save the context in the end of the bootstrap.

That cuts out unnecessary overhead of saving and loading context
between null key creation and selftest. I'll do this fix and see
how much it affects the boot time.

BR, Jarkko
diff mbox series

Patch

diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
index 44f60730cff4..6cc1ea81c57c 100644
--- a/drivers/char/tpm/tpm2-sessions.c
+++ b/drivers/char/tpm/tpm2-sessions.c
@@ -1,71 +1,6 @@ 
 // SPDX-License-Identifier: GPL-2.0
-
 /*
  * Copyright (C) 2018 James.Bottomley@HansenPartnership.com
- *
- * Cryptographic helper routines for handling TPM2 sessions for
- * authorization HMAC and request response encryption.
- *
- * The idea is to ensure that every TPM command is HMAC protected by a
- * session, meaning in-flight tampering would be detected and in
- * addition all sensitive inputs and responses should be encrypted.
- *
- * The basic way this works is to use a TPM feature called salted
- * sessions where a random secret used in session construction is
- * encrypted to the public part of a known TPM key.  The problem is we
- * have no known keys, so initially a primary Elliptic Curve key is
- * derived from the NULL seed (we use EC because most TPMs generate
- * these keys much faster than RSA ones).  The curve used is NIST_P256
- * because that's now mandated to be present in 'TCG TPM v2.0
- * Provisioning Guidance'
- *
- * Threat problems: the initial TPM2_CreatePrimary is not (and cannot
- * be) session protected, so a clever Man in the Middle could return a
- * public key they control to this command and from there intercept
- * and decode all subsequent session based transactions.  The kernel
- * cannot mitigate this threat but, after boot, userspace can get
- * proof this has not happened by asking the TPM to certify the NULL
- * key.  This certification would chain back to the TPM Endorsement
- * Certificate and prove the NULL seed primary had not been tampered
- * with and thus all sessions must have been cryptographically secure.
- * To assist with this, the initial NULL seed public key name is made
- * available in a sysfs file.
- *
- * Use of these functions:
- *
- * The design is all the crypto, hash and hmac gunk is confined in this
- * file and never needs to be seen even by the kernel internal user.  To
- * the user there's an init function tpm2_sessions_init() that needs to
- * be called once per TPM which generates the NULL seed primary key.
- *
- * These are the usage functions:
- *
- * tpm2_start_auth_session() which allocates the opaque auth structure
- *	and gets a session from the TPM.  This must be called before
- *	any of the following functions.  The session is protected by a
- *	session_key which is derived from a random salt value
- *	encrypted to the NULL seed.
- * tpm2_end_auth_session() kills the session and frees the resources.
- *	Under normal operation this function is done by
- *	tpm_buf_check_hmac_response(), so this is only to be used on
- *	error legs where the latter is not executed.
- * tpm_buf_append_name() to add a handle to the buffer.  This must be
- *	used in place of the usual tpm_buf_append_u32() for adding
- *	handles because handles have to be processed specially when
- *	calculating the HMAC.  In particular, for NV, volatile and
- *	permanent objects you now need to provide the name.
- * tpm_buf_append_hmac_session() which appends the hmac session to the
- *	buf in the same way tpm_buf_append_auth does().
- * tpm_buf_fill_hmac_session() This calculates the correct hash and
- *	places it in the buffer.  It must be called after the complete
- *	command buffer is finalized so it can fill in the correct HMAC
- *	based on the parameters.
- * tpm_buf_check_hmac_response() which checks the session response in
- *	the buffer and calculates what it should be.  If there's a
- *	mismatch it will log a warning and return an error.  If
- *	tpm_buf_append_hmac_session() did not specify
- *	TPM_SA_CONTINUE_SESSION then the session will be closed (if it
- *	hasn't been consumed) and the auth structure freed.
  */
 
 #include "tpm.h"