| Message ID | 20231121223130.30824-1-jarkko@kernel.org (mailing list archive) |
|---|---|
| Headers | show |
| Series | Extend struct tpm_buf to support sized buffers (TPM2B) | expand |
On Wed, Nov 22, 2023 at 12:31:12AM +0200, Jarkko Sakkinen wrote: > This patch set extends struct tpm_buf to support TPM2 sized buffers, and > adds reader functions for parsing more complex response data. It is > implemented to support smooth landing of [2]. Sealing of the TPM2 trusted > keys is updated to utilize the new functionality, and thus provides a > legit test case for it. > > TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the > section 10.4 of the TPM2 Structures [1] specification. > > Here's the smoke test that I've run for TPM2: > > /usr/lib/kselftests/run_kselftest.sh > tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt > tpm2_evictcontrol -c key.ctxt 0x81000001 > keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u > keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u > > [1] https://trustedcomputinggroup.org/resource/tpm-library-specification/ > [2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/ > > v5: > - Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4. > Was forgotten from v4. > - Remove a spurious memset() call introduced in v4. > - Allow command buffer tag to be initially set to zero (caused spurious > warnings). > v4: > - Cleaned up the bit too spread code changes based on the v3 review. > - For testing instructions see the previous cover letter, and use > linux-v6.6.y branch: > https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/ > v3: > - Resend with rebase to the latest upstream. > > Cc: James Bottomley <James.Bottomley@HansenPartnership.com> > Cc: William Roberts <bill.c.roberts@gmail.com> > Cc: Stefan Berger <stefanb@linux.ibm.com> > Cc: David Howells <dhowells@redhat.com> > Cc: Jason Gunthorpe <jgg@ziepe.ca> > Cc: Mimi Zohar <zohar@linux.ibm.com> > Cc: Mario Limonciello <mario.limonciello@amd.com> > Cc: Jerry Snitselaar <jsnitsel@redhat.com> I'm not an expert in this area, but my interest is piqued when I see tpm/tpm2, so I took a pretty close look, and all looked good to me Reviewed-by: Serge Hallyn <serge@hallyn.com>
On Tue Nov 28, 2023 at 4:42 PM EET, Serge E. Hallyn wrote: > On Wed, Nov 22, 2023 at 12:31:12AM +0200, Jarkko Sakkinen wrote: > > This patch set extends struct tpm_buf to support TPM2 sized buffers, and > > adds reader functions for parsing more complex response data. It is > > implemented to support smooth landing of [2]. Sealing of the TPM2 trusted > > keys is updated to utilize the new functionality, and thus provides a > > legit test case for it. > > > > TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the > > section 10.4 of the TPM2 Structures [1] specification. > > > > Here's the smoke test that I've run for TPM2: > > > > /usr/lib/kselftests/run_kselftest.sh > > tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt > > tpm2_evictcontrol -c key.ctxt 0x81000001 > > keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u > > keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u > > > > [1] https://trustedcomputinggroup.org/resource/tpm-library-specification/ > > [2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/ > > > > v5: > > - Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4. > > Was forgotten from v4. > > - Remove a spurious memset() call introduced in v4. > > - Allow command buffer tag to be initially set to zero (caused spurious > > warnings). > > v4: > > - Cleaned up the bit too spread code changes based on the v3 review. > > - For testing instructions see the previous cover letter, and use > > linux-v6.6.y branch: > > https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/ > > v3: > > - Resend with rebase to the latest upstream. > > > > Cc: James Bottomley <James.Bottomley@HansenPartnership.com> > > Cc: William Roberts <bill.c.roberts@gmail.com> > > Cc: Stefan Berger <stefanb@linux.ibm.com> > > Cc: David Howells <dhowells@redhat.com> > > Cc: Jason Gunthorpe <jgg@ziepe.ca> > > Cc: Mimi Zohar <zohar@linux.ibm.com> > > Cc: Mario Limonciello <mario.limonciello@amd.com> > > Cc: Jerry Snitselaar <jsnitsel@redhat.com> > > I'm not an expert in this area, but my interest is piqued when I see > tpm/tpm2, so I took a pretty close look, and all looked good to me > > Reviewed-by: Serge Hallyn <serge@hallyn.com> Thanks for the review and comments! BR, Jarkko
This patch set extends struct tpm_buf to support TPM2 sized buffers, and adds reader functions for parsing more complex response data. It is implemented to support smooth landing of [2]. Sealing of the TPM2 trusted keys is updated to utilize the new functionality, and thus provides a legit test case for it. TPM2 sized buffer, i.e. the buffers in TPM2 format, are defined in the section 10.4 of the TPM2 Structures [1] specification. Here's the smoke test that I've run for TPM2: /usr/lib/kselftests/run_kselftest.sh tpm2_createprimary --hierarchy o -G rsa2048 -c key.ctxt tpm2_evictcontrol -c key.ctxt 0x81000001 keyctl add trusted kmk "new 32 keyhandle=0x81000001" @u keyctl add encrypted 1000100010001000 "new ecryptfs trusted:kmk 64" @u [1] https://trustedcomputinggroup.org/resource/tpm-library-specification/ [2] https://lore.kernel.org/linux-integrity/20230403214003.32093-1-James.Bottomley@HansenPartnership.com/ v5: - Fixed glitch in tpm_buf_read() reported by James Bottomley to the v4. Was forgotten from v4. - Remove a spurious memset() call introduced in v4. - Allow command buffer tag to be initially set to zero (caused spurious warnings). v4: - Cleaned up the bit too spread code changes based on the v3 review. - For testing instructions see the previous cover letter, and use linux-v6.6.y branch: https://lore.kernel.org/linux-integrity/20231024011531.442587-1-jarkko@kernel.org/ v3: - Resend with rebase to the latest upstream. Cc: James Bottomley <James.Bottomley@HansenPartnership.com> Cc: William Roberts <bill.c.roberts@gmail.com> Cc: Stefan Berger <stefanb@linux.ibm.com> Cc: David Howells <dhowells@redhat.com> Cc: Jason Gunthorpe <jgg@ziepe.ca> Cc: Mimi Zohar <zohar@linux.ibm.com> Cc: Mario Limonciello <mario.limonciello@amd.com> Cc: Jerry Snitselaar <jsnitsel@redhat.com> James Bottomley (1): tpm: Move buffer handling from static inlines to real functions Jarkko Sakkinen (7): tpm: Remove unused tpm_buf_tag() tpm: Remove tpm_send() tpm: Update &tpm_buf documentation tpm: Store the length of the tpm_buf data separately. tpm: TPM2B formatted buffers tpm: Add tpm_buf_read_{u8,u16,u32} KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers drivers/char/tpm/Makefile | 1 + drivers/char/tpm/tpm-buf.c | 222 ++++++++++++++++++++++ drivers/char/tpm/tpm-interface.c | 26 +-- include/keys/trusted_tpm.h | 2 - include/linux/tpm.h | 112 +++-------- security/keys/trusted-keys/trusted_tpm1.c | 23 ++- security/keys/trusted-keys/trusted_tpm2.c | 54 +++--- 7 files changed, 295 insertions(+), 145 deletions(-) create mode 100644 drivers/char/tpm/tpm-buf.c