From patchwork Fri May 31 01:03:26 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Philipson X-Patchwork-Id: 13681063 Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A732474E3D; Fri, 31 May 2024 01:33:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119187; cv=none; b=f1Xm3iuUUzrKlWUNPCPsl3OpyYSqz0/oe1xFtFaiSzsROJYt34RPX2SHWDt5kjKjtmtaz/6b1V1SXJeScVsHBXf3WehoH1QgNvm6wmjpMp+Mg+Kkq7Nv1zmkQOBuD4gk1kvfzB0V2pWxWbBIamcuZnA1CUEo7BjSElYmYsWePcY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119187; c=relaxed/simple; bh=3L96u0YINL/lZYh+ApfhJWt20fUZmuR5yChPKmCF2Gk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fNCCGMpssiNE99/7IaFiJcEImdqxydFQDjNdpBxUQUWuO0mQMlKIkdU+ajGcx3+49idILaPXxiRbbfkI72Ook437qe7Krdd8E2SQG33DOQuK3G2v0bkez72DEofP1SapOgF7DfL0phdWNo3zXQpRQzzELmwKCgCE2hhV6EPNsr4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44UFYmrl018596; Fri, 31 May 2024 01:31:23 GMT DKIM-Signature: =?utf-8?q?v=3D1=3B_a=3Drsa-sha256=3B_c=3Drelaxed/relaxed=3B_?= =?utf-8?q?d=3Doracle=2Ecom=3B_h=3Dcc=3Acontent-transfer-encoding=3Adate=3Af?= =?utf-8?q?rom=3Ain-reply-to=3Amessage-id=3Amime-version=3Areferences=3Asubj?= =?utf-8?q?ect=3Ato=3B_s=3Dcorp-2023-11-20=3B_bh=3D6N4qQQrM8z8SHauW+PZ5K3kuB?= =?utf-8?q?ZffzbTKxPhp698XFwE=3D=3B_b=3DLefFjjHJq2G+9tOxIyYEIG1+Ltd4hNAjXfNo?= =?utf-8?q?CCjYijKAsy4XQsReKXzv/8p7iCHxgPGi_t+hFu+SAZd3KWRDknRvDQ3IUGEyLhOr5?= =?utf-8?q?KqoBorPhFuVPMqb4ySpOpcmnzBHtSWWzPxNo_lP1n8hj7ieOl1Eoxjcx1gHhoy+8b?= =?utf-8?q?Q9tI/lRwW469plxj6T1kyWW8looTHYfdCkS0i4eJ_sbthiT2uHyRUhpUXa5t8BqQw?= =?utf-8?q?YaUahH2sgF2xT4r8Jcwq9iBasG3YEzbh93PrLUvZE8AW_xlNRJ36icYAaS3KComEs?= =?utf-8?q?fTnp/jKN/1ElShuOIkwuGhTQJdPXErVVb2nKoGProqraK6Ot_QQ=3D=3D_?= Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3yb8j8a3eg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 31 May 2024 01:31:23 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 44UMoRAT016364; Fri, 31 May 2024 01:31:22 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t981m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:31:22 +0000 Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 44V1SKNg027418; Fri, 31 May 2024 01:31:21 GMT Received: from bur-virt-x6-2-100.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t96yw-15 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:31:21 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com Subject: [PATCH v9 14/19] tpm: Ensure tpm is in known state at startup Date: Thu, 30 May 2024 18:03:26 -0700 Message-Id: <20240531010331.134441-15-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240531010331.134441-1-ross.philipson@oracle.com> References: <20240531010331.134441-1-ross.philipson@oracle.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16 definitions=2024-05-30_21,2024-05-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000 definitions=main-2405310010 X-Proofpoint-ORIG-GUID: yneutNHgvFRMYyzThQzJpk-4OSnQW4h3 X-Proofpoint-GUID: yneutNHgvFRMYyzThQzJpk-4OSnQW4h3 From: "Daniel P. Smith" When tis core initializes, it assumes all localities are closed. There are cases when this may not be the case. This commit addresses this by ensuring all localities are closed before initializing begins. Signed-off-by: Daniel P. Smith Signed-off-by: Ross Philipson --- drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- include/linux/tpm.h | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 7c1761bd6000..9fb53bb3e73f 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -1104,7 +1104,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, u32 intmask; u32 clkrun_val; u8 rid; - int rc, probe; + int rc, probe, i; struct tpm_chip *chip; chip = tpmm_chip_alloc(dev, &tpm_tis); @@ -1166,6 +1166,15 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, goto out_err; } + /* + * There are environments, like Intel TXT, that may leave a TPM + * locality open. Close all localities to start from a known state. + */ + for (i = 0; i <= TPM_MAX_LOCALITY; i++) { + if (check_locality(chip, i)) + tpm_tis_relinquish_locality(chip, i); + } + /* Take control of the TPM's interrupt hardware and shut it off */ rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); if (rc < 0) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index c17e4efbb2e5..363f7078c3a9 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -147,6 +147,12 @@ struct tpm_chip_seqops { */ #define TPM2_MAX_CONTEXT_SIZE 4096 +/* + * The maximum locality (0 - 4) for a TPM, as defined in section 3.2 of the + * Client Platform Profile Specification. + */ +#define TPM_MAX_LOCALITY 4 + struct tpm_chip { struct device dev; struct device devs;