From patchwork Mon Aug 26 22:38:30 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ross Philipson X-Patchwork-Id: 13778642 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 35DBB1A01C3; Mon, 26 Aug 2024 22:43:42 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.165.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724712223; cv=none; b=U/OKjw8fnC1Th8y8fxpmAdpswP46bXpVv4ORJxMSQnlZMV/JLhYu5+DXtMUSdNcRiqr4vYD6KvZGOc9abRDKtQ5KxU03iaZI99LSCazNpm2nJ12s7s39zLaehYl8j+wHdQ9zQlkfSfpgsVyoMpqlKG9FSbrXNWBpbxcsmdBkrjM= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1724712223; c=relaxed/simple; bh=6VklqdpAhOQif72ie2ZJ2O87HQ2EVS+Qyb9b9Oii8f4=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=bEVUH75/Z66DrOunom1LlBC+cHxH9PNghd0oUKGmbwsKAwo6JQfhVNce07LZfHkXZIXVlRytnOKYgmhFDEm4b1pieDEyjh2NcpM05owhN57Al+0dSyrIxbo8C8Wb8cSnqo87BjkVHO+WT/bUvM5Kv1RzuQJecst0zZghakugttQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=nx1JYboW; arc=none smtp.client-ip=205.220.165.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="nx1JYboW" Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 47QKtU44025555; Mon, 26 Aug 2024 22:43:17 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; s=corp-2023-11-20; bh=l 419xnxIlrdKc2MeM5kPwsD9/TP4Pu3o1MSBGPxPvRE=; b=nx1JYboW3+M2T3svU PxpQrzuuDw4SIVMeVN+GTg9407BJl2LOKE8jODPWwRK/akGDgAwI+51xz+05lXv/ lvInb6NEutpf/yAb69bSmCcB1G+a29XXjKvL1w5lvrwRO+43h181Jv3luiIs2wLR 5GzM4CAHlgO3cs2/DcDAyr/85j7xUE5V1cDT0quLG7JWtzBH3f9geoiEg74YRJPr llr/je5+g0PTPt9y9IiDB6wQ4tdR0cUulGKgoAcA8wa5/hXStjkqlnyiOtSftO7d iQn4bLd71JksKDqSevN6kc/Nq3f6CyUWgY+uP2GIgp+CSD54A+s/4F20Z1zdvMML uVclg== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 4177npc8qs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Mon, 26 Aug 2024 22:43:17 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 47QKx3xc034678; Mon, 26 Aug 2024 22:43:16 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 4189ss8ft0-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 26 Aug 2024 22:43:16 +0000 Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 47QMhF3S025028; Mon, 26 Aug 2024 22:43:15 GMT Received: from localhost.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 4189ss8fr1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 26 Aug 2024 22:43:15 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com Subject: [PATCH v10 15/20] tpm: Ensure tpm is in known state at startup Date: Mon, 26 Aug 2024 15:38:30 -0700 Message-Id: <20240826223835.3928819-16-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240826223835.3928819-1-ross.philipson@oracle.com> References: <20240826223835.3928819-1-ross.philipson@oracle.com> Precedence: bulk X-Mailing-List: linux-integrity@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-26_16,2024-08-26_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 spamscore=0 suspectscore=0 mlxlogscore=999 malwarescore=0 bulkscore=0 phishscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2407110000 definitions=main-2408260174 X-Proofpoint-GUID: Ul4w-SF58LxeeZq1XSHJBdCgLaU0JYzq X-Proofpoint-ORIG-GUID: Ul4w-SF58LxeeZq1XSHJBdCgLaU0JYzq From: "Daniel P. Smith" When tis_tis_core initializes, it assumes all localities are closed. There are cases when this may not be the case. This commit addresses this by ensuring all localities are closed before initializing begins. Signed-off-by: Daniel P. Smith Signed-off-by: Ross Philipson --- drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- include/linux/tpm.h | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index a6967f312837..22ebf679ea69 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -1107,7 +1107,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, u32 intmask; u32 clkrun_val; u8 rid; - int rc, probe; + int rc, probe, i; struct tpm_chip *chip; chip = tpmm_chip_alloc(dev, &tpm_tis); @@ -1169,6 +1169,15 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, goto out_err; } + /* + * There are environments, for example, those that comply with the TCG D-RTM + * specification that requires the TPM to be left in Locality 2. + */ + for (i = 0; i <= TPM_MAX_LOCALITY; i++) { + if (check_locality(chip, i)) + tpm_tis_relinquish_locality(chip, i); + } + /* Take control of the TPM's interrupt hardware and shut it off */ rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); if (rc < 0) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e93ee8d936a9..98f2c7c1c52e 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -147,6 +147,12 @@ struct tpm_chip_seqops { */ #define TPM2_MAX_CONTEXT_SIZE 4096 +/* + * The maximum locality (0 - 4) for a TPM, as defined in section 3.2 of the + * Client Platform Profile Specification. + */ +#define TPM_MAX_LOCALITY 4 + struct tpm_chip { struct device dev; struct device devs;