@@ -680,6 +680,7 @@ void tpm_chip_unregister(struct tpm_chip *chip)
rc = tpm_try_get_ops(chip);
if (!rc) {
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
+ tpm2_end_auth_session(chip);
tpm2_flush_context(chip, chip->null_key);
chip->null_key = 0;
}
@@ -29,6 +29,7 @@ static ssize_t tpm_dev_transmit(struct tpm_chip *chip, struct tpm_space *space,
#ifdef CONFIG_TCG_TPM2_HMAC
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
+ tpm2_end_auth_session(chip);
tpm2_flush_context(chip, chip->null_key);
chip->null_key = 0;
}
@@ -381,6 +381,7 @@ int tpm_pm_suspend(struct device *dev)
if (!rc) {
if (chip->flags & TPM_CHIP_FLAG_TPM2) {
#ifdef CONFIG_TCG_TPM2_HMAC
+ tpm2_end_auth_session(chip);
tpm2_flush_context(chip, chip->null_key);
chip->null_key = 0;
#endif
@@ -268,6 +268,10 @@ void tpm_buf_append_hmac_session(struct tpm_chip *chip, struct tpm_buf *buf,
}
#ifdef CONFIG_TCG_TPM2_HMAC
+ /* The first write to /dev/tpm{rm0} will flush the session. */
+ if (!chip->is_open)
+ attributes |= TPM2_SA_CONTINUE_SESSION;
+
/*
* The Architecture Guide requires us to strip trailing zeros
* before computing the HMAC
Instead of flushing and reloading the auth session for every single transaction, keep the session open unless /dev/tpm0 is open. In practice this means applying TPM2_SA_CONTINUE_SESSION to the session attributes. Flush the session always when /dev/tpm0 is written. Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org> --- drivers/char/tpm/tpm-chip.c | 1 + drivers/char/tpm/tpm-dev-common.c | 1 + drivers/char/tpm/tpm-interface.c | 1 + drivers/char/tpm/tpm2-sessions.c | 4 ++++ 4 files changed, 7 insertions(+)