Problem with the kernels trusted module on "inactive" TPM

Problem with the kernels trusted module on "inactive" TPM

[CrazyT]

Hi,


some people (including me) have problems with the "trusted" kernel module.
As a result to this also the ecryptfs-module won't load.
(https://bugs.archlinux.org/task/62678)
If you use an "inactive" TPM module, the "trusted" module won't load anymore.
The command modprobe just responds with "Bad address".
The strace-command shows that init_module fails with EFAULT.
I believe the reason for this is that the trusted-module handles
inactive modules the same as active modules.
This results in an error.

For example:
https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251

My guess is that init_digests(); returns EFAULT in that case.
The " if (!chip)" check above probably needs to check if the chip is "inactive".

"inactive" = still visible to the system, but not functional.
It seems to be the default bios-setting for TPM on thinkpad.
(btw.: i have no clue why anybody would need something like that)

Sadly i have no idea how you would check for an inactive chip,else i
would have send a patch instead.
But I hope the info i wrote is enough to get it fixed by somebody.


Greetings,

CrazyT

Re: Problem with the kernels trusted module on "inactive" TPM

[Roberto Sassu]

Adding to the discussion Jarkko (the maintainer of the trusted key) and
the linux-integrity mailing list.


On 6/27/2019 7:59 PM, CrazyT wrote:
> Hi,
> 
> 
> some people (including me) have problems with the "trusted" kernel module.
> As a result to this also the ecryptfs-module won't load.
> (https://bugs.archlinux.org/task/62678)
> If you use an "inactive" TPM module, the "trusted" module won't load anymore.
> The command modprobe just responds with "Bad address".
> The strace-command shows that init_module fails with EFAULT.
> I believe the reason for this is that the trusted-module handles
> inactive modules the same as active modules.
> This results in an error.
> 
> For example:
> https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
> 
> My guess is that init_digests(); returns EFAULT in that case.
> The " if (!chip)" check above probably needs to check if the chip is "inactive".
> 
> "inactive" = still visible to the system, but not functional.
> It seems to be the default bios-setting for TPM on thinkpad.
> (btw.: i have no clue why anybody would need something like that)
> 
> Sadly i have no idea how you would check for an inactive chip,else i
> would have send a patch instead.
> But I hope the info i wrote is enough to get it fixed by somebody.

Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
returning 0.

Jarkko, we could consider it as non-critical error, and handle it as if
the TPM is not found. What do you think?

Roberto

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI

Re: Problem with the kernels trusted module on "inactive" TPM

[Roberto Sassu]

Adding to the discussion Jarkko (the maintainer of the trusted key) and
the linux-integrity mailing list.


On 6/27/2019 7:59 PM, CrazyT wrote:
> Hi,
> 
> 
> some people (including me) have problems with the "trusted" kernel module.
> As a result to this also the ecryptfs-module won't load.
> (https://bugs.archlinux.org/task/62678)
> If you use an "inactive" TPM module, the "trusted" module won't load anymore.
> The command modprobe just responds with "Bad address".
> The strace-command shows that init_module fails with EFAULT.
> I believe the reason for this is that the trusted-module handles
> inactive modules the same as active modules.
> This results in an error.
> 
> For example:
> https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
> 
> My guess is that init_digests(); returns EFAULT in that case.
> The " if (!chip)" check above probably needs to check if the chip is "inactive".
> 
> "inactive" = still visible to the system, but not functional.
> It seems to be the default bios-setting for TPM on thinkpad.
> (btw.: i have no clue why anybody would need something like that)
> 
> Sadly i have no idea how you would check for an inactive chip,else i
> would have send a patch instead.
> But I hope the info i wrote is enough to get it fixed by somebody.

Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
returning 0.

Jarkko, we could consider it as non-critical error, and handle it as if
the TPM is not found. What do you think?

Roberto

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI

Re: Problem with the kernels trusted module on "inactive" TPM

[Jarkko Sakkinen]

On Mon, 2019-07-01 at 17:22 +0300, Roberto Sassu wrote:
> Adding to the discussion Jarkko (the maintainer of the trusted key) and
> the linux-integrity mailing list.

I'm a co-maintainer (added James and Mimi).

> > some people (including me) have problems with the "trusted" kernel module.
> > As a result to this also the ecryptfs-module won't load.
> > (https://bugs.archlinux.org/task/62678)
> > If you use an "inactive" TPM module, the "trusted" module won't load
> > anymore.
> > The command modprobe just responds with "Bad address".
> > The strace-command shows that init_module fails with EFAULT.
> > I believe the reason for this is that the trusted-module handles
> > inactive modules the same as active modules.
> > This results in an error.
> > 
> > For example:
> > 
https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
> > 
> > My guess is that init_digests(); returns EFAULT in that case.
> > The " if (!chip)" check above probably needs to check if the chip is
> > "inactive".
> > 
> > "inactive" = still visible to the system, but not functional.
> > It seems to be the default bios-setting for TPM on thinkpad.
> > (btw.: i have no clue why anybody would need something like that)
> > 
> > Sadly i have no idea how you would check for an inactive chip,else i
> > would have send a patch instead.
> > But I hope the info i wrote is enough to get it fixed by somebody.
> 
> Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
> returning 0.
> 
> Jarkko, we could consider it as non-critical error, and handle it as if
> the TPM is not found. What do you think?

Not sure I get this. Wasn't the issue fixed in c78719203fc6 or is there
something missing?

/Jarkko

Re: Problem with the kernels trusted module on "inactive" TPM

[Jarkko Sakkinen]

On Mon, 2019-07-01 at 17:22 +0300, Roberto Sassu wrote:
> Adding to the discussion Jarkko (the maintainer of the trusted key) and
> the linux-integrity mailing list.

I'm a co-maintainer (added James and Mimi).

> > some people (including me) have problems with the "trusted" kernel module.
> > As a result to this also the ecryptfs-module won't load.
> > (https://bugs.archlinux.org/task/62678)
> > If you use an "inactive" TPM module, the "trusted" module won't load
> > anymore.
> > The command modprobe just responds with "Bad address".
> > The strace-command shows that init_module fails with EFAULT.
> > I believe the reason for this is that the trusted-module handles
> > inactive modules the same as active modules.
> > This results in an error.
> > 
> > For example:
> > 
https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
> > 
> > My guess is that init_digests(); returns EFAULT in that case.
> > The " if (!chip)" check above probably needs to check if the chip is
> > "inactive".
> > 
> > "inactive" = still visible to the system, but not functional.
> > It seems to be the default bios-setting for TPM on thinkpad.
> > (btw.: i have no clue why anybody would need something like that)
> > 
> > Sadly i have no idea how you would check for an inactive chip,else i
> > would have send a patch instead.
> > But I hope the info i wrote is enough to get it fixed by somebody.
> 
> Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
> returning 0.
> 
> Jarkko, we could consider it as non-critical error, and handle it as if
> the TPM is not found. What do you think?

Not sure I get this. Wasn't the issue fixed in c78719203fc6 or is there
something missing?

/Jarkko

Re: Problem with the kernels trusted module on "inactive" TPM

[Roberto Sassu]

On 7/4/2019 12:42 PM, Jarkko Sakkinen wrote:
> On Mon, 2019-07-01 at 17:22 +0300, Roberto Sassu wrote:
>> Adding to the discussion Jarkko (the maintainer of the trusted key) and
>> the linux-integrity mailing list.
> 
> I'm a co-maintainer (added James and Mimi).
> 
>>> some people (including me) have problems with the "trusted" kernel module.
>>> As a result to this also the ecryptfs-module won't load.
>>> (https://bugs.archlinux.org/task/62678)
>>> If you use an "inactive" TPM module, the "trusted" module won't load
>>> anymore.
>>> The command modprobe just responds with "Bad address".
>>> The strace-command shows that init_module fails with EFAULT.
>>> I believe the reason for this is that the trusted-module handles
>>> inactive modules the same as active modules.
>>> This results in an error.
>>>
>>> For example:
>>>
> https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
>>>
>>> My guess is that init_digests(); returns EFAULT in that case.
>>> The " if (!chip)" check above probably needs to check if the chip is
>>> "inactive".
>>>
>>> "inactive" = still visible to the system, but not functional.
>>> It seems to be the default bios-setting for TPM on thinkpad.
>>> (btw.: i have no clue why anybody would need something like that)
>>>
>>> Sadly i have no idea how you would check for an inactive chip,else i
>>> would have send a patch instead.
>>> But I hope the info i wrote is enough to get it fixed by somebody.
>>
>> Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
>> returning 0.
>>
>> Jarkko, we could consider it as non-critical error, and handle it as if
>> the TPM is not found. What do you think?
> 
> Not sure I get this. Wasn't the issue fixed in c78719203fc6 or is there
> something missing?

It seems it is not enough. A TPM is found but does not return data to
tpm_get_random(), I think.

Roberto

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI

Re: Problem with the kernels trusted module on "inactive" TPM

[Roberto Sassu]

On 7/4/2019 12:42 PM, Jarkko Sakkinen wrote:
> On Mon, 2019-07-01 at 17:22 +0300, Roberto Sassu wrote:
>> Adding to the discussion Jarkko (the maintainer of the trusted key) and
>> the linux-integrity mailing list.
> 
> I'm a co-maintainer (added James and Mimi).
> 
>>> some people (including me) have problems with the "trusted" kernel module.
>>> As a result to this also the ecryptfs-module won't load.
>>> (https://bugs.archlinux.org/task/62678)
>>> If you use an "inactive" TPM module, the "trusted" module won't load
>>> anymore.
>>> The command modprobe just responds with "Bad address".
>>> The strace-command shows that init_module fails with EFAULT.
>>> I believe the reason for this is that the trusted-module handles
>>> inactive modules the same as active modules.
>>> This results in an error.
>>>
>>> For example:
>>>
> https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
>>>
>>> My guess is that init_digests(); returns EFAULT in that case.
>>> The " if (!chip)" check above probably needs to check if the chip is
>>> "inactive".
>>>
>>> "inactive" = still visible to the system, but not functional.
>>> It seems to be the default bios-setting for TPM on thinkpad.
>>> (btw.: i have no clue why anybody would need something like that)
>>>
>>> Sadly i have no idea how you would check for an inactive chip,else i
>>> would have send a patch instead.
>>> But I hope the info i wrote is enough to get it fixed by somebody.
>>
>> Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
>> returning 0.
>>
>> Jarkko, we could consider it as non-critical error, and handle it as if
>> the TPM is not found. What do you think?
> 
> Not sure I get this. Wasn't the issue fixed in c78719203fc6 or is there
> something missing?

It seems it is not enough. A TPM is found but does not return data to
tpm_get_random(), I think.

Roberto

-- 
HUAWEI TECHNOLOGIES Duesseldorf GmbH, HRB 56063
Managing Director: Bo PENG, Jian LI, Yanli SHI

Re: Problem with the kernels trusted module on "inactive" TPM

[Mimi Zohar]

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1: Type: text/plain; charset="maccentraleurope", Size: 2328 bytes --]

[Cc'ing Nayna]

On Thu, 2019-07-04 at 14:25 +0200, Roberto Sassu wrote:
> On 7/4/2019 12:42 PM, Jarkko Sakkinen wrote:
> > On Mon, 2019-07-01 at 17:22 +0300, Roberto Sassu wrote:
> >> Adding to the discussion Jarkko (the maintainer of the trusted key) and
> >> the linux-integrity mailing list.
> > 
> > I'm a co-maintainer (added James and Mimi).
> > 
> >>> some people (including me) have problems with the "trusted" kernel module.
> >>> As a result to this also the ecryptfs-module won't load.
> >>> (https://bugs.archlinux.org/task/62678)
> >>> If you use an "inactive" TPM module, the "trusted" module won't load
> >>> anymore.
> >>> The command modprobe just responds with "Bad address".
> >>> The strace-command shows that init_module fails with EFAULT.
> >>> I believe the reason for this is that the trusted-module handles
> >>> inactive modules the same as active modules.
> >>> This results in an error.
> >>>
> >>> For example:
> >>>
> > https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
> >>>
> >>> My guess is that init_digests(); returns EFAULT in that case.
> >>> The " if (!chip)" check above probably needs to check if the chip is
> >>> "inactive".
> >>>
> >>> "inactive" = still visible to the system, but not functional.
> >>> It seems to be the default bios-setting for TPM on thinkpad.
> >>> (btw.: i have no clue why anybody would need something like that)
> >>>
> >>> Sadly i have no idea how you would check for an inactive chip,else i
> >>> would have send a patch instead.
> >>> But I hope the info i wrote is enough to get it fixed by somebody.
> >>
> >> Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
> >> returning 0.
> >>
> >> Jarkko, we could consider it as non-critical error, and handle it as if
> >> the TPM is not found. What do you think?
> > 
> > Not sure I get this. Wasn't the issue fixed in c78719203fc6 or is there
> > something missing?
> 
> It seems it is not enough. A TPM is found but does not return data to
> tpm_get_random(), I think.

While working with Nayna (and George) on the "tpm: fixes uninitialized
allocated banks for IBM vtpm driver" patch, I wondered what happens if
the chip is enabled, but none of the banks were enabled.  Could this
be the "inactive" state?

Mimi

Re: Problem with the kernels trusted module on "inactive" TPM

[Mimi Zohar]

[Cc'ing Nayna]

On Thu, 2019-07-04 at 14:25 +0200, Roberto Sassu wrote:
> On 7/4/2019 12:42 PM, Jarkko Sakkinen wrote:
> > On Mon, 2019-07-01 at 17:22 +0300, Roberto Sassu wrote:
> >> Adding to the discussion Jarkko (the maintainer of the trusted key) and
> >> the linux-integrity mailing list.
> > 
> > I'm a co-maintainer (added James and Mimi).
> > 
> >>> some people (including me) have problems with the "trusted" kernel module.
> >>> As a result to this also the ecryptfs-module won't load.
> >>> (https://bugs.archlinux.org/task/62678)
> >>> If you use an "inactive" TPM module, the "trusted" module won't load
> >>> anymore.
> >>> The command modprobe just responds with "Bad address".
> >>> The strace-command shows that init_module fails with EFAULT.
> >>> I believe the reason for this is that the trusted-module handles
> >>> inactive modules the same as active modules.
> >>> This results in an error.
> >>>
> >>> For example:
> >>>
> > https://github.com/torvalds/linux/commit/0b6cf6b97b7ef1fa3c7fefab0cac897a1c4a3400#diff-c01228e6d386afb29df6aac17d9dd7abR1251
> >>>
> >>> My guess is that init_digests(); returns EFAULT in that case.
> >>> The " if (!chip)" check above probably needs to check if the chip is
> >>> "inactive".
> >>>
> >>> "inactive" = still visible to the system, but not functional.
> >>> It seems to be the default bios-setting for TPM on thinkpad.
> >>> (btw.: i have no clue why anybody would need something like that)
> >>>
> >>> Sadly i have no idea how you would check for an inactive chip,else i
> >>> would have send a patch instead.
> >>> But I hope the info i wrote is enough to get it fixed by somebody.
> >>
> >> Thanks for the report. If you see -EFAULT, tpm_get_random() is probably
> >> returning 0.
> >>
> >> Jarkko, we could consider it as non-critical error, and handle it as if
> >> the TPM is not found. What do you think?
> > 
> > Not sure I get this. Wasn't the issue fixed in c78719203fc6 or is there
> > something missing?
> 
> It seems it is not enough. A TPM is found but does not return data to
> tpm_get_random(), I think.

While working with Nayna (and George) on the "tpm: fixes uninitialized
allocated banks for IBM vtpm driver" patch, I wondered what happens if
the chip is enabled, but none of the banks were enabled.  Could this
be the "inactive" state?

Mimi