From: jgunthorpe@obsidianresearch.com (Jason Gunthorpe)
To: linux-security-module@vger.kernel.org
Subject: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
Date: Mon, 20 Mar 2017 11:23:05 -0600 [thread overview]
Message-ID: <20170320172305.GA4990@obsidianresearch.com> (raw)
In-Reply-To: <12e63cdba1e34cac9b82e4bff9621ae6@MUCSE603.infineon.com>
On Mon, Mar 20, 2017 at 09:54:41AM +0000, Alexander.Steffen at infineon.com wrote:
> >>> 2. When upgrading the firmware on my TPM, it switches to a
> >>> non-standard communication mode for the upgrade process and does not
> >>> communicate using TPM2.0 commands during this time. Rejecting
> >>> non-TPM2.0 commands means upgrading won't be possible anymore.
> >>
> >> How non standard? Is the basic header even there? Are the lengths and
> >> status code right?
> >>
> >> This might be an argument to add a 'raw' ioctl or something specifically
> >> for this special case.
> >
> > It follows the regular TPM command syntax and looks something like 1.2
> > commands.
>
> Yep, so most of it already works with the current implementation.
>
> There are a few special cases that need some thought though. For
> example, it is possible to use an upgrade to switch the TPM family
> from 1.2 to 2.0 (or vice versa). In this case it seems useful to let
> the kernel reinitialize the TPM driver, so it uses the correct
> timeouts for communication, activates the correct features (resource
> manager or not?), etc., without needing to reboot the system.
It would be nice to do this via plug/unplug with existing sysfs
machinery.
> Another problem arises when the upgrade process is interrupted,
> e.g. because power is lost. Then the TPM is stuck in its
> non-standard upgrade mode, so the kernel does not recognize it as a
> valid TPM device and does not export /dev/tpm<n>. But without the
> device node the upgrader is unable to restart the upgrade process,
> leaving the TPM forever inaccessible.
I guess you'd have to teach the TPM core about a new chip mode besides
1.2, 2.0 - some kind of 'upgrade' mode.
So the flow would be to send the upgrade command, unplug/replug the
driver to switch to 'upgrade' mode (which could happen if there was a
reboot?) do the upgrade, then unplug/replug to rediscover the 'new'
TPM.
Jason
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w@public.gmane.org
Cc: dhowells-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
James.Bottomley-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org,
linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: [PATCH v3 2/7] tpm: validate TPM 2.0 commands
Date: Mon, 20 Mar 2017 11:23:05 -0600 [thread overview]
Message-ID: <20170320172305.GA4990@obsidianresearch.com> (raw)
In-Reply-To: <12e63cdba1e34cac9b82e4bff9621ae6-nFblLGNE8XKJSz+rYg/bSJowlv4uC7bZ@public.gmane.org>
On Mon, Mar 20, 2017 at 09:54:41AM +0000, Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w@public.gmane.org wrote:
> >>> 2. When upgrading the firmware on my TPM, it switches to a
> >>> non-standard communication mode for the upgrade process and does not
> >>> communicate using TPM2.0 commands during this time. Rejecting
> >>> non-TPM2.0 commands means upgrading won't be possible anymore.
> >>
> >> How non standard? Is the basic header even there? Are the lengths and
> >> status code right?
> >>
> >> This might be an argument to add a 'raw' ioctl or something specifically
> >> for this special case.
> >
> > It follows the regular TPM command syntax and looks something like 1.2
> > commands.
>
> Yep, so most of it already works with the current implementation.
>
> There are a few special cases that need some thought though. For
> example, it is possible to use an upgrade to switch the TPM family
> from 1.2 to 2.0 (or vice versa). In this case it seems useful to let
> the kernel reinitialize the TPM driver, so it uses the correct
> timeouts for communication, activates the correct features (resource
> manager or not?), etc., without needing to reboot the system.
It would be nice to do this via plug/unplug with existing sysfs
machinery.
> Another problem arises when the upgrade process is interrupted,
> e.g. because power is lost. Then the TPM is stuck in its
> non-standard upgrade mode, so the kernel does not recognize it as a
> valid TPM device and does not export /dev/tpm<n>. But without the
> device node the upgrader is unable to restart the upgrade process,
> leaving the TPM forever inaccessible.
I guess you'd have to teach the TPM core about a new chip mode besides
1.2, 2.0 - some kind of 'upgrade' mode.
So the flow would be to send the upgrade command, unplug/replug the
driver to switch to 'upgrade' mode (which could happen if there was a
reboot?) do the upgrade, then unplug/replug to rediscover the 'new'
TPM.
Jason
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
WARNING: multiple messages have this Message-ID (diff)
From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Alexander.Steffen@infineon.com
Cc: Peter.Huewe@infineon.com, James.Bottomley@HansenPartnership.com,
linux-kernel@vger.kernel.org, dhowells@redhat.com,
linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net
Subject: Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
Date: Mon, 20 Mar 2017 11:23:05 -0600 [thread overview]
Message-ID: <20170320172305.GA4990@obsidianresearch.com> (raw)
In-Reply-To: <12e63cdba1e34cac9b82e4bff9621ae6@MUCSE603.infineon.com>
On Mon, Mar 20, 2017 at 09:54:41AM +0000, Alexander.Steffen@infineon.com wrote:
> >>> 2. When upgrading the firmware on my TPM, it switches to a
> >>> non-standard communication mode for the upgrade process and does not
> >>> communicate using TPM2.0 commands during this time. Rejecting
> >>> non-TPM2.0 commands means upgrading won't be possible anymore.
> >>
> >> How non standard? Is the basic header even there? Are the lengths and
> >> status code right?
> >>
> >> This might be an argument to add a 'raw' ioctl or something specifically
> >> for this special case.
> >
> > It follows the regular TPM command syntax and looks something like 1.2
> > commands.
>
> Yep, so most of it already works with the current implementation.
>
> There are a few special cases that need some thought though. For
> example, it is possible to use an upgrade to switch the TPM family
> from 1.2 to 2.0 (or vice versa). In this case it seems useful to let
> the kernel reinitialize the TPM driver, so it uses the correct
> timeouts for communication, activates the correct features (resource
> manager or not?), etc., without needing to reboot the system.
It would be nice to do this via plug/unplug with existing sysfs
machinery.
> Another problem arises when the upgrade process is interrupted,
> e.g. because power is lost. Then the TPM is stuck in its
> non-standard upgrade mode, so the kernel does not recognize it as a
> valid TPM device and does not export /dev/tpm<n>. But without the
> device node the upgrader is unable to restart the upgrade process,
> leaving the TPM forever inaccessible.
I guess you'd have to teach the TPM core about a new chip mode besides
1.2, 2.0 - some kind of 'upgrade' mode.
So the flow would be to send the upgrade command, unplug/replug the
driver to switch to 'upgrade' mode (which could happen if there was a
reboot?) do the upgrade, then unplug/replug to rediscover the 'new'
TPM.
Jason
next prev parent reply other threads:[~2017-03-20 17:23 UTC|newest]
Thread overview: 55+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-03 15:19 [PATCH v3 0/7] in-kernel resource manager Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
[not found] ` <20170303151912.14752-1-jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-03-03 15:19 ` [PATCH v3 1/7] tpm: move length validation to tpm_transmit() Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-03 15:19 ` [PATCH v3 2/7] tpm: validate TPM 2.0 commands Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-17 15:40 ` [tpmdd-devel] " Alexander.Steffen at infineon.com
2017-03-17 15:40 ` Alexander.Steffen
2017-03-17 15:40 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-03-17 16:16 ` [tpmdd-devel] " Jason Gunthorpe
2017-03-17 16:16 ` Jason Gunthorpe
2017-03-17 16:35 ` Peter.Huewe at infineon.com
2017-03-17 16:35 ` Peter.Huewe
2017-03-17 16:35 ` Peter.Huewe-d0qZbvYSIPpWk0Htik3J/w
2017-03-20 9:54 ` [tpmdd-devel] " Alexander.Steffen at infineon.com
2017-03-20 9:54 ` Alexander.Steffen
2017-03-20 9:54 ` Alexander.Steffen
2017-03-20 17:23 ` Jason Gunthorpe [this message]
2017-03-20 17:23 ` Jason Gunthorpe
2017-03-20 17:23 ` Jason Gunthorpe
2017-03-20 19:42 ` [tpmdd-devel] " Ken Goldman
2017-03-20 19:42 ` Ken Goldman
2017-03-20 19:42 ` Ken Goldman
2017-03-21 15:44 ` [tpmdd-devel] " Alexander.Steffen at infineon.com
2017-03-21 15:44 ` Alexander.Steffen
2017-03-21 15:44 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-03-17 20:42 ` [tpmdd-devel] " Jarkko Sakkinen
2017-03-17 20:42 ` Jarkko Sakkinen
2017-03-17 20:42 ` Jarkko Sakkinen
2017-03-20 9:56 ` [tpmdd-devel] " Alexander.Steffen at infineon.com
2017-03-20 9:56 ` Alexander.Steffen
2017-03-20 9:56 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-03-27 5:25 ` [tpmdd-devel] " Jarkko Sakkinen
2017-03-27 5:25 ` Jarkko Sakkinen
2017-03-27 5:25 ` Jarkko Sakkinen
2017-03-03 15:19 ` [PATCH v3 3/7] tpm: export tpm2_flush_context_cmd Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-03 15:19 ` [PATCH v3 4/7] tpm: infrastructure for TPM spaces Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-17 15:41 ` [tpmdd-devel] " Alexander.Steffen at infineon.com
2017-03-17 15:41 ` Alexander.Steffen
2017-03-17 15:41 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-03-17 20:44 ` [tpmdd-devel] " Jarkko Sakkinen
2017-03-17 20:44 ` Jarkko Sakkinen
2017-03-17 20:44 ` Jarkko Sakkinen
2017-03-03 15:19 ` [PATCH v3 5/7] tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-03 15:19 ` [PATCH v3 6/7] tpm: expose spaces via a device link /dev/tpmrm<n> Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-03 15:19 ` [PATCH v3 7/7] tpm2: add session handle context saving and restoring to the space code Jarkko Sakkinen
2017-03-03 15:19 ` Jarkko Sakkinen
2017-03-06 21:07 ` [PATCH v3 0/7] in-kernel resource manager Jarkko Sakkinen
2017-03-06 21:07 ` Jarkko Sakkinen
2017-03-11 8:55 ` Jarkko Sakkinen
2017-03-11 8:55 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170320172305.GA4990@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.