From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: zohar@linux.ibm.com, david.safford@ge.com, monty.wiseman@ge.com,
matthewgarrett@google.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
silviu.vlasceanu@huawei.com
Subject: Re: [PATCH v8 4/7] tpm: retrieve digest size of unknown algorithms with PCR read
Date: Tue, 29 Jan 2019 20:14:05 +0000 [thread overview]
Message-ID: <20190129201405.GC11615@linux.intel.com> (raw)
In-Reply-To: <20190124154910.29948-5-roberto.sassu@huawei.com>
On Thu, Jan 24, 2019 at 04:49:07PM +0100, Roberto Sassu wrote:
> Currently, the TPM driver retrieves the digest size from a table mapping
> TPM algorithms identifiers to identifiers defined by the crypto subsystem.
> If the algorithm is not defined by the latter, the digest size can be
> retrieved from the output of the PCR read command.
>
> The patch modifies the definition of tpm_pcr_read() and tpm2_pcr_read() to
> pass the desired hash algorithm and obtain the digest size at TPM startup.
> Algorithms and corresponding digest sizes are stored in the new structure
> tpm_bank_info, member of tpm_chip, so that the information can be used by
> other kernel subsystems.
>
> tpm_bank_info contains: the TPM algorithm identifier, necessary to generate
> the event log as defined by Trusted Computing Group (TCG); the digest size,
> to pad/truncate a digest calculated with a different algorithm; the crypto
> subsystem identifier, to calculate the digest of event data.
>
> This patch also protects against data corruption that could happen in the
> bus, by checking that the digest size returned by the TPM during a PCR read
> matches the size of the algorithm passed to tpm2_pcr_read().
>
> For the initial PCR read, when digest sizes are not yet available, this
> patch ensures that the amount of data copied from the output returned by
> the TPM does not exceed the size of the array data are copied to.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Roberto Sassu <roberto.sassu@huawei.com>
Cc: zohar@linux.ibm.com, david.safford@ge.com, monty.wiseman@ge.com,
matthewgarrett@google.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org,
linux-kernel@vger.kernel.org, keyrings@vger.kernel.org,
silviu.vlasceanu@huawei.com
Subject: Re: [PATCH v8 4/7] tpm: retrieve digest size of unknown algorithms with PCR read
Date: Tue, 29 Jan 2019 22:14:05 +0200 [thread overview]
Message-ID: <20190129201405.GC11615@linux.intel.com> (raw)
In-Reply-To: <20190124154910.29948-5-roberto.sassu@huawei.com>
On Thu, Jan 24, 2019 at 04:49:07PM +0100, Roberto Sassu wrote:
> Currently, the TPM driver retrieves the digest size from a table mapping
> TPM algorithms identifiers to identifiers defined by the crypto subsystem.
> If the algorithm is not defined by the latter, the digest size can be
> retrieved from the output of the PCR read command.
>
> The patch modifies the definition of tpm_pcr_read() and tpm2_pcr_read() to
> pass the desired hash algorithm and obtain the digest size at TPM startup.
> Algorithms and corresponding digest sizes are stored in the new structure
> tpm_bank_info, member of tpm_chip, so that the information can be used by
> other kernel subsystems.
>
> tpm_bank_info contains: the TPM algorithm identifier, necessary to generate
> the event log as defined by Trusted Computing Group (TCG); the digest size,
> to pad/truncate a digest calculated with a different algorithm; the crypto
> subsystem identifier, to calculate the digest of event data.
>
> This patch also protects against data corruption that could happen in the
> bus, by checking that the digest size returned by the TPM during a PCR read
> matches the size of the algorithm passed to tpm2_pcr_read().
>
> For the initial PCR read, when digest sizes are not yet available, this
> patch ensures that the amount of data copied from the output returned by
> the TPM does not exceed the size of the array data are copied to.
>
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> Acked-by: Mimi Zohar <zohar@linux.ibm.com>
Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
next prev parent reply other threads:[~2019-01-29 20:14 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-24 15:49 [PATCH v8 0/7] tpm: retrieve digest size of unknown algorithms from TPM Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-24 15:49 ` [PATCH v8 1/7] tpm: dynamically allocate the allocated_banks array Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-29 19:29 ` Jarkko Sakkinen
2019-01-29 19:29 ` Jarkko Sakkinen
2019-01-30 7:52 ` Roberto Sassu
2019-01-30 7:52 ` Roberto Sassu
2019-01-30 12:01 ` Jarkko Sakkinen
2019-01-30 12:01 ` Jarkko Sakkinen
2019-01-24 15:49 ` [PATCH v8 2/7] tpm: add _head suffix to tcg_efi_specid_event and tcg_pcr_event2 Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-29 19:37 ` Jarkko Sakkinen
2019-01-29 19:37 ` Jarkko Sakkinen
2019-01-24 15:49 ` [PATCH v8 3/7] tpm: rename and export tpm2_digest and tpm2_algorithms Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-24 15:49 ` [PATCH v8 4/7] tpm: retrieve digest size of unknown algorithms with PCR read Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-29 20:14 ` Jarkko Sakkinen [this message]
2019-01-29 20:14 ` Jarkko Sakkinen
2019-01-24 15:49 ` [PATCH v8 5/7] tpm: move tpm_chip definition to include/linux/tpm.h Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-29 20:34 ` Jarkko Sakkinen
2019-01-29 20:34 ` Jarkko Sakkinen
2019-01-31 7:54 ` Roberto Sassu
2019-01-31 7:54 ` Roberto Sassu
2019-01-31 16:05 ` Jarkko Sakkinen
2019-01-31 16:05 ` Jarkko Sakkinen
2019-01-24 15:49 ` [PATCH v8 6/7] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip() Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-29 20:43 ` Jarkko Sakkinen
2019-01-29 20:43 ` Jarkko Sakkinen
2019-01-24 15:49 ` [PATCH v8 7/7] tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() Roberto Sassu
2019-01-24 15:49 ` Roberto Sassu
2019-01-29 21:02 ` Jarkko Sakkinen
2019-01-29 21:02 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190129201405.GC11615@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=david.safford@ge.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=monty.wiseman@ge.com \
--cc=roberto.sassu@huawei.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.