From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@gmail.com>, roberto.sassu@huawei.com
Cc: zohar@linux.ibm.com, david.safford@ge.com, monty.wiseman@ge.com,
matthewgarrett@google.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
silviu.vlasceanu@huawei.com,
linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Date: Thu, 21 Mar 2019 13:15:54 +0000 [thread overview]
Message-ID: <20190321131554.GB2267@linux.intel.com> (raw)
In-Reply-To: <CAA9_cmf0j1EoyrGmbfPWCWPafgGfKWR6cyPpN8YEFZdemeg1kA@mail.gmail.com>
On Mon, Mar 18, 2019 at 03:35:08PM -0700, Dan Williams wrote:
> On Wed, Feb 6, 2019 at 10:30 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> >
> > When crypto agility support will be added to the TPM driver, users of the
> > driver have to retrieve the allocated banks from chip->allocated_banks and
> > use this information to prepare the array of tpm_digest structures to be
> > passed to tpm_pcr_extend().
> >
> > This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
> > pointer can be used to prepare the array of tpm_digest structures.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > ---
> > security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
> > 1 file changed, 24 insertions(+), 14 deletions(-)
> >
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 4d98f4f87236..5b852263eae1 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -34,6 +34,7 @@
> >
> > static const char hmac_alg[] = "hmac(sha1)";
> > static const char hash_alg[] = "sha1";
> > +static struct tpm_chip *chip;
> >
> > struct sdesc {
> > struct shash_desc shash;
> > @@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
> > int rc;
> >
> > dump_tpm_buf(cmd);
> > - rc = tpm_send(NULL, cmd, buflen);
> > + rc = tpm_send(chip, cmd, buflen);
> > dump_tpm_buf(cmd);
> > if (rc > 0)
> > /* Can't return positive return codes values to keyctl */
> > @@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
> >
> > if (!capable(CAP_SYS_ADMIN))
> > return -EPERM;
> > - ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
> > + ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
> > if (ret != SHA1_DIGEST_SIZE)
> > return ret;
> > - return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
> > + return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
> > }
> >
> > /*
> > @@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
> > unsigned char ononce[TPM_NONCE_SIZE];
> > int ret;
> >
> > - ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE)
> > return ret;
> >
> > @@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
> > if (ret < 0)
> > goto out;
> >
> > - ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE)
> > goto out;
> > ordinal = htonl(TPM_ORD_SEAL);
> > @@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
> >
> > ordinal = htonl(TPM_ORD_UNSEAL);
> > keyhndl = htonl(SRKHANDLE);
> > - ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE) {
> > pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
> > return ret;
> > @@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > int i;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return tpm2;
> >
> > @@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
> > struct trusted_key_options *options;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return NULL;
> >
> > @@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
> > size_t key_len;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return tpm2;
> >
> > @@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
> > switch (key_cmd) {
> > case Opt_load:
> > if (tpm2)
> > - ret = tpm_unseal_trusted(NULL, payload, options);
> > + ret = tpm_unseal_trusted(chip, payload, options);
> > else
> > ret = key_unseal(payload, options);
> > dump_payload(payload);
> > @@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
> > break;
> > case Opt_new:
> > key_len = payload->key_len;
> > - ret = tpm_get_random(NULL, payload->key, key_len);
> > + ret = tpm_get_random(chip, payload->key, key_len);
> > if (ret != key_len) {
> > pr_info("trusted_key: key_create failed (%d)\n", ret);
> > goto out;
> > }
> > if (tpm2)
> > - ret = tpm_seal_trusted(NULL, payload, options);
> > + ret = tpm_seal_trusted(chip, payload, options);
> > else
> > ret = key_seal(payload, options);
> > if (ret < 0)
> > @@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
> > {
> > int ret;
> >
> > + chip = tpm_default_chip();
> > + if (!chip)
> > + return -ENOENT;
>
> This change causes a regression loading the encrypted_keys module on
> systems that don't have a tpm.
>
> Module init functions should not have hardware dependencies.
>
> The effect is that the libnvdimm module, which is an encrypted_keys
> user, fails to load, but up until this change encrypted_keys did not
> have a hard dependency on TPM presence.
Sorry for the latency. I was in flu for couple of days.
I missed that addition in the review process albeit this patch set
went numerous rounds. Apologies about ths. Also the return value is
wrong. Should be -ENODEV but it doesn't matter because this needs to
be removed anyway.
Roberto, can you submit a fix ASAP that:
1. Allows the module to initialize even if the chip is not found.
2. In the beginning of each function (before tpm_is_tpm2()) you
should check if chip is NULL and return -ENODEV if it is.
Add also these tags before your signed-off-by:
Cc: stable@vger.kernel.org
Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()")
Reported-by: Dan Williams <dan.j.williams@gmail.com>
Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@gmail.com>, roberto.sassu@huawei.com
Cc: Roberto Sassu <roberto.sassu@huawei.com>,
zohar@linux.ibm.com, david.safford@ge.com, monty.wiseman@ge.com,
matthewgarrett@google.com, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org, keyrings@vger.kernel.org,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
silviu.vlasceanu@huawei.com,
linux-nvdimm <linux-nvdimm@lists.01.org>
Subject: Re: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Date: Thu, 21 Mar 2019 15:15:54 +0200 [thread overview]
Message-ID: <20190321131554.GB2267@linux.intel.com> (raw)
In-Reply-To: <CAA9_cmf0j1EoyrGmbfPWCWPafgGfKWR6cyPpN8YEFZdemeg1kA@mail.gmail.com>
On Mon, Mar 18, 2019 at 03:35:08PM -0700, Dan Williams wrote:
> On Wed, Feb 6, 2019 at 10:30 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> >
> > When crypto agility support will be added to the TPM driver, users of the
> > driver have to retrieve the allocated banks from chip->allocated_banks and
> > use this information to prepare the array of tpm_digest structures to be
> > passed to tpm_pcr_extend().
> >
> > This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
> > pointer can be used to prepare the array of tpm_digest structures.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > ---
> > security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
> > 1 file changed, 24 insertions(+), 14 deletions(-)
> >
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 4d98f4f87236..5b852263eae1 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -34,6 +34,7 @@
> >
> > static const char hmac_alg[] = "hmac(sha1)";
> > static const char hash_alg[] = "sha1";
> > +static struct tpm_chip *chip;
> >
> > struct sdesc {
> > struct shash_desc shash;
> > @@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
> > int rc;
> >
> > dump_tpm_buf(cmd);
> > - rc = tpm_send(NULL, cmd, buflen);
> > + rc = tpm_send(chip, cmd, buflen);
> > dump_tpm_buf(cmd);
> > if (rc > 0)
> > /* Can't return positive return codes values to keyctl */
> > @@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
> >
> > if (!capable(CAP_SYS_ADMIN))
> > return -EPERM;
> > - ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
> > + ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
> > if (ret != SHA1_DIGEST_SIZE)
> > return ret;
> > - return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
> > + return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
> > }
> >
> > /*
> > @@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
> > unsigned char ononce[TPM_NONCE_SIZE];
> > int ret;
> >
> > - ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE)
> > return ret;
> >
> > @@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
> > if (ret < 0)
> > goto out;
> >
> > - ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE)
> > goto out;
> > ordinal = htonl(TPM_ORD_SEAL);
> > @@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
> >
> > ordinal = htonl(TPM_ORD_UNSEAL);
> > keyhndl = htonl(SRKHANDLE);
> > - ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE) {
> > pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
> > return ret;
> > @@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > int i;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return tpm2;
> >
> > @@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
> > struct trusted_key_options *options;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return NULL;
> >
> > @@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
> > size_t key_len;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return tpm2;
> >
> > @@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
> > switch (key_cmd) {
> > case Opt_load:
> > if (tpm2)
> > - ret = tpm_unseal_trusted(NULL, payload, options);
> > + ret = tpm_unseal_trusted(chip, payload, options);
> > else
> > ret = key_unseal(payload, options);
> > dump_payload(payload);
> > @@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
> > break;
> > case Opt_new:
> > key_len = payload->key_len;
> > - ret = tpm_get_random(NULL, payload->key, key_len);
> > + ret = tpm_get_random(chip, payload->key, key_len);
> > if (ret != key_len) {
> > pr_info("trusted_key: key_create failed (%d)\n", ret);
> > goto out;
> > }
> > if (tpm2)
> > - ret = tpm_seal_trusted(NULL, payload, options);
> > + ret = tpm_seal_trusted(chip, payload, options);
> > else
> > ret = key_seal(payload, options);
> > if (ret < 0)
> > @@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
> > {
> > int ret;
> >
> > + chip = tpm_default_chip();
> > + if (!chip)
> > + return -ENOENT;
>
> This change causes a regression loading the encrypted_keys module on
> systems that don't have a tpm.
>
> Module init functions should not have hardware dependencies.
>
> The effect is that the libnvdimm module, which is an encrypted_keys
> user, fails to load, but up until this change encrypted_keys did not
> have a hard dependency on TPM presence.
Sorry for the latency. I was in flu for couple of days.
I missed that addition in the review process albeit this patch set
went numerous rounds. Apologies about ths. Also the return value is
wrong. Should be -ENODEV but it doesn't matter because this needs to
be removed anyway.
Roberto, can you submit a fix ASAP that:
1. Allows the module to initialize even if the chip is not found.
2. In the beginning of each function (before tpm_is_tpm2()) you
should check if chip is NULL and return -ENODEV if it is.
Add also these tags before your signed-off-by:
Cc: stable@vger.kernel.org
Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()")
Reported-by: Dan Williams <dan.j.williams@gmail.com>
Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Dan Williams <dan.j.williams@gmail.com>, roberto.sassu@huawei.com
Cc: silviu.vlasceanu@huawei.com,
linux-nvdimm <linux-nvdimm@lists.01.org>,
matthewgarrett@google.com,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
david.safford@ge.com, linux-security-module@vger.kernel.org,
keyrings@vger.kernel.org, zohar@linux.ibm.com,
monty.wiseman@ge.com, linux-integrity@vger.kernel.org
Subject: Re: [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
Date: Thu, 21 Mar 2019 15:15:54 +0200 [thread overview]
Message-ID: <20190321131554.GB2267@linux.intel.com> (raw)
In-Reply-To: <CAA9_cmf0j1EoyrGmbfPWCWPafgGfKWR6cyPpN8YEFZdemeg1kA@mail.gmail.com>
On Mon, Mar 18, 2019 at 03:35:08PM -0700, Dan Williams wrote:
> On Wed, Feb 6, 2019 at 10:30 AM Roberto Sassu <roberto.sassu@huawei.com> wrote:
> >
> > When crypto agility support will be added to the TPM driver, users of the
> > driver have to retrieve the allocated banks from chip->allocated_banks and
> > use this information to prepare the array of tpm_digest structures to be
> > passed to tpm_pcr_extend().
> >
> > This patch retrieves a tpm_chip pointer from tpm_default_chip() so that the
> > pointer can be used to prepare the array of tpm_digest structures.
> >
> > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > Reviewed-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > Tested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
> > ---
> > security/keys/trusted.c | 38 ++++++++++++++++++++++++--------------
> > 1 file changed, 24 insertions(+), 14 deletions(-)
> >
> > diff --git a/security/keys/trusted.c b/security/keys/trusted.c
> > index 4d98f4f87236..5b852263eae1 100644
> > --- a/security/keys/trusted.c
> > +++ b/security/keys/trusted.c
> > @@ -34,6 +34,7 @@
> >
> > static const char hmac_alg[] = "hmac(sha1)";
> > static const char hash_alg[] = "sha1";
> > +static struct tpm_chip *chip;
> >
> > struct sdesc {
> > struct shash_desc shash;
> > @@ -362,7 +363,7 @@ int trusted_tpm_send(unsigned char *cmd, size_t buflen)
> > int rc;
> >
> > dump_tpm_buf(cmd);
> > - rc = tpm_send(NULL, cmd, buflen);
> > + rc = tpm_send(chip, cmd, buflen);
> > dump_tpm_buf(cmd);
> > if (rc > 0)
> > /* Can't return positive return codes values to keyctl */
> > @@ -384,10 +385,10 @@ static int pcrlock(const int pcrnum)
> >
> > if (!capable(CAP_SYS_ADMIN))
> > return -EPERM;
> > - ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
> > + ret = tpm_get_random(chip, hash, SHA1_DIGEST_SIZE);
> > if (ret != SHA1_DIGEST_SIZE)
> > return ret;
> > - return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
> > + return tpm_pcr_extend(chip, pcrnum, hash) ? -EINVAL : 0;
> > }
> >
> > /*
> > @@ -400,7 +401,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
> > unsigned char ononce[TPM_NONCE_SIZE];
> > int ret;
> >
> > - ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE)
> > return ret;
> >
> > @@ -496,7 +497,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
> > if (ret < 0)
> > goto out;
> >
> > - ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE)
> > goto out;
> > ordinal = htonl(TPM_ORD_SEAL);
> > @@ -606,7 +607,7 @@ static int tpm_unseal(struct tpm_buf *tb,
> >
> > ordinal = htonl(TPM_ORD_UNSEAL);
> > keyhndl = htonl(SRKHANDLE);
> > - ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
> > + ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
> > if (ret != TPM_NONCE_SIZE) {
> > pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
> > return ret;
> > @@ -751,7 +752,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
> > int i;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return tpm2;
> >
> > @@ -920,7 +921,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
> > struct trusted_key_options *options;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return NULL;
> >
> > @@ -970,7 +971,7 @@ static int trusted_instantiate(struct key *key,
> > size_t key_len;
> > int tpm2;
> >
> > - tpm2 = tpm_is_tpm2(NULL);
> > + tpm2 = tpm_is_tpm2(chip);
> > if (tpm2 < 0)
> > return tpm2;
> >
> > @@ -1011,7 +1012,7 @@ static int trusted_instantiate(struct key *key,
> > switch (key_cmd) {
> > case Opt_load:
> > if (tpm2)
> > - ret = tpm_unseal_trusted(NULL, payload, options);
> > + ret = tpm_unseal_trusted(chip, payload, options);
> > else
> > ret = key_unseal(payload, options);
> > dump_payload(payload);
> > @@ -1021,13 +1022,13 @@ static int trusted_instantiate(struct key *key,
> > break;
> > case Opt_new:
> > key_len = payload->key_len;
> > - ret = tpm_get_random(NULL, payload->key, key_len);
> > + ret = tpm_get_random(chip, payload->key, key_len);
> > if (ret != key_len) {
> > pr_info("trusted_key: key_create failed (%d)\n", ret);
> > goto out;
> > }
> > if (tpm2)
> > - ret = tpm_seal_trusted(NULL, payload, options);
> > + ret = tpm_seal_trusted(chip, payload, options);
> > else
> > ret = key_seal(payload, options);
> > if (ret < 0)
> > @@ -1225,17 +1226,26 @@ static int __init init_trusted(void)
> > {
> > int ret;
> >
> > + chip = tpm_default_chip();
> > + if (!chip)
> > + return -ENOENT;
>
> This change causes a regression loading the encrypted_keys module on
> systems that don't have a tpm.
>
> Module init functions should not have hardware dependencies.
>
> The effect is that the libnvdimm module, which is an encrypted_keys
> user, fails to load, but up until this change encrypted_keys did not
> have a hard dependency on TPM presence.
Sorry for the latency. I was in flu for couple of days.
I missed that addition in the review process albeit this patch set
went numerous rounds. Apologies about ths. Also the return value is
wrong. Should be -ENODEV but it doesn't matter because this needs to
be removed anyway.
Roberto, can you submit a fix ASAP that:
1. Allows the module to initialize even if the chip is not found.
2. In the beginning of each function (before tpm_is_tpm2()) you
should check if chip is NULL and return -ENODEV if it is.
Add also these tags before your signed-off-by:
Cc: stable@vger.kernel.org
Fixes: 240730437deb ("KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()")
Reported-by: Dan Williams <dan.j.williams@gmail.com>
Suggested-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
/Jarkko
_______________________________________________
Linux-nvdimm mailing list
Linux-nvdimm@lists.01.org
https://lists.01.org/mailman/listinfo/linux-nvdimm
next prev parent reply other threads:[~2019-03-21 13:15 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-02-06 16:24 [PATCH v10, RESEND 0/6] tpm: retrieve digest size of unknown algorithms from TPM Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 1/6] tpm: dynamically allocate the allocated_banks array Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 2/6] tpm: rename and export tpm2_digest and tpm2_algorithms Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 3/6] tpm: retrieve digest size of unknown algorithms with PCR read Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 4/6] tpm: move tpm_chip definition to include/linux/tpm.h Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-02-08 4:24 ` Nathan Chancellor
2019-02-08 4:24 ` Nathan Chancellor
2019-02-08 8:41 ` Roberto Sassu
2019-02-08 8:41 ` Roberto Sassu
2019-02-08 16:16 ` Nathan Chancellor
2019-02-08 16:16 ` Nathan Chancellor
2019-02-08 16:38 ` Roberto Sassu
2019-02-08 16:38 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 5/6] KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip() Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
2019-03-18 22:35 ` Dan Williams
2019-03-18 22:35 ` Dan Williams
2019-03-18 22:35 ` Dan Williams
2019-03-21 13:15 ` Jarkko Sakkinen [this message]
2019-03-21 13:15 ` Jarkko Sakkinen
2019-03-21 13:15 ` Jarkko Sakkinen
2019-03-21 13:25 ` Roberto Sassu
2019-03-21 13:25 ` Roberto Sassu
2019-03-21 13:25 ` Roberto Sassu
2019-02-06 16:24 ` [PATCH v10, RESEND 6/6] tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() Roberto Sassu
2019-02-06 16:24 ` Roberto Sassu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190321131554.GB2267@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=dan.j.williams@gmail.com \
--cc=david.safford@ge.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvdimm@lists.01.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=monty.wiseman@ge.com \
--cc=roberto.sassu@huawei.com \
--cc=silviu.vlasceanu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.