From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: ivan.lazeev@gmail.com, Peter Huewe <peterhuewe@gmx.de>,
Jason Gunthorpe <jgg@ziepe.ca>, Arnd Bergmann <arnd@arndb.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v8] tpm_crb: fix fTPM on AMD Zen+ CPUs
Date: Thu, 24 Oct 2019 22:02:34 +0300 [thread overview]
Message-ID: <20191024190217.GA7002@linux.intel.com> (raw)
In-Reply-To: <20191023232035.ir7hmed4m3emovyx@cantor>
On Wed, Oct 23, 2019 at 04:20:35PM -0700, Jerry Snitselaar wrote:
> On Wed Oct 23 19, Jarkko Sakkinen wrote:
> > On Mon, Oct 21, 2019 at 06:57:35PM +0300, Jarkko Sakkinen wrote:
> > > Almost tested this today. Unfortunately the USB stick at hand was
> > > broken. I'll retry tomorrow or Wed depending on which day I visit at
> > > the office and which day I WFH.
> > >
> > > At least the AMI BIOS had all the TPM stuff in it. The hardware I'll be
> > > using is Udoo Bolt V8 (thanks Jerry for pointing me out this device)
> > > with AMD Ryzen Embedded V1605B [1]
> > >
> > > Thanks for the patience with your patch.
> > >
> > > [1] https://en.wikichip.org/wiki/amd/ryzen_embedded/v1605b
> >
> > Jerry, are you confident to give this tested-by?
> >
> > I'm still in process of finding what I should put to .config in order
> > to get USB keyboard working with UDOO BOLT.
> >
> > /Jarkko
>
> I ran it through the tpm2 kselftests and it passed:
>
> TAP version 13
> 1..2
> # selftests: tpm2: test_smoke.sh
> # test_read_partial_overwrite (tpm2_tests.SmokeTest) ... ok
> # test_read_partial_resp (tpm2_tests.SmokeTest) ... ok
> # test_seal_with_auth (tpm2_tests.SmokeTest) ... ok
> # test_seal_with_policy (tpm2_tests.SmokeTest) ... ok
> # test_seal_with_too_long_auth (tpm2_tests.SmokeTest) ... ok
> # test_send_two_cmds (tpm2_tests.SmokeTest) ... ok
> # test_too_short_cmd (tpm2_tests.SmokeTest) ... ok
> # test_unseal_with_wrong_auth (tpm2_tests.SmokeTest) ... ok
> # test_unseal_with_wrong_policy (tpm2_tests.SmokeTest) ... ok
> #
> # ----------------------------------------------------------------------
> # Ran 9 tests in 12.305s
> #
> # OK
> ok 1 selftests: tpm2: test_smoke.sh
> # selftests: tpm2: test_space.sh
> # test_flush_context (tpm2_tests.SpaceTest) ... ok
> # test_get_handles (tpm2_tests.SpaceTest) ... ok
> # test_invalid_cc (tpm2_tests.SpaceTest) ... ok
> # test_make_two_spaces (tpm2_tests.SpaceTest) ... ok
> #
> # ----------------------------------------------------------------------
> # Ran 4 tests in 11.355s
> #
> # OK
> ok 2 selftests: tpm2: test_space.sh
>
>
> I also did some other testing of tpm2-tools commands, creating a
> trusted key and encrypted key, and running rngtest against /dev/random
> with the current hwrng being tpm-rng-0.
>
> I ran the selftests on an intel nuc as well:
>
> TAP version 13
> 1..2
> # selftests: tpm2: test_smoke.sh
> # test_read_partial_overwrite (tpm2_tests.SmokeTest) ... ok
> # test_read_partial_resp (tpm2_tests.SmokeTest) ... ok
> # test_seal_with_auth (tpm2_tests.SmokeTest) ... ok
> # test_seal_with_policy (tpm2_tests.SmokeTest) ... ok
> # test_seal_with_too_long_auth (tpm2_tests.SmokeTest) ... ok
> # test_send_two_cmds (tpm2_tests.SmokeTest) ... ok
> # test_too_short_cmd (tpm2_tests.SmokeTest) ... ok
> # test_unseal_with_wrong_auth (tpm2_tests.SmokeTest) ... ok
> # test_unseal_with_wrong_policy (tpm2_tests.SmokeTest) ... ok
> # # ----------------------------------------------------------------------
> # Ran 9 tests in 29.620s
> # # OK
> ok 1 selftests: tpm2: test_smoke.sh
> # selftests: tpm2: test_space.sh
> # test_flush_context (tpm2_tests.SpaceTest) ... ok
> # test_get_handles (tpm2_tests.SpaceTest) ... ok
> # test_invalid_cc (tpm2_tests.SpaceTest) ... ok
> # test_make_two_spaces (tpm2_tests.SpaceTest) ... ok
> # # ----------------------------------------------------------------------
> # Ran 4 tests in 26.337s
> # # OK
> ok 2 selftests: tpm2: test_space.sh
>
>
> So,
>
> Tested-by: Jerry Snitselaar <jsnitsel@redhat.com>
>
>
>
> One thing I've noticed on the bolt and the nuc:
>
> [ 0.808935] tpm_tis MSFT0101:00: IRQ index 0 not found
>
> I'm guessing this is Stefan's patches causing this?
>
> 1ea32c83c699 | 2019-09-02 | tpm_tis_core: Set TPM_CHIP_FLAG_IRQ before probing for interrupts (Stefan Berger)
> 5b359c7c4372 | 2019-09-02 | tpm_tis_core: Turn on the TPM before probing IRQ's (Stefan Berger)
>
> I've never noticed tpm_tis messages before on a tpm_crb system, and doublechecked that I don't see it with 5.3.
I'd guess it is related to:
https://patchwork.kernel.org/patch/11200049/
Thank you for the tested-by. I pushed this now. I'll try to get also
my tested-by before sending the PR (still fighting to find correct
kernel config to enable USB keyboard with UDOO BOLT).
/Jarkko
next prev parent reply other threads:[~2019-10-24 19:02 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-16 18:28 [PATCH v8] tpm_crb: fix fTPM on AMD Zen+ CPUs ivan.lazeev
2019-10-21 15:57 ` Jarkko Sakkinen
2019-10-23 11:51 ` Jarkko Sakkinen
2019-10-23 23:20 ` Jerry Snitselaar
2019-10-24 15:57 ` Jerry Snitselaar
2019-10-24 19:15 ` Jarkko Sakkinen
2019-10-24 19:02 ` Jarkko Sakkinen [this message]
2019-10-25 14:13 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191024190217.GA7002@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=arnd@arndb.de \
--cc=gregkh@linuxfoundation.org \
--cc=ivan.lazeev@gmail.com \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.