From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "Linus Torvalds" <torvalds@linux-foundation.org>
Cc: "Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>,
"David Howells" <dhowells@redhat.com>, <keyrings@vger.kernel.org>,
<linux-integrity@vger.kernel.org>, <linux-kernel@vger.kernel.org>
Subject: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-6.10-rc1
Date: Thu, 09 May 2024 23:04:04 +0300 [thread overview]
Message-ID: <D15DSV117DQZ.3GJOTXCTGZHE9@kernel.org> (raw)
The following changes since commit 45db3ab70092637967967bfd8e6144017638563c:
Merge tag '6.9-rc7-ksmbd-fixes' of git://git.samba.org/ksmbd (2024-05-08 10:39:53 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1
for you to fetch changes up to 1d479e3cd6520085832a6b432d521eeead2691ba:
Documentation: tpm: Add TPM security docs toctree entry (2024-05-09 22:30:52 +0300)
----------------------------------------------------------------
Hi,
These are the changes for the TPM driver with a single major new
feature: TPM bus encryption and integrity protection. The key pair
on TPM side is generated from so called null random seed per power
on of the machine [1]. This supports the TPM encryption of the hard
drive by adding layer of protection against bus interposer attacks.
Other than the pull request a few minor fixes and documentation for
tpm_tis to clarify basics of TPM localities for future patch review
discussions (will be extended and refined over times, just a seed).
[1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/
BR, Jarkko
----------------------------------------------------------------
Ard Biesheuvel (1):
crypto: lib - implement library version of AES in CFB mode
Bagas Sanjaya (1):
Documentation: tpm: Add TPM security docs toctree entry
Colin Ian King (1):
tpm/eventlog: remove redundant assignment to variabel ret
James Bottomley (14):
tpm: Move buffer handling from static inlines to real functions
tpm: add buffer function to point to returned parameters
tpm: export the context save and load commands
tpm: Add NULL primary creation
tpm: Add TCG mandated Key Derivation Functions (KDFs)
tpm: Add HMAC session start and end functions
tpm: Add HMAC session name/handle append
tpm: Add the rest of the session HMAC API
tpm: add hmac checks to tpm2_pcr_extend()
tpm: add session encryption protection to tpm2_get_random()
KEYS: trusted: Add session encryption protection to the seal/unseal path
tpm: add the null key name as a sysfs export
Documentation: add tpm-security.rst
tpm: disable the TPM if NULL name changes
Jarkko Sakkinen (8):
Documentation: tpm_tis
tpm: Remove unused tpm_buf_tag()
tpm: Remove tpm_send()
tpm: Update struct tpm_buf documentation comments
tpm: Store the length of the tpm_buf data separately.
tpm: TPM2B formatted buffers
tpm: Add tpm_buf_read_{u8,u16,u32}
KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers
Michael Haener (1):
dt-bindings: tpm: Add st,st33ktpm2xi2c
Niklas Schnelle (2):
char: tpm: handle HAS_IOPORT dependencies
char: tpm: Keep TPM_INF_IO_PORT define for HAS_IOPORT=n
.../devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml | 1 +
Documentation/security/tpm/index.rst | 2 +
Documentation/security/tpm/tpm-security.rst | 216 ++++
Documentation/security/tpm/tpm_tis.rst | 46 +
drivers/char/tpm/Kconfig | 17 +-
drivers/char/tpm/Makefile | 2 +
drivers/char/tpm/eventlog/acpi.c | 1 -
drivers/char/tpm/tpm-buf.c | 252 ++++
drivers/char/tpm/tpm-chip.c | 6 +
drivers/char/tpm/tpm-interface.c | 26 +-
drivers/char/tpm/tpm-sysfs.c | 18 +
drivers/char/tpm/tpm.h | 14 +
drivers/char/tpm/tpm2-cmd.c | 53 +-
drivers/char/tpm/tpm2-sessions.c | 1286 ++++++++++++++++++++
drivers/char/tpm/tpm2-space.c | 11 +-
drivers/char/tpm/tpm_infineon.c | 14 +-
drivers/char/tpm/tpm_tis_core.c | 19 +-
include/crypto/aes.h | 5 +
include/keys/trusted_tpm.h | 2 -
include/linux/tpm.h | 316 +++--
lib/crypto/Kconfig | 5 +
lib/crypto/Makefile | 3 +
lib/crypto/aescfb.c | 257 ++++
security/keys/trusted-keys/trusted_tpm1.c | 23 +-
security/keys/trusted-keys/trusted_tpm2.c | 136 ++-
25 files changed, 2519 insertions(+), 212 deletions(-)
create mode 100644 Documentation/security/tpm/tpm-security.rst
create mode 100644 Documentation/security/tpm/tpm_tis.rst
create mode 100644 drivers/char/tpm/tpm-buf.c
create mode 100644 drivers/char/tpm/tpm2-sessions.c
create mode 100644 lib/crypto/aescfb.c
next reply other threads:[~2024-05-09 20:04 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-05-09 20:04 Jarkko Sakkinen [this message]
2024-05-10 8:12 ` [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-6.10-rc1 Jarkko Sakkinen
2024-05-13 17:50 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D15DSV117DQZ.3GJOTXCTGZHE9@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jgg@ziepe.ca \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.