Re: [PATCH 1/3] tpm: Disable TCG_TPM2_HMAC by default

["Jarkko Sakkinen" <jarkko@kernel.org>]

[-- Attachment #1.1: Type: text/plain, Size: 1717 bytes --]

On Thu May 23, 2024 at 10:59 AM EEST, Vitor Soares wrote:
> On Wed, 2024-05-22 at 19:11 +0300, Jarkko Sakkinen wrote:
> > On Wed May 22, 2024 at 5:58 PM EEST, Vitor Soares wrote:
> > > I did run with ftrace, but need some more time to go through it.
> > > 
> > > Here the step I did:
> > > kernel config:
> > >   CONFIG_FUNCTION_TRACER
> > >   CONFIG_FUNCTION_GRAPH_TRACER
> > > 
> > > ftrace:
> > >   # set filters
> > >   echo tpm* > set_ftrace_filter
> > > 
> > >   # set tracer
> > >   echo function_graph > current_tracer
> > > 
> > >   # take the sample
> > >   echo 1 > tracing_on; time modprobe tpm_tis_spi; echo 0 > tracing_on
> > > 
> > > regards,
> > > Vitor Soares
> > 
> > I'm now compiling distro kernel (OpenSUSE) for NUC7 with v6.10 contents.
> > 
> > After I have that setup, I'll develop a perf test either with perf or
> > bpftrace. I'll come back with the possible CONFIG_* that should be in
> > place in your kernel. Might take up until next week as I have some
> > conference stuff to prepare but I try to have stuff ready early next
> > week.
> > 
> > No need to rush with this as long as possible patches go to rc2 or rc3.
> > Let's do a proper analysis instead.
> > 
> > In the meantime you could check if you get perf and/or bpftrace to 
> > your image that use to boot up your device. Preferably both but
> > please inform about this.
> > 
>
> I already have perf running, for the bpftrace I might not be able to help.

The interesting function to look at with/without hmac is probably
tpm2_get_random().

I attached a patch that removes hmac shenigans out of tpm2_get_random()
for the sake of proper comparative testing.

BR, Jarkko

[-- Attachment #2: 0001-fixup.patch --]
[-- Type: text/x-patch, Size: 1663 bytes --]

From 91951ad86ed624416a15edf4f657ab553c84c5d1 Mon Sep 17 00:00:00 2001
From: Jarkko Sakkinen <jarkko@kernel.org>
Date: Mon, 27 May 2024 17:50:54 +0300
Subject: [PATCH] fixup

Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 drivers/char/tpm/tpm2-cmd.c | 17 ++---------------
 1 file changed, 2 insertions(+), 15 deletions(-)

diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
index 1e856259219e..e1013762741a 100644
--- a/drivers/char/tpm/tpm2-cmd.c
+++ b/drivers/char/tpm/tpm2-cmd.c
@@ -294,28 +294,17 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
 	if (!num_bytes || max > TPM_MAX_RNG_DATA)
 		return -EINVAL;
 
-	err = tpm2_start_auth_session(chip);
-	if (err)
-		return err;
-
 	err = tpm_buf_init(&buf, 0, 0);
-	if (err) {
-		tpm2_end_auth_session(chip);
+	if (err)
 		return err;
-	}
 
 	do {
 		tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
-		tpm_buf_append_hmac_session_opt(chip, &buf, TPM2_SA_ENCRYPT
-						| TPM2_SA_CONTINUE_SESSION,
-						NULL, 0);
 		tpm_buf_append_u16(&buf, num_bytes);
-		tpm_buf_fill_hmac_session(chip, &buf);
 		err = tpm_transmit_cmd(chip, &buf,
 				       offsetof(struct tpm2_get_random_out,
 						buffer),
 				       "attempting get random");
-		err = tpm_buf_check_hmac_response(chip, &buf, err);
 		if (err) {
 			if (err > 0)
 				err = -EIO;
@@ -345,12 +334,10 @@ int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
 	} while (retries-- && total < max);
 
 	tpm_buf_destroy(&buf);
-	tpm2_end_auth_session(chip);
-
 	return total ? total : -EIO;
+
 out:
 	tpm_buf_destroy(&buf);
-	tpm2_end_auth_session(chip);
 	return err;
 }
 
-- 
2.45.1