From: "Jarkko Sakkinen" <jarkko@kernel.org>
To: "James Bottomley" <James.Bottomley@HansenPartnership.com>,
<linux-integrity@vger.kernel.org>,
"Jonathan Corbet" <corbet@lwn.net>,
"Peter Huewe" <peterhuewe@gmx.de>,
"Jason Gunthorpe" <jgg@ziepe.ca>
Cc: "Roberto Sassu" <roberto.sassu@huawei.com>,
"Mimi Zohar" <zohar@linux.ibm.com>, <linux-doc@vger.kernel.org>,
<linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v2] tpm: Opt-in in disable PCR integrity protection
Date: Thu, 07 Nov 2024 15:49:14 +0200 [thread overview]
Message-ID: <D5FZT0QPHL0O.231WD6VUHC48X@kernel.org> (raw)
In-Reply-To: <76d9ae11c339b589a8ec94f010e7439b7ce7d283.camel@HansenPartnership.com>
On Thu Nov 7, 2024 at 3:20 PM EET, James Bottomley wrote:
> On Thu, 2024-11-07 at 11:51 +0200, Jarkko Sakkinen wrote:
> [...]
> > +void tpm_buf_append_auth(struct tpm_chip *chip, struct tpm_buf *buf,
> > + u8 attributes, u8 *passphrase, int
> > passphrase_len)
> > +{
> > + /* offset tells us where the sessions area begins */
> > + int offset = buf->handles * 4 + TPM_HEADER_SIZE;
> > + u32 len = 9 + passphrase_len;
> > +
> > + if (tpm_buf_length(buf) != offset) {
> > + /* not the first session so update the existing
> > length */
> > + len += get_unaligned_be32(&buf->data[offset]);
> > + put_unaligned_be32(len, &buf->data[offset]);
> > + } else {
> > + tpm_buf_append_u32(buf, len);
> > + }
> > + /* auth handle */
> > + tpm_buf_append_u32(buf, TPM2_RS_PW);
> > + /* nonce */
> > + tpm_buf_append_u16(buf, 0);
> > + /* attributes */
> > + tpm_buf_append_u8(buf, 0);
> > + /* passphrase */
> > + tpm_buf_append_u16(buf, passphrase_len);
> > + tpm_buf_append(buf, passphrase, passphrase_len);
> > +}
> > +
>
> The rest of the code looks fine, but if you're going to extract this as
> a separate function instead of doing the open coded struct
> tpm2_null_auth that was there originally, you should probably extract
> and use the tpm2_buf_append_auth() function in trusted_tpm2.c
So this was straight up from Mimi's original patch :-)
Hmm... was there duplicate use for this in the patch? I'll check this.
>
> James
BR, Jarkko
next prev parent reply other threads:[~2024-11-07 13:49 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-07 9:51 [PATCH v2] tpm: Opt-in in disable PCR integrity protection Jarkko Sakkinen
2024-11-07 13:20 ` James Bottomley
2024-11-07 13:49 ` Jarkko Sakkinen [this message]
2024-11-07 13:52 ` James Bottomley
2024-11-11 19:53 ` Mimi Zohar
2024-11-11 20:12 ` James Bottomley
2024-11-12 17:57 ` Jarkko Sakkinen
2024-11-12 20:00 ` Mimi Zohar
2024-11-07 13:44 ` Mimi Zohar
2024-11-07 13:47 ` Jarkko Sakkinen
2024-11-07 14:00 ` Mimi Zohar
2024-11-07 16:45 ` Jarkko Sakkinen
2024-11-07 13:46 ` kernel test robot
2024-11-07 20:43 ` kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=D5FZT0QPHL0O.231WD6VUHC48X@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@HansenPartnership.com \
--cc=corbet@lwn.net \
--cc=jgg@ziepe.ca \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=roberto.sassu@huawei.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.