From: Jarkko Sakkinen <jarkko@kernel.org>
To: Jason Gunthorpe <jgg@ziepe.ca>
Cc: Lukas Wunner <lukas@wunner.de>,
Lino Sanfilippo <LinoSanfilippo@gmx.de>,
peterhuewe@gmx.de, devicetree@vger.kernel.org,
linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
stefanb@linux.ibm.com, p.rosenberger@kunbus.com
Subject: Re: [PATCH 1/5] tpm: add functions to set and unset the tpm chips reset state
Date: Thu, 14 Apr 2022 15:13:20 +0300 [thread overview]
Message-ID: <YlgPxX3xCPUyR2F6@kernel.org> (raw)
In-Reply-To: <20220411114741.GA64706@ziepe.ca>
On Mon, Apr 11, 2022 at 08:47:41AM -0300, Jason Gunthorpe wrote:
> On Sun, Apr 10, 2022 at 07:11:23PM +0200, Lukas Wunner wrote:
> > On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote:
> > > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote:
> > > > Currently it is not possible to set the tpm chips reset state from within
> > > > the driver. This is problematic if the chip is still in reset after the
> > > > system comes up. This may e.g. happen if the reset line is pulled into
> > > > reset state by a pin configuration in the device tree.
> > >
> > > This kind of system is badly misdesigned.
> > >
> > > TPM PCRs fundementally cannot work if the TPM reset line is under
> > > software control.
> >
> > Not every system which incorporates a TPM wants to use or is even capable
> > of measuring software state of any kind or perform secure boot.
> >
> > Those systems may merely want to use the TPM to store key material.
>
> Then maybe the TPM driver should make it clear somehow that the PCRs
> don't work in these systems.
>
> It is really dangerous to add capabilities like this that should
> never, ever be used in sanely designed systems.
>
> Jason
I agree. That niche should do the bad things with oot patches.
BR, Jarkko
next prev parent reply other threads:[~2022-04-14 12:14 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-07 11:18 [PATCH 0/5] Support TPM Reset GPIO Lino Sanfilippo
2022-04-07 11:18 ` [PATCH 1/5] tpm: add functions to set and unset the tpm chips reset state Lino Sanfilippo
2022-04-07 14:25 ` Jason Gunthorpe
2022-04-10 9:03 ` Lino Sanfilippo
2022-04-10 17:11 ` Lukas Wunner
2022-04-11 11:47 ` Jason Gunthorpe
2022-04-14 12:13 ` Jarkko Sakkinen [this message]
2022-04-07 11:18 ` [PATCH 2/5] dt-bindings: tpm: document reset gpio property Lino Sanfilippo
2022-04-07 11:18 ` [PATCH 3/5] tpm: tpm_tis: get optionally defined reset gpio Lino Sanfilippo
2022-04-07 11:18 ` [PATCH 4/5] tpm: tpm_tis: make functions available for external linkage Lino Sanfilippo
2022-04-07 11:18 ` [PATCH 5/5] tpm: tpm_tis_spi_slb_9670: implement set_reset and unset_reset functions Lino Sanfilippo
2022-04-10 17:18 ` Lukas Wunner
2022-04-10 19:44 ` Lino Sanfilippo
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YlgPxX3xCPUyR2F6@kernel.org \
--to=jarkko@kernel.org \
--cc=LinoSanfilippo@gmx.de \
--cc=devicetree@vger.kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lukas@wunner.de \
--cc=p.rosenberger@kunbus.com \
--cc=peterhuewe@gmx.de \
--cc=stefanb@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.