From: Jarkko Sakkinen <jarkko@kernel.org>
To: Stefan Mahnke-Hartmann <stefan.mahnke-hartmann@infineon.com>
Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
peterhuewe@gmx.de, jgg@ziepe.ca
Subject: Re: [PATCH] tpm: Add upgrade/reduced mode support for TPM1.2 modules
Date: Thu, 2 Jun 2022 14:25:26 +0300 [thread overview]
Message-ID: <YpieJlx511jZUDmn@iki.fi> (raw)
In-Reply-To: <20220601083810.330809-1-stefan.mahnke-hartmann@infineon.com>
On Wed, Jun 01, 2022 at 10:38:11AM +0200, Stefan Mahnke-Hartmann wrote:
> In case a TPM in failure mode is detected, the TPM should be accessible
> through a transparent communication channel for analysing purposes (e.g.
> TPM_GetTestResult) or a field upgrade. Since a TPM in failure mode has
> similar reduced functionality as in field upgrade mode, the flag
> TPM_CHIP_FLAG_FIRMWARE_UPGRADE_MODE is also valid.
>
> As described in TCG TPM Main Part1 Design Principles, Revision 116,
> chapter 9.2.1. the TPM also allows an update function in case a TPM is
> in failure mode.
>
> If the TPM in failure mode is detected, the function tpm1_auto_startup()
> sets TPM_CHIP_FLAG_FIRMWARE_UPGRADE_MODE flag. This patch simply follows
> the same rationale as TPM2 in field upgrade mode.
"following the rationale" does not give a clue what it does.
Also minor nit: write in imperative from, and please do not say "this
patch". It won't be a patch, once it is in git.
> Signed-off-by: Stefan Mahnke-Hartmann <stefan.mahnke-hartmann@infineon.com>
> ---
> If you have any better suggestions, please let me know.
>
> drivers/char/tpm/tpm1-cmd.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/drivers/char/tpm/tpm1-cmd.c b/drivers/char/tpm/tpm1-cmd.c
> index f7dc986fa4a0..7a42d74c450c 100644
> --- a/drivers/char/tpm/tpm1-cmd.c
> +++ b/drivers/char/tpm/tpm1-cmd.c
> @@ -710,8 +710,10 @@ int tpm1_auto_startup(struct tpm_chip *chip)
> goto out;
> rc = tpm1_do_selftest(chip);
> if (rc) {
> - dev_err(&chip->dev, "TPM self test failed\n");
> - goto out;
> + dev_err(&chip->dev, "TPM self test failed, so the TPM has limited functionality\n");
> + /* A TPM in this state possibly allows or needs a firmware upgrade */
> + chip->flags |= TPM_CHIP_FLAG_FIRMWARE_UPGRADE;
> + rc = 0;
> }
>
> return rc;
> --
> 2.25.1
>
Why all error codes trigger this action, e.g. all possible TPM2
errors and -ETIME?
BR, Jarkko
prev parent reply other threads:[~2022-06-02 11:27 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-06-01 8:38 [PATCH] tpm: Add upgrade/reduced mode support for TPM1.2 modules Stefan Mahnke-Hartmann
2022-06-02 11:25 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YpieJlx511jZUDmn@iki.fi \
--to=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=stefan.mahnke-hartmann@infineon.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.