From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: linux-integrity@vger.kernel.org,
Alexander Steffen <Alexander.Steffen@infineon.com>
Subject: Re: [PATCH] tpm: fix selftest failure regression
Date: Tue, 20 Feb 2018 19:22:19 +0200 [thread overview]
Message-ID: <1519147339.6941.3.camel@linux.intel.com> (raw)
In-Reply-To: <1519135044.9433.5.camel@HansenPartnership.com>
EOn Tue, 2018-02-20 at 08:57 -0500, James Bottomley wrote:
> On Tue, 2018-02-20 at 15:30 +0200, Jarkko Sakkinen wrote:
> > The calls for tpm2_get_pcr_allocation() and tpm2_get_cc_attrs_tbl()
> > could be also moved before the self test.
>
> That's not a good idea for a couple of reasons
>
> 1. You really should do as little as possible with the TPM before the
> self test
As Alexander correctly pointed out earlier, the section 12.3
Self-Test Modes of the architecture specification states that
"If a command requires use of an untested algorithm or functional
module, the TPM performs the test and then completes the command
actions."
It would mean only running the self test for GetCapability as the
first test if I understand what I'm reading correctly.
> 2. The TPM might not be started before the self test, so it would error
> all commands with TPM_RC_INITIALIZE anyway (this was the problem
> with the initial version of the patch set).
Do not see an issue to run Startup beforehand.
> So self test should be the first command we send to the TPM. The only
> reason I was suspicious of tpm_validate_command() is because it can
> manufacture a TPM_RC_COMMAND_CODE return. However, that turned out not
> to be the case (and tpm_validate_command() has a bypass for sending
> everything to the TPM before the attribute table is initialized, so
> it's all working correctly).
>
> James
/Jarkko
next prev parent reply other threads:[~2018-02-20 17:22 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <1518122886.21828.20.camel@HansenPartnership.com>
2018-02-15 13:55 ` [PATCH] tpm: fix selftest failure regression Jarkko Sakkinen
2018-02-16 8:34 ` Jarkko Sakkinen
2018-02-16 18:17 ` James Bottomley
2018-02-16 18:59 ` James Bottomley
2018-02-16 19:26 ` Alexander Steffen
2018-02-16 19:45 ` James Bottomley
2018-02-20 14:24 ` Jarkko Sakkinen
2018-02-20 14:33 ` James Bottomley
2018-04-08 19:11 ` Ken Goldman
2018-02-20 13:30 ` Jarkko Sakkinen
2018-02-20 13:57 ` James Bottomley
2018-02-20 17:22 ` Jarkko Sakkinen [this message]
2018-02-20 17:27 ` James Bottomley
2018-02-16 20:15 ` James Bottomley
2018-02-18 17:08 ` Jason Gunthorpe
2018-02-18 17:16 ` James Bottomley
2018-02-18 17:36 ` Jason Gunthorpe
2018-02-18 18:06 ` James Bottomley
2018-02-20 14:25 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1519147339.6941.3.camel@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=Alexander.Steffen@infineon.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).