From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mga02.intel.com ([134.134.136.20]:53685 "EHLO mga02.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752360AbdKNO77 (ORCPT ); Tue, 14 Nov 2017 09:59:59 -0500 Date: Tue, 14 Nov 2017 16:59:53 +0200 From: Jarkko Sakkinen To: Jerry Snitselaar Cc: Jason Gunthorpe , Laurent Bigonville , Alexander.Steffen@infineon.com, linux-integrity@vger.kernel.org Subject: Re: [tpmdd-devel] tpm device not showing up in /dev anymore Message-ID: <20171114145953.m3a343qvgln2z4er@linux.intel.com> References: <8f4df9a9-c8cd-832f-4c3f-5305fabab7a8@debian.org> <0a6e4771-f871-b3ca-b5b0-26dbd9efa8b1@debian.org> <20171110002820.wtfvb3tv5fcjqecu@localhost.localdomain> <20171110070738.ki5xie4z7yql77fk@localhost.localdomain> <9245ef7d-dd34-fa5f-6fd9-bfb9582f910e@debian.org> <20171110205300.eyfkoyabobv7llgb@localhost.localdomain> <20171111154516.GI17451@ziepe.ca> <20171111191257.owuqtgzie3ostsab@cantor> <20171111194647.GA6918@ziepe.ca> <20171111203132.hkejjs6cdrrzq3y3@cantor> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii In-Reply-To: <20171111203132.hkejjs6cdrrzq3y3@cantor> Sender: linux-integrity-owner@vger.kernel.org List-ID: On Sat, Nov 11, 2017 at 01:31:32PM -0700, Jerry Snitselaar wrote: > On Sat Nov 11 17, Jason Gunthorpe wrote: > > On Sat, Nov 11, 2017 at 12:12:57PM -0700, Jerry Snitselaar wrote: > > > > > Before the release_locality code would only actually release the > > > locality if the request use bit was set. So after it grabbed the > > > locality during probe it probably never released it. The idea with the > > > new code was to release it when it was no longer needed so another > > > requester would be able to take the tpm without having to wait for it > > > to be released. > > > > If I recall, this was so that system level things outside linux could > > access the TPM properly?? > > > > Yes, that is what drove this initially. I believe Jarkko was also > thinking of the possibility in the future where something like a vm > could request a locality as well, but that is just a hazy recollection > of emails from back then. This was something I recall discussing in LPC 2016 in the hallway at least :-) A tidbit but it could make sense to tie it to VMM, not VM. > > > > With the old code I think it would have to wait either > > > until the next time release_locality was called, or attempt to seize > > > the tpm with the seize bit in the access register. I need to read > > > through the spec some more, but does the tpm ever force a change when > > > the request use bit is set, or does it leave it up to the software > > > to deal with it and only gets involved in the case where the seize > > > bit has been set? > > > > Do we handle these cases? Maybe something like that has happened.. > > > > Jason > > If that is what happened in this case we should see the beenSeized bit > set in the access register (assuming the chip is doing things properly), > but it only had the tpmRegValidSts and tpmEstablishment bits set. > > There is code in the interrupt handling that notices if the locality > changes if the chip has that capability, but I don't think there is > anything that deals with the seize bit. Another thing to be looked > at. For me it is hard to understand who is the 3rd party who would be using other locality and accessing TPM after OS handover in the regression in question. /Jarkko