From: Jarkko Sakkinen <jarkko@kernel.org>
To: Julien Gomes <julien@arista.com>
Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
jgg@ziepe.ca, peterhuewe@gmx.de
Subject: Re: [PATCH] tpm: add vendor flag to command code validation
Date: Fri, 10 Feb 2023 02:49:45 +0200 [thread overview]
Message-ID: <Y+WUqcNTc8t0KIyD@kernel.org> (raw)
In-Reply-To: <20230208195836.30175-1-julien@arista.com>
On Wed, Feb 08, 2023 at 11:58:36AM -0800, Julien Gomes wrote:
> Some TPM 2.0 devices have support for additional commands which are not
> part of the TPM 2.0 specifications.
> These commands are identified with bit 29 of the 32 bits command codes.
> Contrarily to other fields of the TPMA_CC spec structure used to list
> available commands, the Vendor flag also has to be present in the
> command code itself (TPM_CC) when called.
>
> Add this flag to tpm_find_cc() mask to prevent blocking vendor command
> codes that can actually be supported by the underlying TPM device.
>
> Signed-off-by: Julien Gomes <julien@arista.com>
> ---
> drivers/char/tpm/tpm2-cmd.c | 4 +++-
> include/linux/tpm.h | 1 +
> 2 files changed, 4 insertions(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 65d03867e114..93545be190a5 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -777,10 +777,12 @@ int tpm2_auto_startup(struct tpm_chip *chip)
>
> int tpm2_find_cc(struct tpm_chip *chip, u32 cc)
> {
> + u32 cc_mask;
> int i;
>
> + cc_mask = 1 << TPM2_CC_ATTR_VENDOR | GENMASK(15, 0);
> for (i = 0; i < chip->nr_commands; i++)
> - if (cc == (chip->cc_attrs_tbl[i] & GENMASK(15, 0)))
> + if (cc == (chip->cc_attrs_tbl[i] & cc_mask))
> return i;
>
> return -1;
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index dfeb25a0362d..4dc97b9f65fb 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -265,6 +265,7 @@ enum tpm2_startup_types {
> enum tpm2_cc_attrs {
> TPM2_CC_ATTR_CHANDLES = 25,
> TPM2_CC_ATTR_RHANDLE = 28,
> + TPM2_CC_ATTR_VENDOR = 29,
> };
>
> #define TPM_VID_INTEL 0x8086
> --
> 2.39.1
>
Just checking: did you run testing/selftests/tpm2?
BR, Jarkko
next prev parent reply other threads:[~2023-02-10 0:49 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-08 19:58 [PATCH] tpm: add vendor flag to command code validation Julien Gomes
2023-02-10 0:49 ` Jarkko Sakkinen [this message]
2023-02-10 18:07 ` Julien Gomes
2023-02-13 7:57 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Y+WUqcNTc8t0KIyD@kernel.org \
--to=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=julien@arista.com \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).