From: Jarkko Sakkinen <jarkko@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
David Howells <dhowells@redhat.com>,
keyrings@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-v6.18-2
Date: Fri, 10 Oct 2025 08:34:56 +0300 [thread overview]
Message-ID: <aOibAOKu_lEsSlC8@kernel.org> (raw)
The following changes since commit 5472d60c129f75282d94ae5ad072ee6dfb7c7246:
Merge tag 'trace-v6.18-2' of git://git.kernel.org/pub/scm/linux/kernel/git/trace/linux-trace (2025-10-09 12:18:22 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-v6.18-2
for you to fetch changes up to a29ad21b988652dc60aa99c6d3b1e3d52dc69c30:
tpm: Prevent local DOS via tpm/tpm0/ppi/*operations (2025-10-10 08:21:45 +0300)
----------------------------------------------------------------
Hi,
Round #2.
O_EXCL patches will be postponed to 6.19 as they need some restructuring.
E.g., there's in-between series regression breaking the user space as lack
of O_EXCL flag handling causes obviously unconditional O_EXCL.
As per Chris' feedback, commands fail because it is based on Google's a
non-standard proprietary TPM alike implementation. And the issue is not
PC Client Profile specific. "typical profiles" are fine when they become
"typical profiles".
The null key can be verified with vendor certificate tied keys, and there's
challenge-response process using them for certifying any other key by a
remote party.
Performance hit on generation aside, if really starting to cut hairs null
keys are the most secure option, and it's a non-debatable fact: they have
shortest expiration times as seed changes per power cycle.
Based on this TCG_TPM2_HMAC is disabled from defconfig exactly for the sake
of the performance issues.
BR, Jarkko
----------------------------------------------------------------
Denis Aleksandrov (1):
tpm: Prevent local DOS via tpm/tpm0/ppi/*operations
Eric Biggers (2):
tpm: Compare HMAC values in constant time
tpm: Use HMAC-SHA256 library instead of open-coded HMAC
Gunnar Kudrjavets (1):
tpm_tis: Fix incorrect arguments in tpm_tis_probe_irq_single
Jarkko Sakkinen (2):
tpm: Disable TPM2_TCG_HMAC by default
tpm: use a map for tpm2_calc_ordinal_duration()
drivers/char/tpm/Kconfig | 3 +-
drivers/char/tpm/tpm-interface.c | 2 +-
drivers/char/tpm/tpm.h | 2 +-
drivers/char/tpm/tpm2-cmd.c | 127 ++++++++++-----------------------------
drivers/char/tpm/tpm2-sessions.c | 104 +++++++++-----------------------
drivers/char/tpm/tpm_ppi.c | 89 ++++++++++++++++++++-------
drivers/char/tpm/tpm_tis_core.c | 4 +-
include/linux/tpm.h | 5 +-
8 files changed, 137 insertions(+), 199 deletions(-)
next reply other threads:[~2025-10-10 5:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-10 5:34 Jarkko Sakkinen [this message]
2025-10-10 5:38 ` [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-v6.18-2 Jarkko Sakkinen
2025-10-10 15:51 ` Linus Torvalds
2025-10-10 17:26 ` Jarkko Sakkinen
2025-10-10 18:25 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aOibAOKu_lEsSlC8@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jgg@ziepe.ca \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).