* Re: [PATCH] ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()
From: kernel test robot @ 2025-12-20 15:21 UTC (permalink / raw)
To: Chris J Arges, zohar, roberto.sassu
Cc: oe-kbuild-all, kernel-team, Chris J Arges, Dmitry Kasatkin,
Eric Snowberg, Paul Moore, James Morris, Serge E. Hallyn,
Mickaël Salaün, Kees Cook, linux-integrity,
linux-security-module, linux-kernel
In-Reply-To: <20251219195456.912190-1-carges@cloudflare.com>
Hi Chris,
kernel test robot noticed the following build errors:
[auto build test ERROR on zohar-integrity/next-integrity]
[also build test ERROR on linus/master v6.19-rc1 next-20251219]
[If your patch is applied to the wrong git tree, kindly drop us a note.
And when submitting patch, we suggest to use '--base' as documented in
https://git-scm.com/docs/git-format-patch#_base_tree_information]
url: https://github.com/intel-lab-lkp/linux/commits/Chris-J-Arges/ima-Fix-stack-out-of-bounds-in-is_bprm_creds_for_exec/20251220-035711
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next-integrity
patch link: https://lore.kernel.org/r/20251219195456.912190-1-carges%40cloudflare.com
patch subject: [PATCH] ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()
config: i386-allnoconfig-bpf (https://download.01.org/0day-ci/archive/20251220/202512201634.hYE4i2PX-lkp@intel.com/config)
compiler: clang version 20.1.8 (https://github.com/llvm/llvm-project 87f0227cb60147a26a1eeb4fb06e3b505e9c7261)
reproduce (this is a W=1 build): (https://download.01.org/0day-ci/archive/20251220/202512201634.hYE4i2PX-lkp@intel.com/reproduce)
If you fix the issue in a separate patch/commit (i.e. not just a new version of
the same patch/commit), kindly add following tags
| Reported-by: kernel test robot <lkp@intel.com>
| Closes: https://lore.kernel.org/oe-kbuild-all/202512201634.hYE4i2PX-lkp@intel.com/
All errors (new ones prefixed by >>):
>> security/integrity/ima/ima_main.c:429:32: error: too many arguments to function call, expected 7, have 8
427 | rc = ima_appraise_measurement(func, iint, file,
| ~~~~~~~~~~~~~~~~~~~~~~~~
428 | pathname, xattr_value,
429 | xattr_len, modsig, bprm_is_check);
| ^~~~~~~~~~~~~
security/integrity/ima/ima.h:463:19: note: 'ima_appraise_measurement' declared here
463 | static inline int ima_appraise_measurement(enum ima_hooks func,
| ^ ~~~~~~~~~~~~~~~~~~~~
464 | struct ima_iint_cache *iint,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
465 | struct file *file,
| ~~~~~~~~~~~~~~~~~~
466 | const unsigned char *filename,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
467 | struct evm_ima_xattr_data *xattr_value,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
468 | int xattr_len,
| ~~~~~~~~~~~~~~
469 | const struct modsig *modsig)
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 error generated.
vim +429 security/integrity/ima/ima_main.c
235
236 static int process_measurement(struct file *file, const struct cred *cred,
237 struct lsm_prop *prop, char *buf, loff_t size,
238 int mask, enum ima_hooks func,
239 enum kernel_read_file_id read_id, bool bprm_is_check)
240 {
241 struct inode *real_inode, *inode = file_inode(file);
242 struct ima_iint_cache *iint = NULL;
243 struct ima_template_desc *template_desc = NULL;
244 struct inode *metadata_inode;
245 char *pathbuf = NULL;
246 char filename[NAME_MAX];
247 const char *pathname = NULL;
248 int rc = 0, action, must_appraise = 0;
249 int pcr = CONFIG_IMA_MEASURE_PCR_IDX;
250 struct evm_ima_xattr_data *xattr_value = NULL;
251 struct modsig *modsig = NULL;
252 int xattr_len = 0;
253 bool violation_check;
254 enum hash_algo hash_algo;
255 unsigned int allowed_algos = 0;
256
257 if (!ima_policy_flag || !S_ISREG(inode->i_mode))
258 return 0;
259
260 /* Return an IMA_MEASURE, IMA_APPRAISE, IMA_AUDIT action
261 * bitmask based on the appraise/audit/measurement policy.
262 * Included is the appraise submask.
263 */
264 action = ima_get_action(file_mnt_idmap(file), inode, cred, prop,
265 mask, func, &pcr, &template_desc, NULL,
266 &allowed_algos);
267 violation_check = ((func == FILE_CHECK || func == MMAP_CHECK ||
268 func == MMAP_CHECK_REQPROT) &&
269 (ima_policy_flag & IMA_MEASURE) &&
270 ((action & IMA_MEASURE) ||
271 (file->f_mode & FMODE_WRITE)));
272 if (!action && !violation_check)
273 return 0;
274
275 must_appraise = action & IMA_APPRAISE;
276
277 /* Is the appraise rule hook specific? */
278 if (action & IMA_FILE_APPRAISE)
279 func = FILE_CHECK;
280
281 inode_lock(inode);
282
283 if (action) {
284 iint = ima_inode_get(inode);
285 if (!iint)
286 rc = -ENOMEM;
287 }
288
289 if (!rc && violation_check)
290 ima_rdwr_violation_check(file, iint, action & IMA_MEASURE,
291 &pathbuf, &pathname, filename);
292
293 inode_unlock(inode);
294
295 if (rc)
296 goto out;
297 if (!action)
298 goto out;
299
300 mutex_lock(&iint->mutex);
301
302 if (test_and_clear_bit(IMA_CHANGE_ATTR, &iint->atomic_flags))
303 /*
304 * Reset appraisal flags (action and non-action rule-specific)
305 * if ima_inode_post_setattr was called.
306 */
307 iint->flags &= ~(IMA_APPRAISE | IMA_APPRAISED |
308 IMA_APPRAISE_SUBMASK | IMA_APPRAISED_SUBMASK |
309 IMA_NONACTION_RULE_FLAGS);
310
311 /*
312 * Re-evaulate the file if either the xattr has changed or the
313 * kernel has no way of detecting file change on the filesystem.
314 * (Limited to privileged mounted filesystems.)
315 */
316 if (test_and_clear_bit(IMA_CHANGE_XATTR, &iint->atomic_flags) ||
317 ((inode->i_sb->s_iflags & SB_I_IMA_UNVERIFIABLE_SIGNATURE) &&
318 !(inode->i_sb->s_iflags & SB_I_UNTRUSTED_MOUNTER) &&
319 !(action & IMA_FAIL_UNVERIFIABLE_SIGS))) {
320 iint->flags &= ~IMA_DONE_MASK;
321 iint->measured_pcrs = 0;
322 }
323
324 /*
325 * On stacked filesystems, detect and re-evaluate file data and
326 * metadata changes.
327 */
328 real_inode = d_real_inode(file_dentry(file));
329 if (real_inode != inode &&
330 (action & IMA_DO_MASK) && (iint->flags & IMA_DONE_MASK)) {
331 if (!IS_I_VERSION(real_inode) ||
332 integrity_inode_attrs_changed(&iint->real_inode,
333 real_inode)) {
334 iint->flags &= ~IMA_DONE_MASK;
335 iint->measured_pcrs = 0;
336 }
337
338 /*
339 * Reset the EVM status when metadata changed.
340 */
341 metadata_inode = d_inode(d_real(file_dentry(file),
342 D_REAL_METADATA));
343 if (evm_metadata_changed(inode, metadata_inode))
344 iint->flags &= ~(IMA_APPRAISED |
345 IMA_APPRAISED_SUBMASK);
346 }
347
348 /* Determine if already appraised/measured based on bitmask
349 * (IMA_MEASURE, IMA_MEASURED, IMA_XXXX_APPRAISE, IMA_XXXX_APPRAISED,
350 * IMA_AUDIT, IMA_AUDITED)
351 */
352 iint->flags |= action;
353 action &= IMA_DO_MASK;
354 action &= ~((iint->flags & (IMA_DONE_MASK ^ IMA_MEASURED)) >> 1);
355
356 /* If target pcr is already measured, unset IMA_MEASURE action */
357 if ((action & IMA_MEASURE) && (iint->measured_pcrs & (0x1 << pcr)))
358 action ^= IMA_MEASURE;
359
360 /* HASH sets the digital signature and update flags, nothing else */
361 if ((action & IMA_HASH) &&
362 !(test_bit(IMA_DIGSIG, &iint->atomic_flags))) {
363 xattr_len = ima_read_xattr(file_dentry(file),
364 &xattr_value, xattr_len);
365 if ((xattr_value && xattr_len > 2) &&
366 (xattr_value->type == EVM_IMA_XATTR_DIGSIG))
367 set_bit(IMA_DIGSIG, &iint->atomic_flags);
368 iint->flags |= IMA_HASHED;
369 action ^= IMA_HASH;
370 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
371 }
372
373 /* Nothing to do, just return existing appraised status */
374 if (!action) {
375 if (must_appraise) {
376 rc = mmap_violation_check(func, file, &pathbuf,
377 &pathname, filename);
378 if (!rc)
379 rc = ima_get_cache_status(iint, func);
380 }
381 goto out_locked;
382 }
383
384 if ((action & IMA_APPRAISE_SUBMASK) ||
385 strcmp(template_desc->name, IMA_TEMPLATE_IMA_NAME) != 0) {
386 /* read 'security.ima' */
387 xattr_len = ima_read_xattr(file_dentry(file),
388 &xattr_value, xattr_len);
389
390 /*
391 * Read the appended modsig if allowed by the policy, and allow
392 * an additional measurement list entry, if needed, based on the
393 * template format and whether the file was already measured.
394 */
395 if (iint->flags & IMA_MODSIG_ALLOWED) {
396 rc = ima_read_modsig(func, buf, size, &modsig);
397
398 if (!rc && ima_template_has_modsig(template_desc) &&
399 iint->flags & IMA_MEASURED)
400 action |= IMA_MEASURE;
401 }
402 }
403
404 hash_algo = ima_get_hash_algo(xattr_value, xattr_len);
405
406 rc = ima_collect_measurement(iint, file, buf, size, hash_algo, modsig);
407 if (rc != 0 && rc != -EBADF && rc != -EINVAL)
408 goto out_locked;
409
410 /* Defer measuring/appraising kernel modules to READING_MODULE */
411 if (read_id == READING_MODULE_COMPRESSED) {
412 must_appraise = 0;
413 goto out_locked;
414 }
415
416 if (!pathbuf) /* ima_rdwr_violation possibly pre-fetched */
417 pathname = ima_d_path(&file->f_path, &pathbuf, filename);
418
419 if (action & IMA_MEASURE)
420 ima_store_measurement(iint, file, pathname,
421 xattr_value, xattr_len, modsig, pcr,
422 template_desc);
423 if (rc == 0 && (action & IMA_APPRAISE_SUBMASK)) {
424 rc = ima_check_blacklist(iint, modsig, pcr);
425 if (rc != -EPERM) {
426 inode_lock(inode);
427 rc = ima_appraise_measurement(func, iint, file,
428 pathname, xattr_value,
> 429 xattr_len, modsig, bprm_is_check);
430 inode_unlock(inode);
431 }
432 if (!rc)
433 rc = mmap_violation_check(func, file, &pathbuf,
434 &pathname, filename);
435 }
436 if (action & IMA_AUDIT)
437 ima_audit_measurement(iint, pathname);
438
439 if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))
440 rc = 0;
441
442 /* Ensure the digest was generated using an allowed algorithm */
443 if (rc == 0 && must_appraise && allowed_algos != 0 &&
444 (allowed_algos & (1U << hash_algo)) == 0) {
445 rc = -EACCES;
446
447 integrity_audit_msg(AUDIT_INTEGRITY_DATA, file_inode(file),
448 pathname, "collect_data",
449 "denied-hash-algorithm", rc, 0);
450 }
451 out_locked:
452 if ((mask & MAY_WRITE) && test_bit(IMA_DIGSIG, &iint->atomic_flags) &&
453 !(iint->flags & IMA_NEW_FILE))
454 rc = -EACCES;
455 mutex_unlock(&iint->mutex);
456 kfree(xattr_value);
457 ima_free_modsig(modsig);
458 out:
459 if (pathbuf)
460 __putname(pathbuf);
461 if (must_appraise) {
462 if (rc && (ima_appraise & IMA_APPRAISE_ENFORCE))
463 return -EACCES;
464 if (file->f_mode & FMODE_WRITE)
465 set_bit(IMA_UPDATE_XATTR, &iint->atomic_flags);
466 }
467 return 0;
468 }
469
--
0-DAY CI Kernel Test Service
https://github.com/intel/lkp-tests/wiki
^ permalink raw reply
* Re: [PATCH v15 19/28] x86/tpm: Early TPM PCR extending driver
From: Daniel P. Smith @ 2025-12-19 21:26 UTC (permalink / raw)
To: Dave Hansen, Ross Philipson, linux-kernel, x86, linux-integrity,
linux-doc, linux-crypto, kexec, linux-efi, iommu
Cc: tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59, James.Bottomley,
peterhuewe, jarkko, jgg, luto, nivedita, herbert, davem, corbet,
ebiederm, dwmw2, baolu.lu, kanth.ghatraju, andrew.cooper3,
trenchboot-devel
In-Reply-To: <56929e8b-a7cf-4390-b4ec-0b4c2c32b311@intel.com>
Hey Dave!
On 12/16/25 16:53, Dave Hansen wrote:
> I'm mostly spot-checking this to see what kind of shape it's in and how
> much work and diligence has been applied in the last 8 months since v14.
>
> On 12/15/25 15:33, Ross Philipson wrote:
> ...
>> The driver could be extended for further operations if needed. This
>> TPM dirver implementation relies as much as possible on existing mainline
>
> <sigh>
>
> v15 and no spell checking. :(
>
>> --- /dev/null
>> +++ b/arch/x86/boot/compressed/early_tpm_extend.c
>> @@ -0,0 +1,601 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +/*
>> + * Copyright (c) 2010-2012 United States Government, as represented by
>> + * the Secretary of Defense. All rights reserved.
>
> IANAL, but this looks fishy.
>
> It's theoretically fine to go grab random code off the Internet and
> submit it to the kernel, given the correct license. But I do want to
> know what its story is and where it came from.
Let me provide some context as to the code origin. Ross, before joining
Oracle, and I have a long history of working with DRTM/Intel TXT within
Xen. When it was requested to go back to sending the measurements to the
TPM in the setup kernel, we needed to find a minimal code base to
provide the command buffer packing until the TPM driver could be fully
refactored. We knew that Xen's vtpm framework provided a simple macro
system to provide contextual TPM command buffer packing. We decided this
would be a lightweight choice that would be easy to cut down to only
what is needed to handle the very few TPM commands we will need to send.
And to that extent, there have been internal reviews that have reduced
the amount of that original code.
> I also seem to remember that there are special rules around the US
> federal government's inability to hold copyrights. This seems worth at
> least a mention ... somewhere.
IANAL either, but in general the safest/correct approach is to retain
any CRs placed on the code being reused, and the above is the CR on the
source from the Xen tree.
> This is helpful, for instance:
>
>> + * based off of the original tools/vtpm_manager code base which is:
>> + * Copyright (c) 2005, Intel Corp.
>> + * All rights reserved.
>
> so thanks for that one.
That's the origin of all the code reuse, we can do an review to see if
any of the code that originated from the USG code is still present.
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + *
>> + * * Redistributions of source code must retain the above copyright
>> + * notice, this list of conditions and the following disclaimer.
>> + * * Redistributions in binary form must reproduce the above
>> + * copyright notice, this list of conditions and the following
>> + * disclaimer in the documentation and/or other materials provided
>> + * with the distribution.
>> + * * Neither the name of Intel Corporation nor the names of its
>> + * contributors may be used to endorse or promote products derived
>> + * from this software without specific prior written permission.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
>> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
>> + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
>> + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
>> + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>> + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
>> + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
>> + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
>> + * OF THE POSSIBILITY OF SUCH DAMAGE.
>> + */
>
> Also, IANAL, but this looks BSD-ish.
>
> I would have kinda expected the SPDX header to say BSD-blah-blah and not
> GPL-2.0-only.
>
> I'd really appreciate if you could go have a huddle with your corporate
> Open Source folks and make sure this is all proper. To me, it looks
> fishy at _best_.
>
> ...
>> +/*
>> + * We're far too early to calibrate time. Assume a 5GHz processor (the upper
>> + * end of the Fam19h range), which causes us to be wrong in the safe direction
>> + * on slower systems.
>> + */
>
> https://docs.kernel.org/process/maintainer-tip.html#changelog
>
> Imperative voice please.
>
> ...
>> +static int __tis_recv_data(struct tpm_chip *chip, u8 *buf, int count)
>> +{
>> + int size = 0;
>> + int burstcnt;
>> +
>> + while (size < count && __tis_wait_for_stat(chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, chip->timeout_c) == 0) {
>> + burstcnt = __tis_get_burstcount(chip);
>> +
>> + for ( ; burstcnt > 0 && size < count; --burstcnt)
>> + buf[size++] = tpm_read8(chip, TPM_DATA_FIFO(chip->locality));
>> + }
>> +
>> + return size;
>> +}
>> +
>> +/**
>> + * tpm_tis_check_locality - Check if the given locality is the active one
>> + * @chip: The TPM chip instance
>> + * @loc: The locality to check
>> + *
>> + * Return: true - locality active, false - not active
>> + */
>> +bool tpm_tis_check_locality(struct tpm_chip *chip, int loc)
>> +{
>> + if ((tpm_read8(chip, TPM_ACCESS(loc)) & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) == (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
>> + chip->locality = loc;
>> + return true;
>> + }
>> +
>> + return false;
>> +}
>> +
>> +/**
>> + * tpm_tis_release_locality - Release the active locality
>> + * @chip: The TPM chip instance
>> + */
>> +void tpm_tis_release_locality(struct tpm_chip *chip)
>> +{
>> + if ((tpm_read8(chip, TPM_ACCESS(chip->locality)) & (TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID)) == (TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID))
>> + tpm_write8(chip, TPM_ACCESS(chip->locality), TPM_ACCESS_RELINQUISH_LOCALITY);
>> +
>> + chip->locality = 0;
>> +}
>
> I guess some folks aren't enforcing the 80-column limits. But this is
> not even close. It's almost 80x2.
>
> Has there even been an attempt to make this conform to kernel coding
> style? What other checkpatch.pl warnings are being ignored?
^ permalink raw reply
* Re: [PATCH v8 07/12] KEYS: trusted: Remove dead branch from tpm2_unseal_cmd
From: James Bottomley @ 2025-12-19 20:54 UTC (permalink / raw)
To: Jarkko Sakkinen, linux-integrity
Cc: David Howells, Paul Moore, James Morris, Serge E. Hallyn,
Mimi Zohar, open list:KEYS/KEYRINGS, open list:SECURITY SUBSYSTEM,
open list
In-Reply-To: <20251216092147.2326606-8-jarkko@kernel.org>
On Tue, 2025-12-16 at 11:21 +0200, Jarkko Sakkinen wrote:
> TPM2_Unseal requires TPM2_ST_SESSIONS, and tpm2_unseal_cmd() always
> does set up either password or HMAC session.
>
> Remove the branch in tpm2_unseal_cmd() conditionally setting
> TPM2_ST_NO_SESSIONS. It is faulty but luckily it is never exercised
> at run-time, and thus does not cause regressions.
Shouldn't that also be
Fixes: b7960b904861 ("tpm2-sessions: Open code tpm_buf_append_hmac_session()")
> Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
> ---
> security/keys/trusted-keys/trusted_tpm2.c | 10 +---------
> 1 file changed, 1 insertion(+), 9 deletions(-)
>
> diff --git a/security/keys/trusted-keys/trusted_tpm2.c
> b/security/keys/trusted-keys/trusted_tpm2.c
> index d3a5c5f2b926..3666e3e48eab 100644
> --- a/security/keys/trusted-keys/trusted_tpm2.c
> +++ b/security/keys/trusted-keys/trusted_tpm2.c
> @@ -451,10 +451,8 @@ static int tpm2_unseal_cmd(struct tpm_chip
> *chip,
> struct trusted_key_options *options,
> u32 blob_handle)
> {
> - struct tpm_header *head;
> struct tpm_buf buf;
> u16 data_len;
> - int offset;
> u8 *data;
> int rc;
>
> @@ -495,14 +493,8 @@ static int tpm2_unseal_cmd(struct tpm_chip
> *chip,
> tpm_buf_append_u16(&buf, options->blobauth_len);
> tpm_buf_append(&buf, options->blobauth, options-
> >blobauth_len);
>
> - if (tpm2_chip_auth(chip)) {
> + if (tpm2_chip_auth(chip))
Since the statement above is that the if is always true, why do you
still have it here?
Regards,
James
^ permalink raw reply
* [PATCH] ima: Fix stack-out-of-bounds in is_bprm_creds_for_exec()
From: Chris J Arges @ 2025-12-19 19:54 UTC (permalink / raw)
To: zohar, roberto.sassu
Cc: kernel-team, Chris J Arges, Dmitry Kasatkin, Eric Snowberg,
Paul Moore, James Morris, Serge E. Hallyn,
Mickaël Salaün, Kees Cook, linux-integrity,
linux-security-module, linux-kernel
KASAN reported a stack-out-of-bounds access in ima_appraise_measurement
from is_bprm_creds_for_exec:
BUG: KASAN: stack-out-of-bounds in ima_appraise_measurement+0x12dc/0x16a0
Read of size 1 at addr ffffc9000160f940 by task sudo/550
The buggy address belongs to stack of task sudo/550
and is located at offset 24 in frame:
ima_appraise_measurement+0x0/0x16a0
This frame has 2 objects:
[48, 56) 'file'
[80, 148) 'hash'
This is caused by using container_of on the *file pointer which by the time
this function is called is actually a stack variable.
In order to fix this pass in a bprm_is_check boolean which can be set
depending on how process_measurement is called. If the caller has a
linux_binprm pointer we can determine is_check and set it then. Otherwise
set it to false.
Fixes: 95b3cdafd7cb7 ("ima: instantiate the bprm_creds_for_exec() hook")
Signed-off-by: Chris J Arges <carges@cloudflare.com>
---
security/integrity/ima/ima.h | 2 +-
security/integrity/ima/ima_appraise.c | 15 ++-------------
security/integrity/ima/ima_main.c | 18 +++++++++---------
3 files changed, 12 insertions(+), 23 deletions(-)
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index e3d71d8d56e3..5c9f244ed1d6 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -441,7 +441,7 @@ int ima_check_blacklist(struct ima_iint_cache *iint,
int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len, const struct modsig *modsig);
+ int xattr_len, const struct modsig *modsig, bool bprm_is_check);
int ima_must_appraise(struct mnt_idmap *idmap, struct inode *inode,
int mask, enum ima_hooks func);
void ima_update_xattr(struct ima_iint_cache *iint, struct file *file);
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 5149ff4fd50d..ea2079417318 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -470,17 +470,6 @@ int ima_check_blacklist(struct ima_iint_cache *iint,
return rc;
}
-static bool is_bprm_creds_for_exec(enum ima_hooks func, struct file *file)
-{
- struct linux_binprm *bprm;
-
- if (func == BPRM_CHECK) {
- bprm = container_of(&file, struct linux_binprm, file);
- return bprm->is_check;
- }
- return false;
-}
-
/*
* ima_appraise_measurement - appraise file measurement
*
@@ -492,7 +481,7 @@ static bool is_bprm_creds_for_exec(enum ima_hooks func, struct file *file)
int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint,
struct file *file, const unsigned char *filename,
struct evm_ima_xattr_data *xattr_value,
- int xattr_len, const struct modsig *modsig)
+ int xattr_len, const struct modsig *modsig, bool bprm_is_check)
{
static const char op[] = "appraise_data";
int audit_msgno = AUDIT_INTEGRITY_DATA;
@@ -514,7 +503,7 @@ int ima_appraise_measurement(enum ima_hooks func, struct ima_iint_cache *iint,
* of the script interpreter(userspace). Differentiate kernel and
* userspace enforced integrity audit messages.
*/
- if (is_bprm_creds_for_exec(func, file))
+ if (bprm_is_check)
audit_msgno = AUDIT_INTEGRITY_USERSPACE;
/* If reading the xattr failed and there's no modsig, error out. */
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 5770cf691912..955dbaa42f4a 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -236,7 +236,7 @@ static void ima_file_free(struct file *file)
static int process_measurement(struct file *file, const struct cred *cred,
struct lsm_prop *prop, char *buf, loff_t size,
int mask, enum ima_hooks func,
- enum kernel_read_file_id read_id)
+ enum kernel_read_file_id read_id, bool bprm_is_check)
{
struct inode *real_inode, *inode = file_inode(file);
struct ima_iint_cache *iint = NULL;
@@ -426,7 +426,7 @@ static int process_measurement(struct file *file, const struct cred *cred,
inode_lock(inode);
rc = ima_appraise_measurement(func, iint, file,
pathname, xattr_value,
- xattr_len, modsig);
+ xattr_len, modsig, bprm_is_check);
inode_unlock(inode);
}
if (!rc)
@@ -493,14 +493,14 @@ static int ima_file_mmap(struct file *file, unsigned long reqprot,
if (reqprot & PROT_EXEC) {
ret = process_measurement(file, current_cred(), &prop, NULL,
- 0, MAY_EXEC, MMAP_CHECK_REQPROT, 0);
+ 0, MAY_EXEC, MMAP_CHECK_REQPROT, 0, false);
if (ret)
return ret;
}
if (prot & PROT_EXEC)
return process_measurement(file, current_cred(), &prop, NULL,
- 0, MAY_EXEC, MMAP_CHECK, 0);
+ 0, MAY_EXEC, MMAP_CHECK, 0, false);
return 0;
}
@@ -584,7 +584,7 @@ static int ima_bprm_check(struct linux_binprm *bprm)
security_current_getlsmprop_subj(&prop);
return process_measurement(bprm->file, current_cred(),
- &prop, NULL, 0, MAY_EXEC, BPRM_CHECK, 0);
+ &prop, NULL, 0, MAY_EXEC, BPRM_CHECK, 0, bprm->is_check);
}
/**
@@ -614,7 +614,7 @@ static int ima_creds_check(struct linux_binprm *bprm, const struct file *file)
security_current_getlsmprop_subj(&prop);
return process_measurement((struct file *)file, bprm->cred, &prop, NULL,
- 0, MAY_EXEC, CREDS_CHECK, 0);
+ 0, MAY_EXEC, CREDS_CHECK, 0, bprm->is_check);
}
/**
@@ -662,7 +662,7 @@ static int ima_file_check(struct file *file, int mask)
security_current_getlsmprop_subj(&prop);
return process_measurement(file, current_cred(), &prop, NULL, 0,
mask & (MAY_READ | MAY_WRITE | MAY_EXEC |
- MAY_APPEND), FILE_CHECK, 0);
+ MAY_APPEND), FILE_CHECK, 0, false);
}
static int __ima_inode_hash(struct inode *inode, struct file *file, char *buf,
@@ -881,7 +881,7 @@ static int ima_read_file(struct file *file, enum kernel_read_file_id read_id,
func = read_idmap[read_id] ?: FILE_CHECK;
security_current_getlsmprop_subj(&prop);
return process_measurement(file, current_cred(), &prop, NULL, 0,
- MAY_READ, func, 0);
+ MAY_READ, func, 0, false);
}
const int read_idmap[READING_MAX_ID] = {
@@ -925,7 +925,7 @@ static int ima_post_read_file(struct file *file, char *buf, loff_t size,
func = read_idmap[read_id] ?: FILE_CHECK;
security_current_getlsmprop_subj(&prop);
return process_measurement(file, current_cred(), &prop, buf, size,
- MAY_READ, func, read_id);
+ MAY_READ, func, read_id, false);
}
/**
--
2.43.0
^ permalink raw reply related
* Re: [RFC][PATCH v2 1/2] ima: measure loaded policy after write on securityfs policy file
From: Mimi Zohar @ 2025-12-19 19:13 UTC (permalink / raw)
To: Enrico Bravi, linux-integrity, dmitry.kasatkin, roberto.sassu
Cc: eric.snowberg
In-Reply-To: <20251216165620.683529-2-enrico.bravi@polito.it>
On Tue, 2025-12-16 at 17:56 +0100, Enrico Bravi wrote:
> IMA policy can be written multiple times in the securityfs policy file
> at runtime if CONFIG_IMA_WRITE_POLICY=y. When IMA_APPRAISE_POLICY is
> required, the policy needs to be signed to be loaded, writing the absolute
> path of the file containing the new policy:
>
> echo /path/of/custom_ima_policy > /sys/kernel/security/ima/policy
>
> When this is not required, policy can be written directly, rule by rule:
>
> echo -e "measure func=BPRM_CHECK mask=MAY_EXEC\n" \
> "audit func=BPRM_CHECK mask=MAY_EXEC\n" \
> > /sys/kernel/security/ima/policy
>
> In this case, a new policy can be loaded without being measured or
> appraised.
>
> Add a new critical data record to measure the textual policy
> representation when it becomes effective.
The IMA policy could be really large. Do we really want to include all the
policy rules in the template data? The other option would be to include a hash
of the policy rules, in lieu of the policy rules themselves.
Please include directions for verifying the critical-data (e.g. using xxd).
>
> Signed-off-by: Enrico Bravi <enrico.bravi@polito.it>
> ---
> security/integrity/ima/ima.h | 1 +
> security/integrity/ima/ima_efi.c | 1 +
> security/integrity/ima/ima_fs.c | 1 +
> security/integrity/ima/ima_policy.c | 63 ++++++++++++++++++++++++++++-
> 4 files changed, 64 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
> index e3d71d8d56e3..ca7b96663623 100644
> --- a/security/integrity/ima/ima.h
> +++ b/security/integrity/ima/ima.h
> @@ -425,6 +425,7 @@ void *ima_policy_start(struct seq_file *m, loff_t *pos);
> void *ima_policy_next(struct seq_file *m, void *v, loff_t *pos);
> void ima_policy_stop(struct seq_file *m, void *v);
> int ima_policy_show(struct seq_file *m, void *v);
> +void ima_measure_loaded_policy(void);
>
> /* Appraise integrity measurements */
> #define IMA_APPRAISE_ENFORCE 0x01
> diff --git a/security/integrity/ima/ima_efi.c b/security/integrity/ima/ima_efi.c
> index 138029bfcce1..199c42d0f8b3 100644
> --- a/security/integrity/ima/ima_efi.c
> +++ b/security/integrity/ima/ima_efi.c
> @@ -62,6 +62,7 @@ static const char * const sb_arch_rules[] = {
> "appraise func=POLICY_CHECK appraise_type=imasig",
> #endif
> "measure func=MODULE_CHECK",
> + "measure func=CRITICAL_DATA label=ima_policy",
With this rule, the policy will always be measured, even when loading a signed
policy file. It that necessary?
> NULL
> };
>
> diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
> index 87045b09f120..89946d803d44 100644
> --- a/security/integrity/ima/ima_fs.c
> +++ b/security/integrity/ima/ima_fs.c
> @@ -476,6 +476,7 @@ static int ima_release_policy(struct inode *inode, struct file *file)
> }
>
> ima_update_policy();
> + ima_measure_loaded_policy();
> #if !defined(CONFIG_IMA_WRITE_POLICY) && !defined(CONFIG_IMA_READ_POLICY)
> securityfs_remove(file->f_path.dentry);
> #elif defined(CONFIG_IMA_WRITE_POLICY)
> diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
> index 128fab897930..956063748008 100644
> --- a/security/integrity/ima/ima_policy.c
> +++ b/security/integrity/ima/ima_policy.c
> @@ -17,6 +17,7 @@
> #include <linux/slab.h>
> #include <linux/rculist.h>
> #include <linux/seq_file.h>
> +#include <linux/vmalloc.h>
> #include <linux/ima.h>
>
> #include "ima.h"
> @@ -1983,7 +1984,6 @@ const char *const func_tokens[] = {
> __ima_hooks(__ima_hook_stringify)
> };
>
> -#ifdef CONFIG_IMA_READ_POLICY
> enum {
> mask_exec = 0, mask_write, mask_read, mask_append
> };
> @@ -2277,7 +2277,6 @@ int ima_policy_show(struct seq_file *m, void *v)
> seq_puts(m, "\n");
> return 0;
> }
> -#endif /* CONFIG_IMA_READ_POLICY */
>
> #if defined(CONFIG_IMA_APPRAISE) && defined(CONFIG_INTEGRITY_TRUSTED_KEYRING)
> /*
> @@ -2334,3 +2333,63 @@ bool ima_appraise_signature(enum kernel_read_file_id id)
> return found;
> }
> #endif /* CONFIG_IMA_APPRAISE && CONFIG_INTEGRITY_TRUSTED_KEYRING */
> +
> +static size_t ima_policy_text_len(void)
> +{
> + struct list_head *ima_rules_tmp;
> + struct ima_rule_entry *entry;
> + struct seq_file file;
> + size_t size = 0;
> + char rule[255];
> +
> + file.buf = rule;
> + file.read_pos = 0;
> + file.size = 255;
> + file.count = 0;
> +
> + rcu_read_lock();
> + ima_rules_tmp = rcu_dereference(ima_rules);
> + list_for_each_entry_rcu(entry, ima_rules_tmp, list) {
> + ima_policy_show(&file, entry);
> + size += file.count;
> + file.count = 0;
> + }
> + rcu_read_unlock();
> +
> + return size;
> +}
> +
> +void ima_measure_loaded_policy(void)
> +{
> + const char *event_name = "ima_policy_loaded";
> + const char *op = "measure_loaded_ima_policy";
> + const char *audit_cause = "ENOMEM";
> + struct ima_rule_entry *rule_entry;
> + struct list_head *ima_rules_tmp;
> + struct seq_file file;
> + int result = -ENOMEM;
> + size_t file_len = ima_policy_text_len();
Normally a function is defined to prevent code duplication or for readability.
In this case, it doesn't achieve either.
Add a comment here, something like:
/* calculate IMA policy rules memory size */
> +
> + file.buf = vmalloc(file_len);
> + if (!file.buf) {
> + integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, event_name,
> + op, audit_cause, result, 1);
> + return;
> + }
>
>
And another comment below, something like:
/* copy IMA policy rules to a buffer */
> +
> + file.read_pos = 0;
> + file.size = file_len;
> + file.count = 0;
> +
> + rcu_read_lock();
> + ima_rules_tmp = rcu_dereference(ima_rules);
> + list_for_each_entry_rcu(rule_entry, ima_rules_tmp, list) {
> + ima_policy_show(&file, rule_entry);
> + }
> + rcu_read_unlock();
> +
> + ima_measure_critical_data("ima_policy", event_name, file.buf,
> + file.count, false, NULL, 0);
> +
> + vfree(file.buf);
> +}
Thanks,
Mimi
^ permalink raw reply
* Re: [PATCH v8 03/12] tpm: Orchestrate TPM commands in tpm_get_random()
From: Jonathan McDowell @ 2025-12-19 9:43 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: linux-integrity, Eric Biggers, Peter Huewe, Jason Gunthorpe,
David Howells, Paul Moore, James Morris, Serge E. Hallyn,
open list, open list:KEYS/KEYRINGS, open list:SECURITY SUBSYSTEM
In-Reply-To: <20251216092147.2326606-4-jarkko@kernel.org>
On Tue, Dec 16, 2025 at 11:21:37AM +0200, Jarkko Sakkinen wrote:
>tpm1_get_random() and tpm2_get_random() contain duplicate orchestration
>code. Consolidate orchestration to tpm_get_random().
Does keeping the respective tpm1/tpm2 bits in their -cmd.c files not
make more sense, still allowing for the consolidation of orchestration
in tpm_get_random?
>Cc: Eric Biggers <ebiggers@kernel.org>
>Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>---
> drivers/char/tpm/tpm-interface.c | 175 +++++++++++++++++++++++++++++--
> drivers/char/tpm/tpm.h | 2 -
> drivers/char/tpm/tpm1-cmd.c | 69 ------------
> drivers/char/tpm/tpm2-cmd.c | 104 ------------------
> 4 files changed, 164 insertions(+), 186 deletions(-)
>
>diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
>index f745a098908b..d157be738612 100644
>--- a/drivers/char/tpm/tpm-interface.c
>+++ b/drivers/char/tpm/tpm-interface.c
>@@ -26,7 +26,7 @@
> #include <linux/suspend.h>
> #include <linux/freezer.h>
> #include <linux/tpm_eventlog.h>
>-
>+#include <linux/tpm_command.h>
> #include "tpm.h"
>
> /*
>@@ -486,19 +486,153 @@ int tpm_pm_resume(struct device *dev)
> }
> EXPORT_SYMBOL_GPL(tpm_pm_resume);
>
>+struct tpm1_get_random_out {
>+ __be32 rng_data_len;
>+ u8 rng_data[TPM_MAX_RNG_DATA];
>+} __packed;
>+
>+static int tpm1_get_random(struct tpm_chip *chip, u8 *out, size_t max)
>+{
>+ struct tpm1_get_random_out *resp;
>+ struct tpm_buf buf;
>+ u32 recd;
>+ int rc;
>+
>+ if (!out || !max || max > TPM_MAX_RNG_DATA)
>+ return -EINVAL;
>+
>+ rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GETRANDOM);
>+ if (rc)
>+ return rc;
>+
>+ tpm_buf_append_u32(&buf, max);
>+
>+ rc = tpm_transmit_cmd(chip, &buf, sizeof(resp->rng_data_len), "TPM_GetRandom");
>+ if (rc) {
>+ if (rc > 0)
>+ rc = -EIO;
>+ goto err;
>+ }
>+
>+ resp = (struct tpm1_get_random_out *)&buf.data[TPM_HEADER_SIZE];
>+
>+ recd = be32_to_cpu(resp->rng_data_len);
>+ if (recd > max) {
>+ rc = -EIO;
>+ goto err;
>+ }
>+
>+ if (buf.length < TPM_HEADER_SIZE + sizeof(resp->rng_data_len) + recd) {
>+ rc = -EIO;
>+ goto err;
>+ }
>+
>+ memcpy(out, resp->rng_data, recd);
>+ tpm_buf_destroy(&buf);
>+ return recd;
>+
>+err:
>+ tpm_buf_destroy(&buf);
>+ return rc;
>+}
>+
>+struct tpm2_get_random_out {
>+ __be16 size;
>+ u8 buffer[TPM_MAX_RNG_DATA];
>+} __packed;
>+
>+static int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
>+{
>+ struct tpm2_get_random_out *resp;
>+ struct tpm_header *head;
>+ struct tpm_buf buf;
>+ off_t offset;
>+ u32 recd;
>+ int ret;
>+
>+ if (!out || !max || max > TPM_MAX_RNG_DATA)
>+ return -EINVAL;
>+
>+ ret = tpm_buf_init(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
>+ if (ret)
>+ return ret;
>+
>+ if (tpm2_chip_auth(chip)) {
>+ tpm_buf_append_hmac_session(chip, &buf,
>+ TPM2_SA_ENCRYPT | TPM2_SA_CONTINUE_SESSION,
>+ NULL, 0);
>+ } else {
>+ head = (struct tpm_header *)buf.data;
>+ head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
>+ }
>+ tpm_buf_append_u16(&buf, max);
>+
>+ ret = tpm_buf_fill_hmac_session(chip, &buf);
>+ if (ret) {
>+ tpm_buf_destroy(&buf);
>+ return ret;
>+ }
>+
>+ ret = tpm_transmit_cmd(chip, &buf, offsetof(struct tpm2_get_random_out, buffer),
>+ "TPM2_GetRandom");
>+
>+ ret = tpm_buf_check_hmac_response(chip, &buf, ret);
>+ if (ret) {
>+ if (ret > 0)
>+ ret = -EIO;
>+
>+ goto out;
>+ }
>+
>+ head = (struct tpm_header *)buf.data;
>+ offset = TPM_HEADER_SIZE;
>+
>+ /* Skip the parameter size field: */
>+ if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
>+ offset += 4;
>+
>+ resp = (struct tpm2_get_random_out *)&buf.data[offset];
>+ recd = min_t(u32, be16_to_cpu(resp->size), max);
>+
>+ if (tpm_buf_length(&buf) <
>+ TPM_HEADER_SIZE + offsetof(struct tpm2_get_random_out, buffer) + recd) {
>+ ret = -EIO;
>+ goto out;
>+ }
>+
>+ memcpy(out, resp->buffer, recd);
>+ return recd;
>+
>+out:
>+ tpm2_end_auth_session(chip);
>+ tpm_buf_destroy(&buf);
>+ return ret;
>+}
>+
> /**
>- * tpm_get_random() - get random bytes from the TPM's RNG
>- * @chip: a &struct tpm_chip instance, %NULL for the default chip
>- * @out: destination buffer for the random bytes
>- * @max: the max number of bytes to write to @out
>+ * tpm_get_random() - Get random bytes from the TPM's RNG
>+ * @chip: A &tpm_chip instance. Whenset to %NULL, the default chip is used.
>+ * @out: Destination buffer for the acquired random bytes.
>+ * @max: The maximum number of bytes to write to @out.
>+ *
>+ * Iterates pulling more bytes from TPM up until all of the @max bytes have been
>+ * received.
> *
>- * Return: number of random bytes read or a negative error value.
>+ * Returns the number of random bytes read on success.
>+ * Returns -EINVAL when @out is NULL, or @max is not between zero and
>+ * %TPM_MAX_RNG_DATA.
>+ * Returns tpm_transmit_cmd() error codes when the TPM command results an
>+ * error.
> */
> int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
> {
>+ u32 num_bytes = max;
>+ u8 *out_ptr = out;
>+ int retries = 5;
>+ int total = 0;
> int rc;
>
>- if (!out || max > TPM_MAX_RNG_DATA)
>+ if (!out || !max || max > TPM_MAX_RNG_DATA)
> return -EINVAL;
>
> if (!chip)
>@@ -508,11 +642,30 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
> if (rc)
> return rc;
>
>- if (chip->flags & TPM_CHIP_FLAG_TPM2)
>- rc = tpm2_get_random(chip, out, max);
>- else
>- rc = tpm1_get_random(chip, out, max);
>+ if (chip->flags & TPM_CHIP_FLAG_TPM2) {
>+ rc = tpm2_start_auth_session(chip);
>+ if (rc)
>+ return rc;
>+ }
>+
>+ do {
>+ if (chip->flags & TPM_CHIP_FLAG_TPM2)
>+ rc = tpm2_get_random(chip, out_ptr, num_bytes);
>+ else
>+ rc = tpm1_get_random(chip, out_ptr, num_bytes);
>+
>+ if (rc < 0)
>+ goto err;
>+
>+ out_ptr += rc;
>+ total += rc;
>+ num_bytes -= rc;
>+ } while (retries-- && total < max);
>+
>+ tpm_put_ops(chip);
>+ return total ? total : -EIO;
>
>+err:
> tpm_put_ops(chip);
> return rc;
> }
>diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
>index 02c07fef41ba..f698d01401de 100644
>--- a/drivers/char/tpm/tpm.h
>+++ b/drivers/char/tpm/tpm.h
>@@ -251,7 +251,6 @@ int tpm1_pcr_extend(struct tpm_chip *chip, u32 pcr_idx, const u8 *hash,
> int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf);
> ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
> const char *desc, size_t min_cap_length);
>-int tpm1_get_random(struct tpm_chip *chip, u8 *out, size_t max);
> int tpm1_get_pcr_allocation(struct tpm_chip *chip);
> unsigned long tpm_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal);
> int tpm_pm_suspend(struct device *dev);
>@@ -291,7 +290,6 @@ int tpm2_pcr_read(struct tpm_chip *chip, u32 pcr_idx,
> struct tpm_digest *digest, u16 *digest_size_ptr);
> int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> struct tpm_digest *digests);
>-int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max);
> ssize_t tpm2_get_tpm_pt(struct tpm_chip *chip, u32 property_id,
> u32 *value, const char *desc);
>
>diff --git a/drivers/char/tpm/tpm1-cmd.c b/drivers/char/tpm/tpm1-cmd.c
>index b49a790f1bd5..0604e11c9778 100644
>--- a/drivers/char/tpm/tpm1-cmd.c
>+++ b/drivers/char/tpm/tpm1-cmd.c
>@@ -511,75 +511,6 @@ ssize_t tpm1_getcap(struct tpm_chip *chip, u32 subcap_id, cap_t *cap,
> }
> EXPORT_SYMBOL_GPL(tpm1_getcap);
>
>-#define TPM_ORD_GET_RANDOM 70
>-struct tpm1_get_random_out {
>- __be32 rng_data_len;
>- u8 rng_data[TPM_MAX_RNG_DATA];
>-} __packed;
>-
>-/**
>- * tpm1_get_random() - get random bytes from the TPM's RNG
>- * @chip: a &struct tpm_chip instance
>- * @dest: destination buffer for the random bytes
>- * @max: the maximum number of bytes to write to @dest
>- *
>- * Return:
>- * * number of bytes read
>- * * -errno (positive TPM return codes are masked to -EIO)
>- */
>-int tpm1_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
>-{
>- struct tpm1_get_random_out *out;
>- u32 num_bytes = min_t(u32, max, TPM_MAX_RNG_DATA);
>- struct tpm_buf buf;
>- u32 total = 0;
>- int retries = 5;
>- u32 recd;
>- int rc;
>-
>- rc = tpm_buf_init(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
>- if (rc)
>- return rc;
>-
>- do {
>- tpm_buf_append_u32(&buf, num_bytes);
>-
>- rc = tpm_transmit_cmd(chip, &buf, sizeof(out->rng_data_len),
>- "attempting get random");
>- if (rc) {
>- if (rc > 0)
>- rc = -EIO;
>- goto out;
>- }
>-
>- out = (struct tpm1_get_random_out *)&buf.data[TPM_HEADER_SIZE];
>-
>- recd = be32_to_cpu(out->rng_data_len);
>- if (recd > num_bytes) {
>- rc = -EFAULT;
>- goto out;
>- }
>-
>- if (tpm_buf_length(&buf) < TPM_HEADER_SIZE +
>- sizeof(out->rng_data_len) + recd) {
>- rc = -EFAULT;
>- goto out;
>- }
>- memcpy(dest, out->rng_data, recd);
>-
>- dest += recd;
>- total += recd;
>- num_bytes -= recd;
>-
>- tpm_buf_reset(&buf, TPM_TAG_RQU_COMMAND, TPM_ORD_GET_RANDOM);
>- } while (retries-- && total < max);
>-
>- rc = total ? (int)total : -EIO;
>-out:
>- tpm_buf_destroy(&buf);
>- return rc;
>-}
>-
> #define TPM_ORD_PCRREAD 21
> int tpm1_pcr_read(struct tpm_chip *chip, u32 pcr_idx, u8 *res_buf)
> {
>diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
>index 3a77be7ebf4a..34168d5f9c78 100644
>--- a/drivers/char/tpm/tpm2-cmd.c
>+++ b/drivers/char/tpm/tpm2-cmd.c
>@@ -238,110 +238,6 @@ int tpm2_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
> return rc;
> }
>
>-struct tpm2_get_random_out {
>- __be16 size;
>- u8 buffer[TPM_MAX_RNG_DATA];
>-} __packed;
>-
>-/**
>- * tpm2_get_random() - get random bytes from the TPM RNG
>- *
>- * @chip: a &tpm_chip instance
>- * @dest: destination buffer
>- * @max: the max number of random bytes to pull
>- *
>- * Return:
>- * size of the buffer on success,
>- * -errno otherwise (positive TPM return codes are masked to -EIO)
>- */
>-int tpm2_get_random(struct tpm_chip *chip, u8 *dest, size_t max)
>-{
>- struct tpm2_get_random_out *out;
>- struct tpm_header *head;
>- struct tpm_buf buf;
>- u32 recd;
>- u32 num_bytes = max;
>- int err;
>- int total = 0;
>- int retries = 5;
>- u8 *dest_ptr = dest;
>- off_t offset;
>-
>- if (!num_bytes || max > TPM_MAX_RNG_DATA)
>- return -EINVAL;
>-
>- err = tpm2_start_auth_session(chip);
>- if (err)
>- return err;
>-
>- err = tpm_buf_init(&buf, 0, 0);
>- if (err) {
>- tpm2_end_auth_session(chip);
>- return err;
>- }
>-
>- do {
>- tpm_buf_reset(&buf, TPM2_ST_SESSIONS, TPM2_CC_GET_RANDOM);
>- if (tpm2_chip_auth(chip)) {
>- tpm_buf_append_hmac_session(chip, &buf,
>- TPM2_SA_ENCRYPT |
>- TPM2_SA_CONTINUE_SESSION,
>- NULL, 0);
>- } else {
>- offset = buf.handles * 4 + TPM_HEADER_SIZE;
>- head = (struct tpm_header *)buf.data;
>- if (tpm_buf_length(&buf) == offset)
>- head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
>- }
>- tpm_buf_append_u16(&buf, num_bytes);
>- err = tpm_buf_fill_hmac_session(chip, &buf);
>- if (err) {
>- tpm_buf_destroy(&buf);
>- return err;
>- }
>-
>- err = tpm_transmit_cmd(chip, &buf,
>- offsetof(struct tpm2_get_random_out,
>- buffer),
>- "attempting get random");
>- err = tpm_buf_check_hmac_response(chip, &buf, err);
>- if (err) {
>- if (err > 0)
>- err = -EIO;
>- goto out;
>- }
>-
>- head = (struct tpm_header *)buf.data;
>- offset = TPM_HEADER_SIZE;
>- /* Skip the parameter size field: */
>- if (be16_to_cpu(head->tag) == TPM2_ST_SESSIONS)
>- offset += 4;
>-
>- out = (struct tpm2_get_random_out *)&buf.data[offset];
>- recd = min_t(u32, be16_to_cpu(out->size), num_bytes);
>- if (tpm_buf_length(&buf) <
>- TPM_HEADER_SIZE +
>- offsetof(struct tpm2_get_random_out, buffer) +
>- recd) {
>- err = -EFAULT;
>- goto out;
>- }
>- memcpy(dest_ptr, out->buffer, recd);
>-
>- dest_ptr += recd;
>- total += recd;
>- num_bytes -= recd;
>- } while (retries-- && total < max);
>-
>- tpm_buf_destroy(&buf);
>-
>- return total ? total : -EIO;
>-out:
>- tpm_buf_destroy(&buf);
>- tpm2_end_auth_session(chip);
>- return err;
>-}
>-
> /**
> * tpm2_flush_context() - execute a TPM2_FlushContext command
> * @chip: TPM chip to use
>--
>2.39.5
>
>
J.
--
] https://www.earth.li/~noodles/ [] Generally, all generalizations [
] PGP/GPG Key @ the.earth.li [] are false.. [
] via keyserver, web or email. [] [
] RSA: 4096/0x94FA372B2DA8B985 [] [
^ permalink raw reply
* Re: [PATCH v8 02/12] KEYS: trusted: Use get_random_bytes_wait() instead of tpm_get_random()
From: Jonathan McDowell @ 2025-12-19 9:21 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: linux-integrity, Eric Biggers, David Howells, Paul Moore,
James Morris, Serge E. Hallyn, James Bottomley, Mimi Zohar,
open list:KEYS/KEYRINGS, open list:SECURITY SUBSYSTEM, open list
In-Reply-To: <20251216092147.2326606-3-jarkko@kernel.org>
On Tue, Dec 16, 2025 at 11:21:36AM +0200, Jarkko Sakkinen wrote:
>Substitute remaining tpm_get_random() calls in trusted_tpm1.c with
>get_random_bytes_wait() thus aligning random number generation for TPM 1.2
>with the removal of '.get_random' callback.
Had to double check we wouldn't end up not getting all the randomness we
ask for, but get_random_bytes_wait does indeed DTRT.
Reviewed-by: Jonathan McDowell <noodles@meta.com>
>Cc: Eric Biggers <ebiggers@kernel.org>
>Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>---
> security/keys/trusted-keys/trusted_tpm1.c | 18 +++---------------
> 1 file changed, 3 insertions(+), 15 deletions(-)
>
>diff --git a/security/keys/trusted-keys/trusted_tpm1.c b/security/keys/trusted-keys/trusted_tpm1.c
>index 7ce7e31bcdfb..3d75bb6f9689 100644
>--- a/security/keys/trusted-keys/trusted_tpm1.c
>+++ b/security/keys/trusted-keys/trusted_tpm1.c
>@@ -371,13 +371,10 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
> unsigned char ononce[TPM_NONCE_SIZE];
> int ret;
>
>- ret = tpm_get_random(chip, ononce, TPM_NONCE_SIZE);
>+ ret = get_random_bytes_wait(ononce, TPM_NONCE_SIZE);
> if (ret < 0)
> return ret;
>
>- if (ret != TPM_NONCE_SIZE)
>- return -EIO;
>-
> tpm_buf_reset(tb, TPM_TAG_RQU_COMMAND, TPM_ORD_OSAP);
> tpm_buf_append_u16(tb, type);
> tpm_buf_append_u32(tb, handle);
>@@ -464,15 +461,10 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
> memcpy(td->xorwork + SHA1_DIGEST_SIZE, sess.enonce, SHA1_DIGEST_SIZE);
> sha1(td->xorwork, SHA1_DIGEST_SIZE * 2, td->xorhash);
>
>- ret = tpm_get_random(chip, td->nonceodd, TPM_NONCE_SIZE);
>+ ret = get_random_bytes_wait(td->nonceodd, TPM_NONCE_SIZE);
> if (ret < 0)
> goto out;
>
>- if (ret != TPM_NONCE_SIZE) {
>- ret = -EIO;
>- goto out;
>- }
>-
> ordinal = htonl(TPM_ORD_SEAL);
> datsize = htonl(datalen);
> pcrsize = htonl(pcrinfosize);
>@@ -575,14 +567,10 @@ static int tpm_unseal(struct tpm_buf *tb,
> }
>
> ordinal = htonl(TPM_ORD_UNSEAL);
>- ret = tpm_get_random(chip, nonceodd, TPM_NONCE_SIZE);
>+ ret = get_random_bytes_wait(nonceodd, TPM_NONCE_SIZE);
> if (ret < 0)
> return ret;
>
>- if (ret != TPM_NONCE_SIZE) {
>- pr_info("tpm_get_random failed (%d)\n", ret);
>- return -EIO;
>- }
> ret = TSS_authhmac(authdata1, keyauth, TPM_NONCE_SIZE,
> enonce1, nonceodd, cont, sizeof(uint32_t),
> &ordinal, bloblen, blob, 0, 0);
>--
>2.39.5
>
>
J.
--
Web [ Avoid temporary variables and strange women. ]
site: https:// [ ] Made by
www.earth.li/~noodles/ [ ] HuggieTag 0.0.24
^ permalink raw reply
* Re: [PATCH v8 04/12] tpm: Change tpm_get_random() opportunistic
From: Jonathan McDowell @ 2025-12-19 9:42 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: linux-integrity, David S . Miller, Herbert Xu, Eric Biggers,
Peter Huewe, Jason Gunthorpe, David Howells, Paul Moore,
James Morris, Serge E. Hallyn, open list, open list:KEYS/KEYRINGS,
open list:SECURITY SUBSYSTEM
In-Reply-To: <20251216092147.2326606-5-jarkko@kernel.org>
On Tue, Dec 16, 2025 at 11:21:38AM +0200, Jarkko Sakkinen wrote:
>hwrng framework does not have a requirement that the all bytes requested
>need to be provided. By enforcing such a requirement internally, TPM driver
>can cause unpredictability in latency, as a single tpm_get_random() call
>can result multiple TPM commands.
>
>Especially, when TCG_TPM2_HMAC is enabled, extra roundtrips could have
>significant effect to the system latency.
>
>Thus, send TPM command only once and return bytes received instead of
>committing to the number of requested bytes.
Function comment for tpm_get_random needs updated as well, as it
currently says "until all of the @max bytes have been received", which
is no longer true with this patch. With that:
Reviewed-by: Jonathan McDowell <noodles@meta.com>
>Cc: David S. Miller <davem@davemloft.net>
>Cc: Herbert Xu <herbert@gondor.apana.org.au>
>Cc: Eric Biggers <ebiggers@kernel.org>
>Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>---
>v7:
>- Given that hwrng is now only caller for tpm_get_random(), remove the
> wait parameter.
>v4:
>- Fixed grammar mistakes.
>---
> drivers/char/tpm/tpm-interface.c | 28 +++++-----------------------
> 1 file changed, 5 insertions(+), 23 deletions(-)
>
>diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
>index d157be738612..677dcef05dfb 100644
>--- a/drivers/char/tpm/tpm-interface.c
>+++ b/drivers/char/tpm/tpm-interface.c
>@@ -626,10 +626,6 @@ static int tpm2_get_random(struct tpm_chip *chip, u8 *out, size_t max)
> */
> int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
> {
>- u32 num_bytes = max;
>- u8 *out_ptr = out;
>- int retries = 5;
>- int total = 0;
> int rc;
>
> if (!out || !max || max > TPM_MAX_RNG_DATA)
>@@ -646,28 +642,14 @@ int tpm_get_random(struct tpm_chip *chip, u8 *out, size_t max)
> rc = tpm2_start_auth_session(chip);
> if (rc)
> return rc;
>- }
>-
>- do {
>- if (chip->flags & TPM_CHIP_FLAG_TPM2)
>- rc = tpm2_get_random(chip, out_ptr, num_bytes);
>- else
>- rc = tpm1_get_random(chip, out_ptr, num_bytes);
>-
>- if (rc < 0)
>- goto err;
>-
>- out_ptr += rc;
>- total += rc;
>- num_bytes -= rc;
>- } while (retries-- && total < max);
>
>- tpm_put_ops(chip);
>- return total ? total : -EIO;
>+ rc = tpm2_get_random(chip, out, max);
>+ } else {
>+ rc = tpm1_get_random(chip, out, max);
>+ }
>
>-err:
> tpm_put_ops(chip);
>- return rc;
>+ return rc != 0 ? rc : -EIO;
> }
> EXPORT_SYMBOL_GPL(tpm_get_random);
>
>--
>2.39.5
>
>
J.
--
... We are talking one charming motherf**king pig.
^ permalink raw reply
* Re: [PATCH v8 07/12] KEYS: trusted: Remove dead branch from tpm2_unseal_cmd
From: Jonathan McDowell @ 2025-12-19 9:37 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: linux-integrity, David Howells, Paul Moore, James Morris,
Serge E. Hallyn, James Bottomley, Mimi Zohar,
open list:KEYS/KEYRINGS, open list:SECURITY SUBSYSTEM, open list
In-Reply-To: <20251216092147.2326606-8-jarkko@kernel.org>
On Tue, Dec 16, 2025 at 11:21:41AM +0200, Jarkko Sakkinen wrote:
>TPM2_Unseal requires TPM2_ST_SESSIONS, and tpm2_unseal_cmd() always does
>set up either password or HMAC session.
>
>Remove the branch in tpm2_unseal_cmd() conditionally setting
>TPM2_ST_NO_SESSIONS. It is faulty but luckily it is never exercised at
>run-time, and thus does not cause regressions.
Reviewed-by: Jonathan McDowell <noodles@meta.com>
>Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>---
> security/keys/trusted-keys/trusted_tpm2.c | 10 +---------
> 1 file changed, 1 insertion(+), 9 deletions(-)
>
>diff --git a/security/keys/trusted-keys/trusted_tpm2.c b/security/keys/trusted-keys/trusted_tpm2.c
>index d3a5c5f2b926..3666e3e48eab 100644
>--- a/security/keys/trusted-keys/trusted_tpm2.c
>+++ b/security/keys/trusted-keys/trusted_tpm2.c
>@@ -451,10 +451,8 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
> struct trusted_key_options *options,
> u32 blob_handle)
> {
>- struct tpm_header *head;
> struct tpm_buf buf;
> u16 data_len;
>- int offset;
> u8 *data;
> int rc;
>
>@@ -495,14 +493,8 @@ static int tpm2_unseal_cmd(struct tpm_chip *chip,
> tpm_buf_append_u16(&buf, options->blobauth_len);
> tpm_buf_append(&buf, options->blobauth, options->blobauth_len);
>
>- if (tpm2_chip_auth(chip)) {
>+ if (tpm2_chip_auth(chip))
> tpm_buf_append_hmac_session(chip, &buf, TPM2_SA_ENCRYPT, NULL, 0);
>- } else {
>- offset = buf.handles * 4 + TPM_HEADER_SIZE;
>- head = (struct tpm_header *)buf.data;
>- if (tpm_buf_length(&buf) == offset)
>- head->tag = cpu_to_be16(TPM2_ST_NO_SESSIONS);
>- }
> }
>
> rc = tpm_buf_fill_hmac_session(chip, &buf);
>--
>2.39.5
>
>
J.
--
"Never test for an error condition you don't know how to handle."
--Steinbach
^ permalink raw reply
* Re: [PATCH v8 05/12] tpm2-sessions: Define TPM2_NAME_MAX_SIZE
From: Jonathan McDowell @ 2025-12-19 9:32 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: linux-integrity, Peter Huewe, Jason Gunthorpe, David Howells,
Paul Moore, James Morris, Serge E. Hallyn, open list,
open list:KEYS/KEYRINGS, open list:SECURITY SUBSYSTEM
In-Reply-To: <20251216092147.2326606-6-jarkko@kernel.org>
On Tue, Dec 16, 2025 at 11:21:39AM +0200, Jarkko Sakkinen wrote:
>Define TPM2_NAME_MAX_SIZE, which describes the maximum size for hashes
>encoded as TPMT_HA, which the prime identifier used for persistent and
>transient keys in TPM2 protocol.
>
>Set its value to 'SHA512_DIGEST_SIZE + 2', as SHA512 has the largest
>digest size of the algorithms in TCG algorithm repository.
>
>In additionl, rename TPM2_NAME_SIZE as TPM2_NULL_NAME_SIZE in order to
>avoid any possible confusion.
One minor capitalisation nit, otherwise:
Reviewed-by: Jonathan McDowell <noodles@meta.com>
>Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
>---
>v6:
>- Rewrote the commit message.
>v2:
>- Rename TPM2_NAME_SIZE as TPM2_NULL_NAME_SIZE.
>---
> drivers/char/tpm/tpm-sysfs.c | 2 +-
> drivers/char/tpm/tpm2-sessions.c | 2 +-
> include/linux/tpm.h | 37 +++++++++++++++++++++-----------
> 3 files changed, 27 insertions(+), 14 deletions(-)
>
>diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c
>index 94231f052ea7..4a6a27ee295d 100644
>--- a/drivers/char/tpm/tpm-sysfs.c
>+++ b/drivers/char/tpm/tpm-sysfs.c
>@@ -314,7 +314,7 @@ static ssize_t null_name_show(struct device *dev, struct device_attribute *attr,
> char *buf)
> {
> struct tpm_chip *chip = to_tpm_chip(dev);
>- int size = TPM2_NAME_SIZE;
>+ int size = TPM2_NULL_NAME_SIZE;
>
> bin2hex(buf, chip->null_key_name, size);
> size *= 2;
>diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessions.c
>index 4149379665c4..525b8622d1c3 100644
>--- a/drivers/char/tpm/tpm2-sessions.c
>+++ b/drivers/char/tpm/tpm2-sessions.c
>@@ -137,7 +137,7 @@ struct tpm2_auth {
> * we must compute and remember
> */
> u32 name_h[AUTH_MAX_NAMES];
>- u8 name[AUTH_MAX_NAMES][2 + SHA512_DIGEST_SIZE];
>+ u8 name[AUTH_MAX_NAMES][TPM2_MAX_NAME_SIZE];
> };
>
> #ifdef CONFIG_TCG_TPM2_HMAC
>diff --git a/include/linux/tpm.h b/include/linux/tpm.h
>index 202da079d500..e10f2096eae7 100644
>--- a/include/linux/tpm.h
>+++ b/include/linux/tpm.h
>@@ -27,9 +27,33 @@
>
> #define TPM_DIGEST_SIZE 20 /* Max TPM v1.2 PCR size */
>
>+/*
>+ * SHA-512 is, as of today, the largest digest in the TCG algorithm repository.
>+ */
> #define TPM2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
>+
>+/*
>+ * A TPM name digest i.e., TPMT_HA, is a concatenation of TPM_ALG_ID of the
>+ * name algorithm and hash of TPMT_PUBLIC.
>+ */
>+#define TPM2_MAX_NAME_SIZE (TPM2_MAX_DIGEST_SIZE + 2)
>+
>+/*
>+ * The maximum number of PCR banks.
>+ */
> #define TPM2_MAX_PCR_BANKS 8
>
>+/*
>+ * fixed define for the size of a name. This is actually HASHALG size
"Fixed define".
>+ * plus 2, so 32 for SHA256
>+ */
>+#define TPM2_NULL_NAME_SIZE 34
>+
>+/*
>+ * The maximum size for an object context
>+ */
>+#define TPM2_MAX_CONTEXT_SIZE 4096
>+
> struct tpm_chip;
> struct trusted_key_payload;
> struct trusted_key_options;
>@@ -139,17 +163,6 @@ struct tpm_chip_seqops {
> /* fixed define for the curve we use which is NIST_P256 */
> #define EC_PT_SZ 32
>
>-/*
>- * fixed define for the size of a name. This is actually HASHALG size
>- * plus 2, so 32 for SHA256
>- */
>-#define TPM2_NAME_SIZE 34
>-
>-/*
>- * The maximum size for an object context
>- */
>-#define TPM2_MAX_CONTEXT_SIZE 4096
>-
> struct tpm_chip {
> struct device dev;
> struct device devs;
>@@ -211,7 +224,7 @@ struct tpm_chip {
> /* saved context for NULL seed */
> u8 null_key_context[TPM2_MAX_CONTEXT_SIZE];
> /* name of NULL seed */
>- u8 null_key_name[TPM2_NAME_SIZE];
>+ u8 null_key_name[TPM2_NULL_NAME_SIZE];
> u8 null_ec_key_x[EC_PT_SZ];
> u8 null_ec_key_y[EC_PT_SZ];
> struct tpm2_auth *auth;
>--
>2.39.5
>
>
J.
--
Why do I get the feeling I'm going to regret this?
This .sig brought to you by the letter S and the number 50
Product of the Republic of HuggieTag
^ permalink raw reply
* Re: [PATCH v15 16/28] x86/txt: Intel Trusted eXecution Technology (TXT) definitions
From: ross.philipson @ 2025-12-18 18:17 UTC (permalink / raw)
To: Dave Hansen, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel
In-Reply-To: <6ddb3366-31a8-4d18-a553-908a035f7cf2@intel.com>
On 12/18/25 8:34 AM, Dave Hansen wrote:
> On 12/15/25 15:33, Ross Philipson wrote:
>> +static inline void *txt_sinit_mle_data_start(void *heap)
>> +{
>> + return heap + txt_bios_data_size(heap) +
>> + txt_os_mle_data_size(heap) +
>> + txt_os_sinit_data_size(heap) + sizeof(u64);
>> +}
>
> So each one of these walks through the entire table?
>
> Maybe I'm naive, but wouldn't this all be a lot more sane if it was just
> parsed *once* into a table of pointers?
>
> enum {
> FIELD1,
> FIELD2,
> FIELD3,
> MAX_NR
> };
>
> void *parseit(u8 *heap)
> {
> void *ptr_array[MAX_NR] = {};
> void *place = heap;
>
> for (int i = 0; i < MAX_NR; i++) {
> // The buffer starts with the length:
> u32 *size_ptr = place;
>
> // Consume the length:
> place += sizeof(*size_ptr);
>
> // Point at the data:
> ptr_array[i] = place;
> // Consume the data:
> place += *size_ptr;
> }
> // along with some sanity checks
> }
>
> Then, to access FIELDs you do:
>
> struct field1_struct *f1s = ptr_array[FIELD1];
> struct field2_struct *f1s = ptr_array[FIELD2];
>
> Yeah, it means keeping that pointer array around. But <shrug>. It's also
> not about performance. That ^ is a billion times easier to understand
> because it lays out the "heap" logic in one place. You don't have to
> recurse through half a dozen helpers to figure things out.
That is an excellent idea, we will do that. I may be able to use the
same the index scheme when I do the early remap operations too. That
walks the heap each time but does not have to. It just wants a pointer
to what to map.
Thank you,
Ross
^ permalink raw reply
* Re: [PATCH v15 16/28] x86/txt: Intel Trusted eXecution Technology (TXT) definitions
From: Dave Hansen @ 2025-12-18 16:34 UTC (permalink / raw)
To: Ross Philipson, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel
In-Reply-To: <20251215233316.1076248-17-ross.philipson@oracle.com>
On 12/15/25 15:33, Ross Philipson wrote:
> +static inline void *txt_sinit_mle_data_start(void *heap)
> +{
> + return heap + txt_bios_data_size(heap) +
> + txt_os_mle_data_size(heap) +
> + txt_os_sinit_data_size(heap) + sizeof(u64);
> +}
So each one of these walks through the entire table?
Maybe I'm naive, but wouldn't this all be a lot more sane if it was just
parsed *once* into a table of pointers?
enum {
FIELD1,
FIELD2,
FIELD3,
MAX_NR
};
void *parseit(u8 *heap)
{
void *ptr_array[MAX_NR] = {};
void *place = heap;
for (int i = 0; i < MAX_NR; i++) {
// The buffer starts with the length:
u32 *size_ptr = place;
// Consume the length:
place += sizeof(*size_ptr);
// Point at the data:
ptr_array[i] = place;
// Consume the data:
place += *size_ptr;
}
// along with some sanity checks
}
Then, to access FIELDs you do:
struct field1_struct *f1s = ptr_array[FIELD1];
struct field2_struct *f1s = ptr_array[FIELD2];
Yeah, it means keeping that pointer array around. But <shrug>. It's also
not about performance. That ^ is a billion times easier to understand
because it lays out the "heap" logic in one place. You don't have to
recurse through half a dozen helpers to figure things out.
^ permalink raw reply
* Re: [PATCH v2 00/17] tee: Use bus callbacks instead of driver callbacks
From: Jens Wiklander @ 2025-12-18 16:29 UTC (permalink / raw)
To: Alexandre Belloni
Cc: Uwe Kleine-König, Jonathan Corbet, Sumit Garg,
Olivia Mackall, Herbert Xu, Clément Léger,
Ard Biesheuvel, Maxime Coquelin, Alexandre Torgue, Sumit Garg,
Ilias Apalodimas, Jan Kiszka, Sudeep Holla, Christophe JAILLET,
Rafał Miłecki, Michael Chan, Pavan Chebbi,
James Bottomley, Jarkko Sakkinen, Mimi Zohar, David Howells,
Paul Moore, James Morris, Serge E. Hallyn, Peter Huewe, op-tee,
linux-kernel, linux-doc, linux-crypto, linux-rtc, linux-efi,
linux-stm32, linux-arm-kernel, Cristian Marussi, arm-scmi,
linux-mips, netdev, linux-integrity, keyrings,
linux-security-module, Jason Gunthorpe
In-Reply-To: <20251218135332f323fa91@mail.local>
On Thu, Dec 18, 2025 at 2:53 PM Alexandre Belloni
<alexandre.belloni@bootlin.com> wrote:
>
> On 18/12/2025 08:21:27+0100, Jens Wiklander wrote:
> > Hi,
> >
> > On Mon, Dec 15, 2025 at 3:17 PM Uwe Kleine-König
> > <u.kleine-koenig@baylibre.com> wrote:
> > >
> > > Hello,
> > >
> > > the objective of this series is to make tee driver stop using callbacks
> > > in struct device_driver. These were superseded by bus methods in 2006
> > > (commit 594c8281f905 ("[PATCH] Add bus_type probe, remove, shutdown
> > > methods.")) but nobody cared to convert all subsystems accordingly.
> > >
> > > Here the tee drivers are converted. The first commit is somewhat
> > > unrelated, but simplifies the conversion (and the drivers). It
> > > introduces driver registration helpers that care about setting the bus
> > > and owner. (The latter is missing in all drivers, so by using these
> > > helpers the drivers become more correct.)
> > >
> > > v1 of this series is available at
> > > https://lore.kernel.org/all/cover.1765472125.git.u.kleine-koenig@baylibre.com
> > >
> > > Changes since v1:
> > >
> > > - rebase to v6.19-rc1 (no conflicts)
> > > - add tags received so far
> > > - fix whitespace issues pointed out by Sumit Garg
> > > - fix shutdown callback to shutdown and not remove
> > >
> > > As already noted in v1's cover letter, this series should go in during a
> > > single merge window as there are runtime warnings when the series is
> > > only applied partially. Sumit Garg suggested to apply the whole series
> > > via Jens Wiklander's tree.
> > > If this is done the dependencies in this series are honored, in case the
> > > plan changes: Patches #4 - #17 depend on the first two.
> > >
> > > Note this series is only build tested.
> > >
> > > Uwe Kleine-König (17):
> > > tee: Add some helpers to reduce boilerplate for tee client drivers
> > > tee: Add probe, remove and shutdown bus callbacks to tee_client_driver
> > > tee: Adapt documentation to cover recent additions
> > > hwrng: optee - Make use of module_tee_client_driver()
> > > hwrng: optee - Make use of tee bus methods
> > > rtc: optee: Migrate to use tee specific driver registration function
> > > rtc: optee: Make use of tee bus methods
> > > efi: stmm: Make use of module_tee_client_driver()
> > > efi: stmm: Make use of tee bus methods
> > > firmware: arm_scmi: optee: Make use of module_tee_client_driver()
> > > firmware: arm_scmi: Make use of tee bus methods
> > > firmware: tee_bnxt: Make use of module_tee_client_driver()
> > > firmware: tee_bnxt: Make use of tee bus methods
> > > KEYS: trusted: Migrate to use tee specific driver registration
> > > function
> > > KEYS: trusted: Make use of tee bus methods
> > > tpm/tpm_ftpm_tee: Make use of tee specific driver registration
> > > tpm/tpm_ftpm_tee: Make use of tee bus methods
> > >
> > > Documentation/driver-api/tee.rst | 18 +----
> > > drivers/char/hw_random/optee-rng.c | 26 ++----
> > > drivers/char/tpm/tpm_ftpm_tee.c | 31 +++++---
> > > drivers/firmware/arm_scmi/transports/optee.c | 32 +++-----
> > > drivers/firmware/broadcom/tee_bnxt_fw.c | 30 ++-----
> > > drivers/firmware/efi/stmm/tee_stmm_efi.c | 25 ++----
> > > drivers/rtc/rtc-optee.c | 27 ++-----
> > > drivers/tee/tee_core.c | 84 ++++++++++++++++++++
> > > include/linux/tee_drv.h | 12 +++
> > > security/keys/trusted-keys/trusted_tee.c | 17 ++--
> > > 10 files changed, 164 insertions(+), 138 deletions(-)
> > >
> > > base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8
> > > --
> > > 2.47.3
> > >
> >
> > Thank you for the nice cleanup, Uwe.
> >
> > I've applied patch 1-3 to the branch tee_bus_callback_for_6.20 in my
> > tree at https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git/
> >
> > The branch is based on v6.19-rc1, and I'll try to keep it stable for
> > others to depend on, if needed. Let's see if we can agree on taking
> > the remaining patches via that branch.
>
> 6 and 7 can go through your branch.
Good, I've added them to my branch now.
Thanks,
Jens
^ permalink raw reply
* Re: [PATCH v2 00/17] tee: Use bus callbacks instead of driver callbacks
From: Alexandre Belloni @ 2025-12-18 13:53 UTC (permalink / raw)
To: Jens Wiklander
Cc: Uwe Kleine-König, Jonathan Corbet, Sumit Garg,
Olivia Mackall, Herbert Xu, Clément Léger,
Ard Biesheuvel, Maxime Coquelin, Alexandre Torgue, Sumit Garg,
Ilias Apalodimas, Jan Kiszka, Sudeep Holla, Christophe JAILLET,
Rafał Miłecki, Michael Chan, Pavan Chebbi,
James Bottomley, Jarkko Sakkinen, Mimi Zohar, David Howells,
Paul Moore, James Morris, Serge E. Hallyn, Peter Huewe, op-tee,
linux-kernel, linux-doc, linux-crypto, linux-rtc, linux-efi,
linux-stm32, linux-arm-kernel, Cristian Marussi, arm-scmi,
linux-mips, netdev, linux-integrity, keyrings,
linux-security-module, Jason Gunthorpe
In-Reply-To: <CAHUa44FrDZbvRvfN8obf80_k=Eqxe9YxHpjaE5jU7nkxPUwfag@mail.gmail.com>
On 18/12/2025 08:21:27+0100, Jens Wiklander wrote:
> Hi,
>
> On Mon, Dec 15, 2025 at 3:17 PM Uwe Kleine-König
> <u.kleine-koenig@baylibre.com> wrote:
> >
> > Hello,
> >
> > the objective of this series is to make tee driver stop using callbacks
> > in struct device_driver. These were superseded by bus methods in 2006
> > (commit 594c8281f905 ("[PATCH] Add bus_type probe, remove, shutdown
> > methods.")) but nobody cared to convert all subsystems accordingly.
> >
> > Here the tee drivers are converted. The first commit is somewhat
> > unrelated, but simplifies the conversion (and the drivers). It
> > introduces driver registration helpers that care about setting the bus
> > and owner. (The latter is missing in all drivers, so by using these
> > helpers the drivers become more correct.)
> >
> > v1 of this series is available at
> > https://lore.kernel.org/all/cover.1765472125.git.u.kleine-koenig@baylibre.com
> >
> > Changes since v1:
> >
> > - rebase to v6.19-rc1 (no conflicts)
> > - add tags received so far
> > - fix whitespace issues pointed out by Sumit Garg
> > - fix shutdown callback to shutdown and not remove
> >
> > As already noted in v1's cover letter, this series should go in during a
> > single merge window as there are runtime warnings when the series is
> > only applied partially. Sumit Garg suggested to apply the whole series
> > via Jens Wiklander's tree.
> > If this is done the dependencies in this series are honored, in case the
> > plan changes: Patches #4 - #17 depend on the first two.
> >
> > Note this series is only build tested.
> >
> > Uwe Kleine-König (17):
> > tee: Add some helpers to reduce boilerplate for tee client drivers
> > tee: Add probe, remove and shutdown bus callbacks to tee_client_driver
> > tee: Adapt documentation to cover recent additions
> > hwrng: optee - Make use of module_tee_client_driver()
> > hwrng: optee - Make use of tee bus methods
> > rtc: optee: Migrate to use tee specific driver registration function
> > rtc: optee: Make use of tee bus methods
> > efi: stmm: Make use of module_tee_client_driver()
> > efi: stmm: Make use of tee bus methods
> > firmware: arm_scmi: optee: Make use of module_tee_client_driver()
> > firmware: arm_scmi: Make use of tee bus methods
> > firmware: tee_bnxt: Make use of module_tee_client_driver()
> > firmware: tee_bnxt: Make use of tee bus methods
> > KEYS: trusted: Migrate to use tee specific driver registration
> > function
> > KEYS: trusted: Make use of tee bus methods
> > tpm/tpm_ftpm_tee: Make use of tee specific driver registration
> > tpm/tpm_ftpm_tee: Make use of tee bus methods
> >
> > Documentation/driver-api/tee.rst | 18 +----
> > drivers/char/hw_random/optee-rng.c | 26 ++----
> > drivers/char/tpm/tpm_ftpm_tee.c | 31 +++++---
> > drivers/firmware/arm_scmi/transports/optee.c | 32 +++-----
> > drivers/firmware/broadcom/tee_bnxt_fw.c | 30 ++-----
> > drivers/firmware/efi/stmm/tee_stmm_efi.c | 25 ++----
> > drivers/rtc/rtc-optee.c | 27 ++-----
> > drivers/tee/tee_core.c | 84 ++++++++++++++++++++
> > include/linux/tee_drv.h | 12 +++
> > security/keys/trusted-keys/trusted_tee.c | 17 ++--
> > 10 files changed, 164 insertions(+), 138 deletions(-)
> >
> > base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8
> > --
> > 2.47.3
> >
>
> Thank you for the nice cleanup, Uwe.
>
> I've applied patch 1-3 to the branch tee_bus_callback_for_6.20 in my
> tree at https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git/
>
> The branch is based on v6.19-rc1, and I'll try to keep it stable for
> others to depend on, if needed. Let's see if we can agree on taking
> the remaining patches via that branch.
6 and 7 can go through your branch.
--
Alexandre Belloni, co-owner and COO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
^ permalink raw reply
* Re: [PATCH v4 2/4] tst_test.sh: Add TST_USR_{G,U}ID variables
From: Petr Vorel @ 2025-12-18 11:47 UTC (permalink / raw)
To: Cyril Hrubis
Cc: ltp, Mimi Zohar, linux-integrity, selinux, Jan Stancek, Li Wang
In-Reply-To: <aULQlhbHltLTbdG4@yuki.lan>
> Hi!
> > Add TST_USR_{G,U}ID variables with the default values from tst_runas.c.
> > These can be used as a default values for tests which use tst_runas and
> > need to know UID/GID for other commands.
> > It will be used in LTP IMA tests.
...
> > +# see testcases/lib/tst_runas.c
> > +export TST_USR_UID="${LTP_USR_UID:-65534}"
> > +export TST_USR_GID="${LTP_USR_GID:-65534}"
> Do we need this? We already have the default values in the C code...
I've merged the patch without notice this, therefore just to clarify.
I hoped I was clear in the commit message, obviously not.
Yes, just for a record you find the answer in the next patch:
https://lore.kernel.org/ltp/aULUsVxLIXFM19IV@yuki.lan/
So I hope everything is OK.
Kind regards,
Petr
^ permalink raw reply
* [PATCH] integrity: Fix spelling mistake TRUSTED_KEYRING
From: Philipp Hahn @ 2025-12-18 10:31 UTC (permalink / raw)
To: linux-integrity; +Cc: Philipp Hahn, linux-kernel, Nayna Jain, Mimi Zohar
Fix minor spelling mistake "kerne{d -> l}".
Cc: Nayna Jain <nayna@linux.ibm.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>
Fixes: 9dc92c45177ab ("integrity: Define a trusted platform keyring")
Signed-off-by: Philipp Hahn <phahn-oss@avm.de>
---
security/integrity/Kconfig | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/Kconfig b/security/integrity/Kconfig
index 916d4f2bfc441..328ea9f32035a 100644
--- a/security/integrity/Kconfig
+++ b/security/integrity/Kconfig
@@ -60,7 +60,7 @@ config INTEGRITY_PLATFORM_KEYRING
help
Provide a separate, distinct keyring for platform trusted keys, which
the kernel automatically populates during initialization from values
- provided by the platform for verifying the kexec'ed kerned image
+ provided by the platform for verifying the kexec'ed kernel image
and, possibly, the initramfs signature.
config INTEGRITY_MACHINE_KEYRING
--
2.43.0
^ permalink raw reply related
* Re: [PATCH v2 00/17] tee: Use bus callbacks instead of driver callbacks
From: Jens Wiklander @ 2025-12-18 7:21 UTC (permalink / raw)
To: Uwe Kleine-König
Cc: Jonathan Corbet, Sumit Garg, Olivia Mackall, Herbert Xu,
Clément Léger, Alexandre Belloni, Ard Biesheuvel,
Maxime Coquelin, Alexandre Torgue, Sumit Garg, Ilias Apalodimas,
Jan Kiszka, Sudeep Holla, Christophe JAILLET,
Rafał Miłecki, Michael Chan, Pavan Chebbi,
James Bottomley, Jarkko Sakkinen, Mimi Zohar, David Howells,
Paul Moore, James Morris, Serge E. Hallyn, Peter Huewe, op-tee,
linux-kernel, linux-doc, linux-crypto, linux-rtc, linux-efi,
linux-stm32, linux-arm-kernel, Cristian Marussi, arm-scmi,
linux-mips, netdev, linux-integrity, keyrings,
linux-security-module, Jason Gunthorpe
In-Reply-To: <cover.1765791463.git.u.kleine-koenig@baylibre.com>
Hi,
On Mon, Dec 15, 2025 at 3:17 PM Uwe Kleine-König
<u.kleine-koenig@baylibre.com> wrote:
>
> Hello,
>
> the objective of this series is to make tee driver stop using callbacks
> in struct device_driver. These were superseded by bus methods in 2006
> (commit 594c8281f905 ("[PATCH] Add bus_type probe, remove, shutdown
> methods.")) but nobody cared to convert all subsystems accordingly.
>
> Here the tee drivers are converted. The first commit is somewhat
> unrelated, but simplifies the conversion (and the drivers). It
> introduces driver registration helpers that care about setting the bus
> and owner. (The latter is missing in all drivers, so by using these
> helpers the drivers become more correct.)
>
> v1 of this series is available at
> https://lore.kernel.org/all/cover.1765472125.git.u.kleine-koenig@baylibre.com
>
> Changes since v1:
>
> - rebase to v6.19-rc1 (no conflicts)
> - add tags received so far
> - fix whitespace issues pointed out by Sumit Garg
> - fix shutdown callback to shutdown and not remove
>
> As already noted in v1's cover letter, this series should go in during a
> single merge window as there are runtime warnings when the series is
> only applied partially. Sumit Garg suggested to apply the whole series
> via Jens Wiklander's tree.
> If this is done the dependencies in this series are honored, in case the
> plan changes: Patches #4 - #17 depend on the first two.
>
> Note this series is only build tested.
>
> Uwe Kleine-König (17):
> tee: Add some helpers to reduce boilerplate for tee client drivers
> tee: Add probe, remove and shutdown bus callbacks to tee_client_driver
> tee: Adapt documentation to cover recent additions
> hwrng: optee - Make use of module_tee_client_driver()
> hwrng: optee - Make use of tee bus methods
> rtc: optee: Migrate to use tee specific driver registration function
> rtc: optee: Make use of tee bus methods
> efi: stmm: Make use of module_tee_client_driver()
> efi: stmm: Make use of tee bus methods
> firmware: arm_scmi: optee: Make use of module_tee_client_driver()
> firmware: arm_scmi: Make use of tee bus methods
> firmware: tee_bnxt: Make use of module_tee_client_driver()
> firmware: tee_bnxt: Make use of tee bus methods
> KEYS: trusted: Migrate to use tee specific driver registration
> function
> KEYS: trusted: Make use of tee bus methods
> tpm/tpm_ftpm_tee: Make use of tee specific driver registration
> tpm/tpm_ftpm_tee: Make use of tee bus methods
>
> Documentation/driver-api/tee.rst | 18 +----
> drivers/char/hw_random/optee-rng.c | 26 ++----
> drivers/char/tpm/tpm_ftpm_tee.c | 31 +++++---
> drivers/firmware/arm_scmi/transports/optee.c | 32 +++-----
> drivers/firmware/broadcom/tee_bnxt_fw.c | 30 ++-----
> drivers/firmware/efi/stmm/tee_stmm_efi.c | 25 ++----
> drivers/rtc/rtc-optee.c | 27 ++-----
> drivers/tee/tee_core.c | 84 ++++++++++++++++++++
> include/linux/tee_drv.h | 12 +++
> security/keys/trusted-keys/trusted_tee.c | 17 ++--
> 10 files changed, 164 insertions(+), 138 deletions(-)
>
> base-commit: 8f0b4cce4481fb22653697cced8d0d04027cb1e8
> --
> 2.47.3
>
Thank you for the nice cleanup, Uwe.
I've applied patch 1-3 to the branch tee_bus_callback_for_6.20 in my
tree at https://git.kernel.org/pub/scm/linux/kernel/git/jenswi/linux-tee.git/
The branch is based on v6.19-rc1, and I'll try to keep it stable for
others to depend on, if needed. Let's see if we can agree on taking
the remaining patches via that branch.
Cheers,
Jens
^ permalink raw reply
* Re: [RFC][PATCH v2] ima: Add support for staging measurements for deletion and trimming
From: Mimi Zohar @ 2025-12-17 19:41 UTC (permalink / raw)
To: Roberto Sassu, corbet, dmitry.kasatkin, eric.snowberg, paul,
jmorris, serge
Cc: linux-doc, linux-kernel, linux-integrity, linux-security-module,
gregorylumen, chenste, nramas, Roberto Sassu
In-Reply-To: <41ead1c44a678b597ffd3350cce332a8a5d4ac7c.camel@huaweicloud.com>
On Wed, 2025-12-17 at 17:01 +0100, Roberto Sassu wrote:
> On Wed, 2025-12-17 at 10:26 -0500, Mimi Zohar wrote:
> > Hi Roberto,
> >
> > Thank you! Everything is working as designed.
> >
> > - Only public functions require kernel-doc comments, but other functions would
> > benefit having a comment.
> >
> > - As I mentioned in response to Steven's patch, "After trimming the measurement
> > list, existing verifiers, which walk the IMA measurement list, will obviously
> > fail to match the PCRs. Breaking existing userspace applications is a problem
> > and, unfortunately, requires yet another Kconfig option. It needs to be at
> > least mentioned here in the patch description."
>
> Hi Mimi
>
> sure.
>
> > On Fri, 2025-12-12 at 18:19 +0100, Roberto Sassu wrote:
> > > From: Roberto Sassu <roberto.sassu@huawei.com>
> > >
> > > Introduce the ability of staging the entire (or a portion of the) IMA
> > > measurement list for deletion. Staging means moving the current content of
> > > the measurement list to a separate location, and allowing users to read and
> > > delete it. This causes the measurement list to be atomically truncated
> > > before new measurements can be added.
> >
> > This last sentence is the crux of your of your proposal.
> > -> "quickly be atomically ... so ..."
>
> Ok.
>
> > I must be missing something. With the ability of trimming N records, it's
> > unclear to me the benefit of staging the measurement list and requiring a
> > separate deletion. The measurement list can be read before trimming without
> > loosing any measurements. Like now, the entire measurement list could be moved
> > to a staging area. Instead of freeing all of the records, only N records would
> > be freed. Afterwards the remaining staged measurements (N+1) could be restored
> > to the head of the measurement list.
>
> My hope is to avoid trimming based on N in the kernel, but rather offer
> the same functionality on a user space service that simply gets all the
> measurements it can from the kernel (with the stage all approach), and
> exposes the desired measurements to requesting applications (based on N
> or based on a PCR value, as Microsoft requested).
Agreed, the measurement list needs to be copied to userspace and saved. How
userspace applications will access it needs to be defined and documented.
I thought Microsoft backed away from trimming the measurement list based on a
PCR value. At least basing it on a PCR value, is not implemented in the kernel.
>
> I think it was already mentioned earlier in the discussion. By reading
> and trimming at two different times, there is a race window where two
> separate remote attestation agents determine N on the current
> measurements list and attempt to trim one after another with the same
> N, but the latter attempts to do it on an already trimmed measurements
> list. They could take the write lock for the read too to avoid that.
Yes, I saw the problem in v1, when the second request wasn't rejected but was
synchronized by a mutex. That should have been fixed in v2 with your locking
changes.
>
> The stage all approach is not susceptible to this race window, because
> it does not require a prior read before the operation.
I'm not convinced of that, as any application with cap sysadmin can initiate a
trim or trim & delete. At least at the moment, there's no way of limiting the
trim/delete to a given application. Perhaps it could be limited based on
SELinux labels.
--
thanks,
Mimi
^ permalink raw reply
* Re: [PATCH v15 19/28] x86/tpm: Early TPM PCR extending driver
From: Dave Hansen @ 2025-12-17 19:06 UTC (permalink / raw)
To: ross.philipson, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel
In-Reply-To: <c1436289-372f-4aff-b315-0bb5750d7fe6@oracle.com>
On 12/17/25 10:40, ross.philipson@oracle.com wrote:
> But ultimately I will format the code in whatever manner is requested.
Honestly, it looks like folks just copied the code from wherever it came
and completely ignored _any_ sane column limits.
It's not about $FOO columns or $BAR columns. It's about having code
that's readable and maintainable. The key issue here is that there's
been no apparent effort to try to make the code readable and maintainable.
Am I wrong?
Next steps: First, try to make the code readable and maintainable. If
you can do that under 80 columns, great. Aim for 80. If doing 85 or 100
makes the code more readable or maintainable, that's OK too.
But I'm a little discouraged that we're at v15 and talking about
"readable and maintainable". That's RFC fodder, not v15.
^ permalink raw reply
* Re: [PATCH v15 22/28] x86: Secure Launch kernel early boot stub
From: ross.philipson @ 2025-12-17 18:47 UTC (permalink / raw)
To: Dave Hansen, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel, ross.philipson
In-Reply-To: <5c4734af-d72c-4b1d-9d2f-8c07d4c0dd6d@intel.com>
On 12/16/25 2:32 PM, Dave Hansen wrote:
> On 12/15/25 15:33, Ross Philipson wrote:
>> +static u64 sl_txt_read(u32 reg)
>> +{
>> + return readq((void *)(u64)(TXT_PRIV_CONFIG_REGS_BASE + reg));
>> +}
>> +
>> +static void sl_txt_write(u32 reg, u64 val)
>> +{
>> + writeq(val, (void *)(u64)(TXT_PRIV_CONFIG_REGS_BASE + reg));
>> +}
>
> Man, that's a lot of casting. If TXT_PRIV_CONFIG_REGS_BASE were just a
> pointer to being with, it could be:
>
> writeq(val, TXT_PRIV_CONFIG_REGS_BASE + reg);
>
> Right?
Indeed, we can simplify this per your suggestion.
>
> This _looks_ like it was just written and then had casts added to it
> until it compiled.
Thank you for you feedback so far.
Ross
^ permalink raw reply
* Re: [PATCH v15 16/28] x86/txt: Intel Trusted eXecution Technology (TXT) definitions
From: ross.philipson @ 2025-12-17 18:44 UTC (permalink / raw)
To: Dave Hansen, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel
In-Reply-To: <9febdd36-9c23-458a-8d7e-2bc39849e188@intel.com>
On 12/16/25 2:14 PM, Dave Hansen wrote:
> On 12/15/25 15:33, Ross Philipson wrote:
>> +static inline struct txt_heap_event_log_pointer2_1_element*
>> +txt_find_log2_1_element(struct txt_os_sinit_data *os_sinit_data)
>> +{
>> + struct txt_heap_ext_data_element *ext_elem;
>> +
>> + /* The extended element array is at the end of this table */
>> + ext_elem = (struct txt_heap_ext_data_element *)
>> + ((u8 *)os_sinit_data + sizeof(struct txt_os_sinit_data));
>
> I'd really honestly see a helper for this kind of thing:
>
> #define ptr_after(foo) ((void *)foo + sizeof(foo))
>
> resulting in:
>
> ext_elem = ptr_after(os_sinit_data);
>
We can do that.
> would be a billion times easier to read than what's there. I honestly
> don't even see why this bothers with the u8 and cast to 'struct
> txt_heap_ext_data_element *' versus just using void* and being done with it.
>
> There's no type safety here in the first place so why bother?
Earlier, this was done to a number of other functions for the same
reason. We will change it here too.
Ross
>
>> + while (ext_elem->type != TXT_HEAP_EXTDATA_TYPE_END) {
>> + if (ext_elem->type == TXT_HEAP_EXTDATA_TYPE_EVENT_LOG_POINTER2_1) {
>> + return (struct txt_heap_event_log_pointer2_1_element *)
>> + ((u8 *)ext_elem + sizeof(struct txt_heap_ext_data_element));
>> + }
>> + ext_elem = (struct txt_heap_ext_data_element *)
>> + ((u8 *)ext_elem + ext_elem->size);
>> + }
^ permalink raw reply
* Re: [PATCH v15 19/28] x86/tpm: Early TPM PCR extending driver
From: ross.philipson @ 2025-12-17 18:40 UTC (permalink / raw)
To: Dave Hansen, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel, ross.philipson
In-Reply-To: <56929e8b-a7cf-4390-b4ec-0b4c2c32b311@intel.com>
On 12/16/25 1:53 PM, Dave Hansen wrote:
> I'm mostly spot-checking this to see what kind of shape it's in and how
> much work and diligence has been applied in the last 8 months since v14.
>
> On 12/15/25 15:33, Ross Philipson wrote:
> ...
>> The driver could be extended for further operations if needed. This
>> TPM dirver implementation relies as much as possible on existing mainline
>
> <sigh>
>
> v15 and no spell checking. :(
Will fix.
>
>> --- /dev/null
>> +++ b/arch/x86/boot/compressed/early_tpm_extend.c
>> @@ -0,0 +1,601 @@
>> +// SPDX-License-Identifier: GPL-2.0-only
>> +/*
>> + * Copyright (c) 2010-2012 United States Government, as represented by
>> + * the Secretary of Defense. All rights reserved.
>
> IANAL, but this looks fishy.
>
> It's theoretically fine to go grab random code off the Internet and
> submit it to the kernel, given the correct license. But I do want to
> know what its story is and where it came from.
>
> I also seem to remember that there are special rules around the US
> federal government's inability to hold copyrights. This seems worth at
> least a mention ... somewhere.
>
> This is helpful, for instance:
>
>> + * based off of the original tools/vtpm_manager code base which is:
>> + * Copyright (c) 2005, Intel Corp.
>> + * All rights reserved.
>
> so thanks for that one.
>
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + *
>> + * * Redistributions of source code must retain the above copyright
>> + * notice, this list of conditions and the following disclaimer.
>> + * * Redistributions in binary form must reproduce the above
>> + * copyright notice, this list of conditions and the following
>> + * disclaimer in the documentation and/or other materials provided
>> + * with the distribution.
>> + * * Neither the name of Intel Corporation nor the names of its
>> + * contributors may be used to endorse or promote products derived
>> + * from this software without specific prior written permission.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
>> + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>> + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
>> + * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
>> + * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
>> + * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
>> + * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
>> + * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
>> + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
>> + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
>> + * OF THE POSSIBILITY OF SUCH DAMAGE.
>> + */
>
> Also, IANAL, but this looks BSD-ish.
>
> I would have kinda expected the SPDX header to say BSD-blah-blah and not
> GPL-2.0-only.
>
> I'd really appreciate if you could go have a huddle with your corporate
> Open Source folks and make sure this is all proper. To me, it looks
> fishy at _best_.
Yes, we will do exactly that for all the licensing and sort it out.
>
> ...
>> +/*
>> + * We're far too early to calibrate time. Assume a 5GHz processor (the upper
>> + * end of the Fam19h range), which causes us to be wrong in the safe direction
>> + * on slower systems.
>> + */
>
> https://urldefense.com/v3/__https://docs.kernel.org/process/maintainer-tip.html*changelog__;Iw!!ACWV5N9M2RV99hQ!ODp_iKdXfPuA60ae9ZCFdElNvGZjrd7ffPYtSVs3cwOTY2kzGN_tgsRLYawnxEGiHE0jMDN2kgOxBBtMtmu-7ohw$
>
> Imperative voice please.
+1
>
> ...
>> +static int __tis_recv_data(struct tpm_chip *chip, u8 *buf, int count)
>> +{
>> + int size = 0;
>> + int burstcnt;
>> +
>> + while (size < count && __tis_wait_for_stat(chip, TPM_STS_DATA_AVAIL | TPM_STS_VALID, chip->timeout_c) == 0) {
>> + burstcnt = __tis_get_burstcount(chip);
>> +
>> + for ( ; burstcnt > 0 && size < count; --burstcnt)
>> + buf[size++] = tpm_read8(chip, TPM_DATA_FIFO(chip->locality));
>> + }
>> +
>> + return size;
>> +}
>> +
>> +/**
>> + * tpm_tis_check_locality - Check if the given locality is the active one
>> + * @chip: The TPM chip instance
>> + * @loc: The locality to check
>> + *
>> + * Return: true - locality active, false - not active
>> + */
>> +bool tpm_tis_check_locality(struct tpm_chip *chip, int loc)
>> +{
>> + if ((tpm_read8(chip, TPM_ACCESS(loc)) & (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) == (TPM_ACCESS_ACTIVE_LOCALITY | TPM_ACCESS_VALID)) {
>> + chip->locality = loc;
>> + return true;
>> + }
>> +
>> + return false;
>> +}
>> +
>> +/**
>> + * tpm_tis_release_locality - Release the active locality
>> + * @chip: The TPM chip instance
>> + */
>> +void tpm_tis_release_locality(struct tpm_chip *chip)
>> +{
>> + if ((tpm_read8(chip, TPM_ACCESS(chip->locality)) & (TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID)) == (TPM_ACCESS_REQUEST_PENDING | TPM_ACCESS_VALID))
>> + tpm_write8(chip, TPM_ACCESS(chip->locality), TPM_ACCESS_RELINQUISH_LOCALITY);
>> +
>> + chip->locality = 0;
>> +}
>
> I guess some folks aren't enforcing the 80-column limits. But this is
> not even close. It's almost 80x2.
>
> Has there even been an attempt to make this conform to kernel coding
> style? What other checkpatch.pl warnings are being ignored?
>
We do run checkpatch.pl and fix the issues it points out. I feel it is
not clear how to approach the 80 character limit rule though. I have
been told in other reviews that the 80 char rule is not really followed
and certain things would read better w/o it. Reading the guide again, it
does not really spell out details other than try to keep it 80 and
under. Maybe there should be a hard limit (< 80x2) if you exceed it?
But ultimately I will format the code in whatever manner is requested.
Thank you,
Ross
^ permalink raw reply
* Re: [PATCH v15 00/28] x86: Secure Launch support for Intel TXT
From: ross.philipson @ 2025-12-17 18:15 UTC (permalink / raw)
To: Jarkko Sakkinen
Cc: linux-kernel, x86, linux-integrity, linux-doc, linux-crypto,
kexec, linux-efi, iommu, dpsmith, tglx, mingo, bp, hpa,
dave.hansen, ardb, mjg59, James.Bottomley, peterhuewe, jgg, luto,
nivedita, herbert, davem, corbet, ebiederm, dwmw2, baolu.lu,
kanth.ghatraju, andrew.cooper3, trenchboot-devel
In-Reply-To: <aUDV_e19I0I3GIzN@kernel.org>
On 12/15/25 7:46 PM, Jarkko Sakkinen wrote:
> On Mon, Dec 15, 2025 at 03:32:48PM -0800, Ross Philipson wrote:
>> Secure Launch is a vendor-neutral approach to implementing TGC Dynamic
>> Root of Trust (DRTM) support in the kernel. This is complementary to
>> better known Static Root of Trust (SRTM) schemes such as UEFI SecureBoot.
>>
>> This series provides the common infrastructure along with Intel TXT
>> support, without needing the tboot exokernel. Support for AMD SKINIT is
>> pending the common infrastructure getting nailed down, and ARM are
>> looking to build on it too.
>>
>> Originally, tboot were approached to see if they'd take support for
>> other vendors, but they elected not to. Hence this approach instead.
>>
>> Work is being coordinated by the Trenchboot project, https://trenchboot.org/,
>> organising Secure Launch support for upstream open source projects including
>> Grub, iPXE and Xen. The goal of the Trenchboot project is to make DTRM easy
>> to use. e.g. for Grub, it's simply adding "slaunch" as a command in the boot
>> stanza. See https://trenchboot.org/user-docs/QUICKSTART/#linux-quick-start-guide
>> for more details
>>
>> Patch set based on commit:
>> torvalds/master/fd57572253bc356330dbe5b233c2e1d8426c66fd
>>
>> Depends on v3 of the following TPM patch set (note this patch
>> set is being actively worked on separately):
>> [PATCH v3 00/10] tpm: Decouple Trenchboot dependencies
>> Message ID: 20250929194832.2913286-1-jarkko@kernel.org
>>
>> Finally we would like to thank everyone for their input and
>> assistance. It has all been very helpful in improving the quality of
>> our solution and in reviewing/strengthening our security posture.
>>
>> Thanks
>> Ross Philipson and Daniel P. Smith
>>
>> Changes in v15:
>>
>> - Rewriting and reformatting of the cover letter, commit message and
>> code comments per requests from maintainers.
>> - Introduction of a early TPM driver in the x86 setup kernel to allow
>> TPM extend command very early in the boot.
>> - Remove previous TPM extending architecture that attempted to update
>> the TPM PCRs later in the boot process.
>> - Split slaunch.h into 2 files, with a new txt.h. The former contains
>> platform agnostic definitions for the SL feature. The new txt.h file
>> contains Intel TXT definitions from the public specs.
>> - Split TPM headers up following the specifications where the
>> technologies are defined.
>> - Include set of split up TPM header files to allow TPM driver reuse
>> in other environments (e.g. early kernel, x86).
>> - Fix code formatting and type-os.
>>
>>
>> Alec Brown (1):
>> tpm: Remove main TPM header from TPM event log header
>>
>> Daniel P. Smith (6):
>> tpm/tpm_tis: Close all localities
>> tpm/tpm_tis: Address positive localities in tpm_tis_request_locality()
>> Documentation/x86: Secure Launch kernel documentation
>> x86: Add early SHA-1 support for Secure Launch early measurements
>> x86: Add early SHA-256 support for Secure Launch early measurements
>> x86: Secure Launch late initcall platform module
>>
>> Ross Philipson (21):
>> tpm: Initial step to reorganize TPM public headers
>> tpm: Move TPM1 specific definitions and functions to new headers
>> tpm: Move TPM2 specific definitions and functions to new headers
>> tpm: Move TPM common base definitions to new public common header
>> tpm: Move platform specific definitions to the new PTP header
>> tpm: Add TPM buffer support header for standalone reuse
>> tpm/tpm_tis: Allow locality to be set to a different value
>> tpm/sysfs: Show locality used by kernel
>> x86: Secure Launch Kconfig
>> x86: Secure Launch Resource Table header file
>> x86: Secure Launch main header file
>> x86/txt: Intel Trusted eXecution Technology (TXT) definitions
>> x86/tpm: Early TPM PCR extending driver
>> x86/msr: Add variable MTRR base/mask and x2apic ID registers
>> x86/boot: Place TXT MLE header in the kernel_info section
>> x86: Secure Launch kernel early boot stub
>> x86: Secure Launch kernel late boot stub
>> x86: Secure Launch SMP bringup support
>> kexec: Secure Launch kexec SEXIT support
>> x86/reboot: Secure Launch SEXIT support on reboot paths
>> x86/efi: EFI stub DRTM launch support for Secure Launch
>>
>> Documentation/arch/x86/boot.rst | 21 +
>> Documentation/security/index.rst | 1 +
>> .../security/launch-integrity/index.rst | 11 +
>> .../security/launch-integrity/principles.rst | 308 +++++++
>> .../secure_launch_details.rst | 587 +++++++++++++
>> .../secure_launch_overview.rst | 240 ++++++
>> arch/x86/Kconfig | 14 +
>> arch/x86/boot/compressed/Makefile | 8 +
>> arch/x86/boot/compressed/early_tpm_extend.c | 601 ++++++++++++++
>> arch/x86/boot/compressed/head_64.S | 29 +
>> arch/x86/boot/compressed/kernel_info.S | 50 +-
>> arch/x86/boot/compressed/sha1.c | 7 +
>> arch/x86/boot/compressed/sha256.c | 6 +
>> arch/x86/boot/compressed/sl_main.c | 638 +++++++++++++++
>> arch/x86/boot/compressed/sl_stub.S | 770 ++++++++++++++++++
>> arch/x86/boot/compressed/tpm.h | 42 +
>> arch/x86/boot/compressed/vmlinux.lds.S | 7 +
>> arch/x86/include/asm/msr-index.h | 5 +
>> arch/x86/include/asm/realmode.h | 3 +
>> arch/x86/include/asm/txt.h | 330 ++++++++
>> arch/x86/include/uapi/asm/bootparam.h | 1 +
>> arch/x86/kernel/Makefile | 2 +
>> arch/x86/kernel/asm-offsets.c | 20 +
>> arch/x86/kernel/reboot.c | 14 +
>> arch/x86/kernel/setup.c | 3 +
>> arch/x86/kernel/slaunch.c | 615 ++++++++++++++
>> arch/x86/kernel/slmodule.c | 348 ++++++++
>> arch/x86/kernel/smpboot.c | 47 +-
>> arch/x86/realmode/init.c | 8 +
>> arch/x86/realmode/rm/header.S | 3 +
>> arch/x86/realmode/rm/trampoline_64.S | 32 +
>> drivers/char/tpm/tpm-buf.c | 10 +-
>> drivers/char/tpm/tpm-chip.c | 34 +-
>> drivers/char/tpm/tpm-sysfs.c | 10 +
>> drivers/char/tpm/tpm.h | 180 +---
>> drivers/char/tpm/tpm1-cmd.c | 18 +-
>> drivers/char/tpm/tpm1_structs.h | 97 +++
>> drivers/char/tpm/tpm2-cmd.c | 32 +-
>> drivers/char/tpm/tpm2-space.c | 13 -
>> drivers/char/tpm/tpm2_structs.h | 58 ++
>> drivers/char/tpm/tpm_tis_core.c | 21 +-
>> drivers/char/tpm/tpm_tis_core.h | 64 +-
>> drivers/firmware/efi/libstub/efistub.h | 8 +
>> drivers/firmware/efi/libstub/x86-stub.c | 100 +++
>> drivers/iommu/intel/dmar.c | 4 +
>> include/keys/trusted_tpm.h | 1 -
>> include/linux/slaunch.h | 251 ++++++
>> include/linux/slr_table.h | 308 +++++++
>> include/linux/tpm.h | 240 +-----
>> include/linux/tpm1.h | 87 ++
>> include/linux/tpm2.h | 247 ++++++
>> include/linux/tpm_buf.h | 57 ++
>> include/linux/tpm_command.h | 30 -
>> include/linux/tpm_common.h | 99 +++
>> include/linux/tpm_eventlog.h | 4 +-
>> include/linux/tpm_ptp.h | 139 ++++
>> kernel/kexec_core.c | 8 +
>> security/keys/trusted-keys/trusted_tpm1.c | 1 -
>> security/keys/trusted-keys/trusted_tpm2.c | 1 -
>> 59 files changed, 6319 insertions(+), 574 deletions(-)
>> create mode 100644 Documentation/security/launch-integrity/index.rst
>> create mode 100644 Documentation/security/launch-integrity/principles.rst
>> create mode 100644 Documentation/security/launch-integrity/secure_launch_details.rst
>> create mode 100644 Documentation/security/launch-integrity/secure_launch_overview.rst
>> create mode 100644 arch/x86/boot/compressed/early_tpm_extend.c
>> create mode 100644 arch/x86/boot/compressed/sha1.c
>> create mode 100644 arch/x86/boot/compressed/sha256.c
>> create mode 100644 arch/x86/boot/compressed/sl_main.c
>> create mode 100644 arch/x86/boot/compressed/sl_stub.S
>> create mode 100644 arch/x86/boot/compressed/tpm.h
>> create mode 100644 arch/x86/include/asm/txt.h
>> create mode 100644 arch/x86/kernel/slaunch.c
>> create mode 100644 arch/x86/kernel/slmodule.c
>> create mode 100644 drivers/char/tpm/tpm1_structs.h
>> create mode 100644 drivers/char/tpm/tpm2_structs.h
>> create mode 100644 include/linux/slaunch.h
>> create mode 100644 include/linux/slr_table.h
>> create mode 100644 include/linux/tpm1.h
>> create mode 100644 include/linux/tpm2.h
>> create mode 100644 include/linux/tpm_buf.h
>> delete mode 100644 include/linux/tpm_command.h
>> create mode 100644 include/linux/tpm_common.h
>> create mode 100644 include/linux/tpm_ptp.h
>>
>> --
>> 2.43.7
>>
>
> Most likely I'll review this after the holidays (for heads up).
>
> BR, Jarkko
Thank you Jarkko.
^ permalink raw reply
* Re: [PATCH v15 13/28] x86: Secure Launch Kconfig
From: ross.philipson @ 2025-12-17 18:11 UTC (permalink / raw)
To: Randy Dunlap, linux-kernel, x86, linux-integrity, linux-doc,
linux-crypto, kexec, linux-efi, iommu
Cc: dpsmith, tglx, mingo, bp, hpa, dave.hansen, ardb, mjg59,
James.Bottomley, peterhuewe, jarkko, jgg, luto, nivedita, herbert,
davem, corbet, ebiederm, dwmw2, baolu.lu, kanth.ghatraju,
andrew.cooper3, trenchboot-devel, ross.philipson
In-Reply-To: <f2b1d24f-86fd-4b90-b6c0-126a4a2368ec@infradead.org>
On 12/15/25 7:20 PM, Randy Dunlap wrote:
>
>
> On 12/15/25 3:33 PM, Ross Philipson wrote:
>> Add a Kconfig option for compiling in/out the Secure Launch feature.
>> Secure Launch is controlled by a singel boolean on/off.
>>
>> Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
>> ---
>> arch/x86/Kconfig | 14 ++++++++++++++
>> 1 file changed, 14 insertions(+)
>>
>> diff --git a/arch/x86/Kconfig b/arch/x86/Kconfig
>> index fa3b616af03a..9404d207c420 100644
>> --- a/arch/x86/Kconfig
>> +++ b/arch/x86/Kconfig
>> @@ -1975,6 +1975,20 @@ config EFI_RUNTIME_MAP
>>
>> See also Documentation/ABI/testing/sysfs-firmware-efi-runtime-map.
>>
>> +config SECURE_LAUNCH
>> + bool "Secure Launch DRTM support"
>> + depends on X86_64 && X86_X2APIC && TCG_TIS && TCG_CRB
>> + select CRYPTO_LIB_SHA1
>> + select CRYPTO_LIB_SHA256
>> + help
>> + The Secure Launch feature allows a kernel to be launched directly
>> + through a vendor neutral DTRM (Dynamic Root of Trust for Measurement)
>
> DRTM
Thank you, will fix.
Ross
>
>> + solution, with Intel TXT being one example. The DRTM establishes an
>> + environment where the CPU measures the kernel image, employing the TPM,
>> + before starting it. Secure Launch then continues the measurement chain
>> + over kernel configuration information and other launch artifacts (e.g.
>> + any initramfs image).
>> +
>> source "kernel/Kconfig.hz"
>>
>> config ARCH_SUPPORTS_KEXEC
>
^ permalink raw reply
* Re: [PATCH v15 17/28] x86: Add early SHA-1 support for Secure Launch early measurements
From: ross.philipson @ 2025-12-17 18:10 UTC (permalink / raw)
To: Eric Biggers
Cc: linux-kernel, x86, linux-integrity, linux-doc, linux-crypto,
kexec, linux-efi, iommu, dpsmith, tglx, mingo, bp, hpa,
dave.hansen, ardb, mjg59, James.Bottomley, peterhuewe, jarkko,
jgg, luto, nivedita, herbert, davem, corbet, ebiederm, dwmw2,
baolu.lu, kanth.ghatraju, andrew.cooper3, trenchboot-devel
In-Reply-To: <20251216002150.GA11579@quark>
On 12/15/25 4:21 PM, Eric Biggers wrote:
> On Mon, Dec 15, 2025 at 03:33:05PM -0800, Ross Philipson wrote:
>> diff --git a/arch/x86/boot/compressed/sha1.c b/arch/x86/boot/compressed/sha1.c
>> new file mode 100644
>> index 000000000000..dd1b4cf5caf5
>> --- /dev/null
>> +++ b/arch/x86/boot/compressed/sha1.c
>> @@ -0,0 +1,7 @@
>> +// SPDX-License-Identifier: GPL-2.0
>> +/*
>> + * Copyright (c) 2025 Apertus Solutions, LLC.
>> + */
>> +
>> +#undef CONFIG_CRYPTO_LIB_SHA1_ARCH
>> +#include "../../../../lib/crypto/sha1.c"
>
> CONFIG_* options shouldn't be undefined like this. It seems that you're
> trying to build the SHA-1 code into a pre-boot environment. This
> problem was already solved in the SHA-256 code, by making
> lib/crypto/sha256.c aware of __DISABLE_EXPORTS. The SHA-1 code should
> use the same solution.
>
> - Eric
That makes perfects sense, we will address that.
Thank you,
Ross
^ permalink raw reply
page: next (older) | prev (newer) | latest
- recent:[subjects (threaded)|topics (new)|topics (active)]
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox