From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2062C17A920; Wed, 3 Jul 2024 17:24:30 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720027470; cv=none; b=k1TjQoFAL9hIpdrrcP9O8uvDfPZtp3LcstsHx14fDGBKJRylZZ2dvTGGw70aIpA7FlEYCKGOKcGur5wPL3iGvaLnens+011MnIqww8qQcMi3bSiKso0Cz+gwKF36+Gt9h16oi2etswiSUJhA4rWFMFEZh7AgrB4pNMa2pQggoIc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1720027470; c=relaxed/simple; bh=iuBZisjNdWYlQ9wx+QgfvIlstiZiWQefpRZWHhmW+I0=; h=Mime-Version:Content-Type:Date:Message-Id:To:Cc:Subject:From: References:In-Reply-To; b=G/KLIQocIMNlJvBVIzu70fDYztFkGwU+xsDdWE35yfuMZzdatqM4BLNV4nKaJU3z6waO7HFZsf+abFFJc8FYGXz7s+sbUCTCaVY/AepoTd/4uQKkykKZwt4R4+40w/fhRskYIu1eDOfKZiC9X16snUmpB5QYva/LxxqjaTFjt/U= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=nmdtdkn8; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="nmdtdkn8" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1850FC2BD10; Wed, 3 Jul 2024 17:24:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1720027470; bh=iuBZisjNdWYlQ9wx+QgfvIlstiZiWQefpRZWHhmW+I0=; h=Date:To:Cc:Subject:From:References:In-Reply-To:From; b=nmdtdkn8mOlr1tXHqHfwLxD4nyX69ommK2D2v59ifgA7Pm/dJRbeLpruVEYUDoJY+ SwLkqmjNcSkRvY+b/Mytpp22d3V+glQwtk2joScw5ErXgG5PmWqBWOKvJ9Yu1tUg8G z2WkY0UG2hvgJXlC4Aw0vZh1N0TzTDsXygoTV382+/kkLMNV533GnbyC4gw2UMfME/ wKWT/QSslqX+qEdFIGtWzdQRYD6N3MjuBvVjWxGlxP7ikh0fXFjypD3I8nPt5pCy92 iqaHOrVMjYI+rxOij/QFRS6yfCTGbYc8CbW+ijD/YoRqlq+02aq2C303wP6NZD5Icx nqmkI0JjvSeRg== Precedence: bulk X-Mailing-List: linux-security-module@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Wed, 03 Jul 2024 20:24:25 +0300 Message-Id: To: "Jarkko Sakkinen" , Cc: , "Stefan Berger" , "Peter Huewe" , "Jason Gunthorpe" , "James Bottomley" , "Mimi Zohar" , "David Howells" , "Paul Moore" , "James Morris" , "Serge E. Hallyn" , , , Subject: Re: [PATCH] tpm: Limit TCG_TPM2_HMAC to known good drivers From: "Jarkko Sakkinen" X-Mailer: aerc 0.17.0 References: <20240703003033.19057-1-jarkko@kernel.org> In-Reply-To: On Wed Jul 3, 2024 at 4:02 AM EEST, Jarkko Sakkinen wrote: > On Wed Jul 3, 2024 at 3:30 AM EEST, Jarkko Sakkinen wrote: > > + depends on TCG_CRB || TCG_TIS_CORE > > Needs to be "depends on !TCG_IBMVTPM": > > https://lore.kernel.org/linux-integrity/D2FHWYEXITS4.1GNXEB8V6KJM7@kernel= .org/ This ended up such a mess to fix with any fast path so I made a proper fix for the core issue in the hmac authentication patch set: https://lore.kernel.org/linux-integrity/20240703170815.1494625-1-jarkko@ker= nel.org/ The problem is that tpm_crb and tpm_tis_core are the *only* drivers, which call tpm_chip_bootstrap() so it is better not to take any possible risks with this. I'm still aiming to get these fixes into 6.10. BR, Jarkko