From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757691AbdADIkE (ORCPT ); Wed, 4 Jan 2017 03:40:04 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:56471 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752215AbdADIkA (ORCPT ); Wed, 4 Jan 2017 03:40:00 -0500 Subject: Re: [PATCH v7 2/2] tpm: add securityfs support for TPM 2.0 firmware event log To: Jarkko Sakkinen References: <1481434533-3453-1-git-send-email-nayna@linux.vnet.ibm.com> <1481434533-3453-3-git-send-email-nayna@linux.vnet.ibm.com> <20170102221148.gy3mlubrgs4gm6ey@intel.com> <586B5526.9090703@linux.vnet.ibm.com> <20170103133309.lt5k4c37rjq5vcbq@intel.com> Cc: tpmdd-devel@lists.sourceforge.net, peterhuewe@gmx.de, tpmdd@selhorst.net, jgunthorpe@obsidianresearch.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org From: Nayna Date: Wed, 4 Jan 2017 14:08:06 +0530 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.6.0 MIME-Version: 1.0 In-Reply-To: <20170103133309.lt5k4c37rjq5vcbq@intel.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Content-Scanned: Fidelis XPS MAILER x-cbid: 17010408-0012-0000-0000-000012DEB557 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006370; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000199; SDB=6.00803312; UDB=6.00390787; IPR=6.00581163; BA=6.00005029; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00013819; XFM=3.00000011; UTC=2017-01-04 08:38:30 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17010408-0013-0000-0000-000049D50E3B Message-Id: <586CB46E.8050207@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-01-04_06:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1612050000 definitions=main-1701040139 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/03/2017 07:03 PM, Jarkko Sakkinen wrote: > On Tue, Jan 03, 2017 at 01:09:18PM +0530, Nayna wrote: >> >> >> On 01/03/2017 03:42 AM, Jarkko Sakkinen wrote: >>> On Sun, Dec 11, 2016 at 12:35:33AM -0500, Nayna Jain wrote: >>>> Unlike the device driver support for TPM 1.2, the TPM 2.0 does >>>> not support the securityfs pseudo files for displaying the >>>> firmware event log. >>>> >>>> This patch enables support for providing the TPM 2.0 event log in >>>> binary form. TPM 2.0 event log supports a crypto agile format that >>>> records multiple digests, which is different from TPM 1.2. This >>>> patch enables the tpm_bios_log_setup for TPM 2.0 and adds the >>>> event log parser which understand the TPM 2.0 crypto agile format. >>>> >>>> Signed-off-by: Nayna Jain >>> >>> There is something fundamentally wrong in this commit. >>> >>> You must not allow this feature unless CONFIG_OF is set. It is the only >>> interface where the supply path of the event log is well defined on >>> platforms that include a TPM 2.0 chip. >> >> As per current implementation, if ACPI with TPM 2.0 doesn't support event >> log, tpm_read_log_acpi() is expected to return rc and tpm_bios_log_setup >> will not create securityfs. This is inline with our design for TPM 1.2 event >> log. > > At minimum you must have a check for TPM_CHIP_FLAG_TPM2 in the beginning > of tpm_read_log_acpi. It is wrong to even try to open TCPA in this case. Sure, will add this check and return -ENODEV if check passes. Thanks & Regards, - Nayna > > /Jarkko >