TPM2 Driver Support in distros (part 1)

TPM2 Driver Support in distros (part 1)

[Ken Goldman]

Is there a web site or other document that lists which distros or 
kernels include a TPM 2.0 driver?

I support a TPM 2.0 user space TSS.  Not seeing /dev/tpm0 is a typical 
error that prospective users see, and I'd like to give them some guidance.

If there is no such page, and people are willing to post information, 
I'd be happy to include it on my TSS page.


------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

Re: TPM2 Driver Support in distros (part 1)

[Peter.Huewe-d0qZbvYSIPpWk0Htik3J/w]

[resend]
Hi Ken,
> Is there a web site or other document that lists which distros or kernels include a TPM 2.0 driver?
> I support a TPM 2.0 user space TSS.  Not seeing /dev/tpm0 is a typical error that prospective users see, and I'd like to give them some guidance.
> If there is no such page, and people are willing to post information, I'd be happy to include it on my TSS page.

Not aware, but I seriously doubt it.
Speaking of PCClient based platforms, everything with:
- Kernel >4.0 works with CRB out of the box, with FIFO if tpm_tis.force=1 as module parameter
- Kernel >4.4 works with FIFO out of the box


Thanks
Peter





------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

Re: TPM2 Driver Support in distros (part 1)

[Ken Goldman]

On 7/25/2016 12:47 PM, Peter.Huewe-
> Speaking of PCClient based platforms, everything with:
> - Kernel >4.0 works with CRB out of the box, with FIFO if tpm_tis.force=1 as module parameter
> - Kernel >4.4 works with FIFO out of the box

1 - How does a user know whether the TPM will use CRB or FIFO - whether 
to specify tpm_tis.force=1 or not?

Or can that be specified any time, and it becomes a noop for CRB?

2 - module parameter?  Does that mean whatever distro dependent file is 
used for the boot parameters - grub.conf or some EFI file like grub.cfg.





------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

Re: TPM2 Driver Support in distros (part 1)

[Peter.Huewe-d0qZbvYSIPpWk0Htik3J/w]

Hi,

>1 - How does a user know whether the TPM will use CRB or FIFO - whether to specify tpm_tis.force=1 or not?
Depends on his hardware -- most "physical" TPMs are FIFO, firmware based are CRB.

However, tpm_tis != tpm_crb, these are separate drivers. (tpm_crb might even be backport-able to previous versions, as a module)
so if no /dev/tpm0 appears, try tpm_tis.force=1

> Or can that be specified any time, and it becomes a noop for CRB?
Yes, if no /dev/tpm0 appears, try tpm_tis.force=1

>2 - module parameter?  Does that mean whatever distro dependent file is used for the boot parameters - grub.conf or some EFI file like grub.cfg.
Yes, exactly.

Thanks,
Peter

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

Re: TPM2 Driver Support in distros (part 1)

[Jason Gunthorpe]

On Sat, Jul 23, 2016 at 10:53:54PM -0400, Ken Goldman wrote:
> Is there a web site or other document that lists which distros or 
> kernels include a TPM 2.0 driver?
> 
> I support a TPM 2.0 user space TSS.  Not seeing /dev/tpm0 is a typical 
> error that prospective users see, and I'd like to give them some guidance.
> 
> If there is no such page, and people are willing to post information, 
> I'd be happy to include it on my TSS page.

You need to work with SuSE and Red Hat to make sure they are aware of
the need to backport this subsystem into their kernels. TPM has been
quiet for so long, nobody is likely paying attention.

It is technically feasible to make a stand alone back port module,
however it will not be able to integrate into the kernel's IMA, just
provide the /dev/tpm0. This would be alot of work for someone to do.

We have made so many huge changes since the old kernels the enterprise
distros are shipping that a simple driver backport is not feasible.

Jason

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev

Re: TPM2 Driver Support in distros (part 1)

[Peter Huewe]

Hi Ken,

I just checked and it seems that RHEL7.2 has backported some parts of the TPM2.0 support to their 3.10 kernel. 
For the tpm_tis part it is still lacking the acpi detection,
 but loading the tpm_tis driver with force=1 should result in a working driver.
(either modprobe tpm_tis force=1  or at the boot commandline tpm_tis.force=1

Thanks,

Peter

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Re: TPM2 Driver Support in distros (part 1)

[Jerry Snitselaar]

On Thu Aug 11 16, Peter Huewe wrote:
>
>Hi Ken,
>
>I just checked and it seems that RHEL7.2 has backported some parts of the TPM2.0 support to their 3.10 kernel. 
>For the tpm_tis part it is still lacking the acpi detection,
> but loading the tpm_tis driver with force=1 should result in a working driver.
>(either modprobe tpm_tis force=1  or at the boot commandline tpm_tis.force=1
>
>Thanks,
>
>Peter
>
>------------------------------------------------------------------------------
>What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
>patterns at an interface-level. Reveals which users, apps, and protocols are
>consuming the most bandwidth. Provides multi-vendor support for NetFlow,
>J-Flow, sFlow and other flows. Make informed decisions using capacity
>planning reports. http://sdm.link/zohodev2dev
>_______________________________________________
>tpmdd-devel mailing list
>tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
>https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

The acpi detection fix is in our RHEL7 kernel currently being worked
on. The RHEL6.8 kernel also has some TPM2.0 support, including the
acpi detection fix, but doesn't have most of the commits that have hit
upstream since late last year. While there is kernel support for
TPM2.0 drivers in RHEL7 and RHEL6, there currently aren't any packages
providing userspace support like tpm-tools and trousers do for TPM1.2.

------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are 
consuming the most bandwidth. Provides multi-vendor support for NetFlow, 
J-Flow, sFlow and other flows. Make informed decisions using capacity 
planning reports. http://sdm.link/zohodev2dev