From: George Wilson <ltcgcw-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: Jason Gunthorpe
<jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
Cc: Andrew Azmansky
<andrew.zamansky-KrzQf0k3Iz9BDgjK7y7TUQ@public.gmane.org>,
David Heller <hellerda-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Subject: Re: Regarding recently Added TPM2.0 support to the Nuvoton i2c driver
Date: Wed, 27 Jul 2016 11:05:14 -0500 [thread overview]
Message-ID: <20160727160511.GA26597@us.ibm.com> (raw)
In-Reply-To: <20160726210344.GA18332-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
On Tue, Jul 26, 2016 at 03:03:44PM -0600, Jason Gunthorpe wrote:
> On Tue, Jul 26, 2016 at 03:39:02PM -0500, George Wilson wrote:
> > > Generally speaking probing is somewhat discouraged, currently we only
> > > probe for PC platform tis (and even that might be a mistake), all
> > > other drivers are designed to be explicit.
> >
> > How should field upgradable/downgradable TPMs be handled since hardcoding
> > the version in the device tree might give the wrong answer? Would early
> > firmware be expected to probe nonetheless and set the right device tree
> > property?
>
> Is that a real thing?
Yep, it's a thing. I know of at least 2 parts from 2 different
suppliers that are field upgradable/downgradable.
>
> Yes, generally Linux expects DT to be set correctly by the boot
> firmware. Early firmware needs to know the TPM type anyhow to do the
> TPM setup, so this doesn't seem like a realistic scenario.
A reset is required after upgrade/downgrade. But the version still
needs to be detected by the firmware somehow. It could be configured
manually in firmware state after the upgrade/downgrade to properly set
the property, which seems much less desirable than a probe.
>
> For TPM we made a somewhat arbitary choice that TPM2 has to be
> explicit. If there are real systems that benefit from auto-probing it
> could be revisited..
I think it's as necessary - at least at the firmware level - as for
x86_64.
>
> But, to be honest, I'm not certain how robust our probe technique is,
> and I think we should avoid probing, since TCG didn't design an
> approved detection sequence (??).
We did see issues with some older 1.2 TPMs that hung when probed by the
kernel with the wrong device driver but that hasn't been an issue for
some time. It looks like UEFI ultimately does probe and likely that's
required for other platforms. I don't think it's safe to assume a
TPM is always loaded with a particular firmware version across hard
resets.
>
> Jason
>
--
George Wilson
IBM Linux Technology Center
Security Development
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity planning
reports.http://sdm.link/zohodev2dev
next prev parent reply other threads:[~2016-07-27 16:05 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-07-26 18:14 Regarding recently Added TPM2.0 support to the Nuvoton i2c driver Nayna
[not found] ` <5797A893.9020205-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-07-26 20:17 ` Jason Gunthorpe
[not found] ` <20160726201711.GA17742-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-07-26 20:39 ` George Wilson
[not found] ` <20160726203902.GA17730-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2016-07-26 21:03 ` Jason Gunthorpe
[not found] ` <20160726210344.GA18332-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-07-27 16:05 ` George Wilson [this message]
[not found] ` <20160727160511.GA26597-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2016-07-27 16:31 ` Jason Gunthorpe
[not found] ` <20160727163152.GA27915-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-07-27 21:46 ` George Wilson
2016-07-27 14:30 ` Dave Heller
[not found] ` <5798C571.1000309-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-07-27 16:24 ` Jason Gunthorpe
[not found] ` <20160727162415.GA18843-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-07-27 17:27 ` Dave Heller
[not found] ` <5798EEFB.1000004-23VcF4HTsmIX0ybBhKVfKdBPR1lH4CV8@public.gmane.org>
2016-07-27 17:42 ` Jason Gunthorpe
[not found] ` <20160727174229.GA28681-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-07-27 22:34 ` George Wilson
[not found] ` <20160727223419.GA6132-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2016-07-29 6:40 ` Nayna
2016-08-26 3:49 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160727160511.GA26597@us.ibm.com \
--to=ltcgcw-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=andrew.zamansky-KrzQf0k3Iz9BDgjK7y7TUQ@public.gmane.org \
--cc=hellerda-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org \
--cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).