[PATCH v3] tpm: check selftest status before retrying full selftest
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Fri May 18 07:04:08 UTC 2018
On Tue, May 15, 2018 at 12:47:12PM +0530, Nayna Jain wrote:
> TPM 2.0 supports TPM2_GetTestResult[1], which can be used to check the
> selftest status. This patch implements the tpm2_get_selftest_result()
> function to check the selftest status before trying full selftest.
>
> [1] As per TCG Specification, Trusted Platform Module Library,
> Part 2 - Commands, Section 10.4:
>
> "This command(TPM2_GetTestResult) returns manufacturer-specific information
> regarding the results of a self-test and an indication of the test status.
>
> Signed-off-by: Nayna Jain <nayna at linux.vnet.ibm.com>
> Tested-by: Mimi Zohar <zohar at linux.vnet.ibm.com> (on Pi with TPM 2.0)
> Tested-by: Stefan Berger <stefanb at linux.vnet.ibm.com> (With QEMU with
> swtpm TPM 2.0)
> ---
>
> Changelog:
>
> v3:
> * modified to check the selftest status before full selftest command is run
> * fixed the patch description
> * includes Jarkko's feedbacks
>
> v2:
> * changed the subject and updated patch description
> * removed the logs
>
> drivers/char/tpm/tpm.h | 2 ++
> drivers/char/tpm/tpm2-cmd.c | 44 ++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 46 insertions(+)
>
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index af3bb87d3ea1..1de4240b52c4 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -114,6 +114,7 @@ enum tpm2_return_codes {
> TPM2_RC_FAILURE = 0x0101,
> TPM2_RC_DISABLED = 0x0120,
> TPM2_RC_COMMAND_CODE = 0x0143,
> + TPM2_RC_NEEDS_TEST = 0x0153,
> TPM2_RC_TESTING = 0x090A, /* RC_WARN */
> TPM2_RC_REFERENCE_H0 = 0x0910,
> TPM2_RC_RETRY = 0x0922,
> @@ -144,6 +145,7 @@ enum tpm2_command_codes {
> TPM2_CC_FLUSH_CONTEXT = 0x0165,
> TPM2_CC_GET_CAPABILITY = 0x017A,
> TPM2_CC_GET_RANDOM = 0x017B,
> + TPM2_CC_GET_TEST_RESULT = 0x017C,
> TPM2_CC_PCR_READ = 0x017E,
> TPM2_CC_PCR_EXTEND = 0x0182,
> TPM2_CC_LAST = 0x018F,
> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
> index 96c77c8e7f40..811bcf221208 100644
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -825,6 +825,43 @@ unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal)
> EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration);
>
> /**
> + * tpm2_get_selftest_result() - get the status of selftest
> + * @chip: TPM chip to use
> + *
> + * Return: TPM return code, errno otherwise
* Return:
* TPM return code,
* -errno otherwise
> + */
> +static int tpm2_get_selftest_result(struct tpm_chip *chip)
> +{
> + struct tpm_buf buf;
> + int rc;
> + int test_result;
> + uint16_t data_size;
> + int len;
> + const struct tpm_output_header *header;
> +
> + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_TEST_RESULT);
> + if (rc)
> + return rc;
> +
> + len = tpm_transmit(chip, NULL, buf.data, PAGE_SIZE, 0);
> + if (len < 0)
> + return len;
> +
> + header = (struct tpm_output_header *)buf.data;
> +
> + rc = be32_to_cpu(header->return_code);
> + if (rc)
> + return rc;
> +
> + data_size = be16_to_cpup((__be16 *)&buf.data[TPM_HEADER_SIZE]);
> +
> + test_result = be32_to_cpup((__be32 *)
> + (&buf.data[TPM_HEADER_SIZE + 2 + data_size]));
Why you can't just use rc here like is done in every other function?
Sorry, did missed this in the previous review.
> +
> + return test_result;
> +}
> +
> +/**
> * tpm2_do_selftest() - ensure that all self tests have passed
> *
> * @chip: TPM chip to use
> @@ -857,6 +894,13 @@ static int tpm2_do_selftest(struct tpm_chip *chip)
> rc = TPM2_RC_SUCCESS;
> if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS)
> return rc;
> +
> + rc = tpm2_get_selftest_result(chip);
> + dev_dbg(&chip->dev, "self test result is %04x\n", rc);
Please remove this dev_dbg() (also this one).
> +
> + if (rc == TPM2_RC_TESTING || rc == TPM2_RC_SUCCESS)
> + return TPM2_RC_SUCCESS;
> +
> }
>
> return rc;
> --
> 2.13.6
>
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list