[GIT PULL] security: tpm subsystem updates for v5.1
James Morris
jmorris at namei.org
Fri Mar 8 22:49:56 UTC 2019
Please pull these updates from Jarkko Sakkinen:
"
Clean up the transmission flow
==============================
Cleaned up the whole transmission flow. Locking of the chip is now done in
the level of tpm_try_get_ops() and tpm_put_ops() instead taking the chip
lock inside tpm_transmit(). The nested calls inside tpm_transmit(), used
with the resource manager, have been refactored out.
Should make easier to perform more complex transactions with the TPM
without making the subsystem a bigger mess (e.g. encrypted channel patches
by James Bottomley).
PPI 1.3 support
===============
TPM PPI 1.3 introduces an additional optional command parameter that may
be
needed for some commands. Display the parameter if the command requires
such a parameter. Only command 23 (SetPCRBanks) needs one.
The PPI request file will show output like this then:
# echo "23 16" > request
# cat request
23 16
# echo "5" > request
# cat request
5
Extend all PCR banks in IMA
===========================
Instead of static PCR banks array, the array of available PCR banks is now
allocated dynamically. The digests sizes are determined dynamically using
a probe PCR read without relying crypto's static list of hash algorithms.
This should finally make sealing of measurements in IMA safe and secure.
TPM 2.0 selftests
=================
Added a test suite to tools/testing/selftests/tpm2 previously outside of
the kernel tree: https://github.com/jsakkine-intel/tpm2-scripts.
"
---
The following changes since commit e7a44cfd639945a0dec749f896adc1d340c2a6aa:
LSM: fix return value check in safesetid_init_securityfs() (2019-02-12 10:59:22 -0800)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security.git next-tpm
for you to fetch changes up to 5da10728037afea6743b76afddfdc9950cd711b3:
Merge tag 'tpmdd-next-20190213' of git://git.infradead.org/users/jjs/linux-tpmdd into next-tpm (2019-02-13 12:01:00 -0800)
----------------------------------------------------------------
James Morris (1):
Merge tag 'tpmdd-next-20190213' of git://git.infradead.org/users/jjs/linux-tpmdd into next-tpm
Jarkko Sakkinen (21):
tpm/tpm_crb: Avoid unaligned reads in crb_recv()
tpm: Fix some name collisions with drivers/char/tpm.h
selftests: add TPM 2.0 tests
tpm: Unify the send callback behaviour
tpm/tpm_i2c_atmel: Return -E2BIG when the transfer is incomplete
tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter
tpm: fix invalid return value in pubek_show()
tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails
tpm: print tpm2_commit_space() error inside tpm2_commit_space()
tpm: declare struct tpm_header
tpm: access command header through struct in tpm_try_transmit()
tpm: encapsulate tpm_dev_transmit()
tpm: clean up tpm_try_transmit() error handling flow
tpm: move tpm_validate_commmand() to tpm2-space.c
tpm: move TPM space code out of tpm_transmit()
tpm: remove @space from tpm_transmit()
tpm: use tpm_try_get_ops() in tpm-sysfs.c.
tpm: remove TPM_TRANSMIT_UNLOCKED flag
tpm: introduce tpm_chip_start() and tpm_chip_stop()
tpm: take TPM chip power gating out of tpm_transmit()
tpm: remove @flags from tpm_transmit()
Jerry Snitselaar (2):
tpm: don't print error message in tpm_transmit_cmd when tpm still testing
tpm: don't return bool from update_timeouts
Jia Zhang (2):
tpm: Simplify the measurements loop
tpm: Fix off-by-one when reading binary_bios_measurements
Roberto Sassu (7):
tpm: add _head suffix to tcg_efi_specid_event and tcg_pcr_event2
tpm: dynamically allocate the allocated_banks array
tpm: rename and export tpm2_digest and tpm2_algorithms
tpm: retrieve digest size of unknown algorithms with PCR read
tpm: move tpm_chip definition to include/linux/tpm.h
KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()
Stefan Berger (5):
tpm/ppi: pass function revision ID to tpm_eval_dsm()
tpm/ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_ID_1
tpm/ppi: Display up to 101 operations as define for version 1.3
tpm/ppi: Possibly show command parameter if TPM PPI 1.3 is used
tpm/ppi: Enable submission of optional command parameter for PPI 1.3
drivers/char/tpm/eventlog/tpm1.c | 41 +-
drivers/char/tpm/eventlog/tpm2.c | 12 +-
drivers/char/tpm/st33zp24/i2c.c | 2 +-
drivers/char/tpm/st33zp24/spi.c | 2 +-
drivers/char/tpm/st33zp24/st33zp24.c | 2 +-
drivers/char/tpm/st33zp24/st33zp24.h | 4 +-
drivers/char/tpm/tpm-chip.c | 124 ++++-
drivers/char/tpm/tpm-dev-common.c | 44 +-
drivers/char/tpm/tpm-interface.c | 327 ++++----------
drivers/char/tpm/tpm-sysfs.c | 138 +++---
drivers/char/tpm/tpm.h | 180 ++------
drivers/char/tpm/tpm1-cmd.c | 43 +-
drivers/char/tpm/tpm2-cmd.c | 208 +++++----
drivers/char/tpm/tpm2-space.c | 90 +++-
drivers/char/tpm/tpm_atmel.c | 2 +-
drivers/char/tpm/tpm_crb.c | 22 +-
drivers/char/tpm/tpm_i2c_atmel.c | 15 +-
drivers/char/tpm/tpm_i2c_infineon.c | 17 +-
drivers/char/tpm/tpm_i2c_nuvoton.c | 18 +-
drivers/char/tpm/tpm_ibmvtpm.c | 8 +-
drivers/char/tpm/tpm_infineon.c | 2 +-
drivers/char/tpm/tpm_nsc.c | 2 +-
drivers/char/tpm/tpm_ppi.c | 78 +++-
drivers/char/tpm/tpm_tis_core.c | 21 +-
drivers/char/tpm/tpm_vtpm_proxy.c | 15 +-
drivers/char/tpm/xen-tpmfront.c | 4 +-
include/linux/tpm.h | 129 +++++-
include/linux/tpm_eventlog.h | 19 +-
security/integrity/ima/ima.h | 1 +
security/integrity/ima/ima_crypto.c | 10 +-
security/integrity/ima/ima_init.c | 4 +
security/integrity/ima/ima_queue.c | 27 +-
security/keys/trusted.c | 73 ++-
tools/testing/selftests/Makefile | 1 +
tools/testing/selftests/tpm2/Makefile | 4 +
tools/testing/selftests/tpm2/test_smoke.sh | 4 +
tools/testing/selftests/tpm2/test_space.sh | 4 +
tools/testing/selftests/tpm2/tpm2.py | 696 +++++++++++++++++++++++++++++
tools/testing/selftests/tpm2/tpm2_tests.py | 227 ++++++++++
39 files changed, 1876 insertions(+), 744 deletions(-)
create mode 100644 tools/testing/selftests/tpm2/Makefile
create mode 100755 tools/testing/selftests/tpm2/test_smoke.sh
create mode 100755 tools/testing/selftests/tpm2/test_space.sh
create mode 100644 tools/testing/selftests/tpm2/tpm2.py
create mode 100644 tools/testing/selftests/tpm2/tpm2_tests.py
More information about the Linux-security-module-archive
mailing list