[PATCH] tpm: Limit TCG_TPM2_HMAC to known good drivers
Jarkko Sakkinen
jarkko at kernel.org
Wed Jul 3 17:24:25 UTC 2024
On Wed Jul 3, 2024 at 4:02 AM EEST, Jarkko Sakkinen wrote:
> On Wed Jul 3, 2024 at 3:30 AM EEST, Jarkko Sakkinen wrote:
> > + depends on TCG_CRB || TCG_TIS_CORE
>
> Needs to be "depends on !TCG_IBMVTPM":
>
> https://lore.kernel.org/linux-integrity/D2FHWYEXITS4.1GNXEB8V6KJM7@kernel.org/
This ended up such a mess to fix with any fast path so I made a
proper fix for the core issue in the hmac authentication patch
set:
https://lore.kernel.org/linux-integrity/20240703170815.1494625-1-jarkko@kernel.org/
The problem is that tpm_crb and tpm_tis_core are the *only*
drivers, which call tpm_chip_bootstrap() so it is better not to
take any possible risks with this. I'm still aiming to get these
fixes into 6.10.
BR, Jarkko
More information about the Linux-security-module-archive
mailing list