[PATCH v8 3/3] tpm: Lazily flush the auth session
Jarkko Sakkinen
jarkko at kernel.org
Mon Oct 28 20:56:35 UTC 2024
On Mon Oct 28, 2024 at 7:52 PM EET, Stefan Berger wrote:
>
> On 10/28/24 1:50 AM, Jarkko Sakkinen wrote:
> > Move the allocation of chip->auth to tpm2_start_auth_session() so that this
> > field can be used as flag to tell whether auth session is active or not.
> >
> > Instead of flushing and reloading the auth session for every transaction
> > separately, keep the session open unless /dev/tpm0 is used.
> >
> > Reported-by: Pengyu Ma <mapengyu at gmail.com>
> > Closes: https://bugzilla.kernel.org/show_bug.cgi?id=219229
> > Cc: stable at vger.kernel.org # v6.10+
> > Fixes: 7ca110f2679b ("tpm: Address !chip->auth in tpm_buf_append_hmac_session*()")
> > Tested-by: Pengyu Ma <mapengyu at gmail.com>
> > Signed-off-by: Jarkko Sakkinen <jarkko at kernel.org>
>
> Reviewed-by: Stefan Berger <stefanb at linux.ibm.com>
> Tested-by: Stefan Berger <stefanb at linux.ibm.com>
Thanks!
Next after this: tpm2_get_random() issues reported.
I think biggest problem with that in general, and independent of bugs,
is that it does not pool random but instead pulls random small chunks.
This is more like performance issue exposed by bus encryption than
introducing a new issue (not formally but with better implementation
would not be necessarily a problem).
BR, Jarkko
More information about the Linux-security-module-archive
mailing list