| Message ID | D15DSV117DQZ.3GJOTXCTGZHE9@kernel.org (mailing list archive) |
|---|---|
| State | New |
| Headers | show |
| Series | [GIT,PULL] TPM DEVICE DRIVER: tpmdd-next-6.10-rc1 | expand |
On Thu May 9, 2024 at 11:04 PM EEST, Jarkko Sakkinen wrote: > Hi, > > These are the changes for the TPM driver with a single major new > feature: TPM bus encryption and integrity protection. The key pair > on TPM side is generated from so called null random seed per power > on of the machine [1]. This supports the TPM encryption of the hard > drive by adding layer of protection against bus interposer attacks. > > Other than the pull request a few minor fixes and documentation for > tpm_tis to clarify basics of TPM localities for future patch review > discussions (will be extended and refined over times, just a seed). > > [1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/ Two former PR's (keys, trusted keys) look a bit different as I realized that my current script does not scale too well. So I do in future use a method where the subsystem name is picked from MAINTAINERS and I have crafted aerc templates [1] for each subsystem (also CC lists need tuning). This will get better and more polished as I get my scripting more polished. If anything went wrong, it is mostly because process changes have their glitches :-) https://man.archlinux.org/man/aerc-templates.7.en BR, Jarkko
The pull request you sent on Thu, 09 May 2024 23:04:04 +0300:
> git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/b19239143e393d4b52b3b9a17c7ac07138f2cfd4
Thank you!
The following changes since commit 45db3ab70092637967967bfd8e6144017638563c: Merge tag '6.9-rc7-ksmbd-fixes' of git://git.samba.org/ksmbd (2024-05-08 10:39:53 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1 for you to fetch changes up to 1d479e3cd6520085832a6b432d521eeead2691ba: Documentation: tpm: Add TPM security docs toctree entry (2024-05-09 22:30:52 +0300) ---------------------------------------------------------------- Hi, These are the changes for the TPM driver with a single major new feature: TPM bus encryption and integrity protection. The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. Other than the pull request a few minor fixes and documentation for tpm_tis to clarify basics of TPM localities for future patch review discussions (will be extended and refined over times, just a seed). [1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/ BR, Jarkko ---------------------------------------------------------------- Ard Biesheuvel (1): crypto: lib - implement library version of AES in CFB mode Bagas Sanjaya (1): Documentation: tpm: Add TPM security docs toctree entry Colin Ian King (1): tpm/eventlog: remove redundant assignment to variabel ret James Bottomley (14): tpm: Move buffer handling from static inlines to real functions tpm: add buffer function to point to returned parameters tpm: export the context save and load commands tpm: Add NULL primary creation tpm: Add TCG mandated Key Derivation Functions (KDFs) tpm: Add HMAC session start and end functions tpm: Add HMAC session name/handle append tpm: Add the rest of the session HMAC API tpm: add hmac checks to tpm2_pcr_extend() tpm: add session encryption protection to tpm2_get_random() KEYS: trusted: Add session encryption protection to the seal/unseal path tpm: add the null key name as a sysfs export Documentation: add tpm-security.rst tpm: disable the TPM if NULL name changes Jarkko Sakkinen (8): Documentation: tpm_tis tpm: Remove unused tpm_buf_tag() tpm: Remove tpm_send() tpm: Update struct tpm_buf documentation comments tpm: Store the length of the tpm_buf data separately. tpm: TPM2B formatted buffers tpm: Add tpm_buf_read_{u8,u16,u32} KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers Michael Haener (1): dt-bindings: tpm: Add st,st33ktpm2xi2c Niklas Schnelle (2): char: tpm: handle HAS_IOPORT dependencies char: tpm: Keep TPM_INF_IO_PORT define for HAS_IOPORT=n .../devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml | 1 + Documentation/security/tpm/index.rst | 2 + Documentation/security/tpm/tpm-security.rst | 216 ++++ Documentation/security/tpm/tpm_tis.rst | 46 + drivers/char/tpm/Kconfig | 17 +- drivers/char/tpm/Makefile | 2 + drivers/char/tpm/eventlog/acpi.c | 1 - drivers/char/tpm/tpm-buf.c | 252 ++++ drivers/char/tpm/tpm-chip.c | 6 + drivers/char/tpm/tpm-interface.c | 26 +- drivers/char/tpm/tpm-sysfs.c | 18 + drivers/char/tpm/tpm.h | 14 + drivers/char/tpm/tpm2-cmd.c | 53 +- drivers/char/tpm/tpm2-sessions.c | 1286 ++++++++++++++++++++ drivers/char/tpm/tpm2-space.c | 11 +- drivers/char/tpm/tpm_infineon.c | 14 +- drivers/char/tpm/tpm_tis_core.c | 19 +- include/crypto/aes.h | 5 + include/keys/trusted_tpm.h | 2 - include/linux/tpm.h | 316 +++-- lib/crypto/Kconfig | 5 + lib/crypto/Makefile | 3 + lib/crypto/aescfb.c | 257 ++++ security/keys/trusted-keys/trusted_tpm1.c | 23 +- security/keys/trusted-keys/trusted_tpm2.c | 136 ++- 25 files changed, 2519 insertions(+), 212 deletions(-) create mode 100644 Documentation/security/tpm/tpm-security.rst create mode 100644 Documentation/security/tpm/tpm_tis.rst create mode 100644 drivers/char/tpm/tpm-buf.c create mode 100644 drivers/char/tpm/tpm2-sessions.c create mode 100644 lib/crypto/aescfb.c