| Message ID | 20190109221103.1897677-1-stefanb@linux.vnet.ibm.com (mailing list archive) |
|---|---|
| Headers | show |
| Series | Extend TPM PPI interface to support revision 1.3 | expand |
> -----Original Message----- > From: linux-integrity-owner@vger.kernel.org <linux-integrity- > owner@vger.kernel.org> On Behalf Of Stefan Berger > Sent: Wednesday, January 09, 2019 5:11 PM > To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com > Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org; > Stefan Berger <stefanb@linux.vnet.ibm.com> > Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 > > This series of patches extends the TPM subsystem's PPI support to support > TPM PPI revision 1.3 where more commands are supported (up to 101) and > the TPM 2 command code '23' takes an additional parameter. > > For the command code '23' see this document here on document page 39: > https://trustedcomputinggroup.org/wp-content/uploads/Physical- > Presence-Interface_1-30_0-52.pdf > > Stefan You might mention that this is an important feature, as on at least some systems, ppi function 23 is the only way to enable/disable PCR banks. I have tested this patch set on my HP Spectre laptop, and I am finally able to turn the sha-1 bank on and off. Much appreciated! Tested-by: David Safford <david.safford@ge.com> > > Stefan Berger (5): > tpm: ppi: pass function revision ID to tpm_eval_dsm() > tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 > tpm: ppi: Display up to 101 operations as define for version 1.3 > tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used > tpm: ppi: Enable submission of optional command parameter for PPI 1.3 > > drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++-------- > -- > 1 file changed, 58 insertions(+), 20 deletions(-) > > -- > 2.17.1
On 1/11/19 3:28 PM, Safford, David (GE Global Research) wrote: >> -----Original Message----- >> From: linux-integrity-owner@vger.kernel.org <linux-integrity- >> owner@vger.kernel.org> On Behalf Of Stefan Berger >> Sent: Wednesday, January 09, 2019 5:11 PM >> To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com >> Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org; >> Stefan Berger <stefanb@linux.vnet.ibm.com> >> Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3 >> >> This series of patches extends the TPM subsystem's PPI support to support >> TPM PPI revision 1.3 where more commands are supported (up to 101) and >> the TPM 2 command code '23' takes an additional parameter. >> >> For the command code '23' see this document here on document page 39: >> https://trustedcomputinggroup.org/wp-content/uploads/Physical- >> Presence-Interface_1-30_0-52.pdf >> >> Stefan > You might mention that this is an important feature, as on at least some > systems, ppi function 23 is the only way to enable/disable PCR banks. 'The only way' depends on how good or bad the firmware support for this is. SeaBIOS will have a menu item that lets one toggle the activation of the PCR banks in the firmware menu -- assuming my patch makes it upstream :-) > > I have tested this patch set on my HP Spectre laptop, and I am finally > able to turn the sha-1 bank on and off. Much appreciated! > > Tested-by: David Safford <david.safford@ge.com> Thanks. Stefan > >> Stefan Berger (5): >> tpm: ppi: pass function revision ID to tpm_eval_dsm() >> tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1 >> tpm: ppi: Display up to 101 operations as define for version 1.3 >> tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used >> tpm: ppi: Enable submission of optional command parameter for PPI 1.3 >> >> drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++-------- >> -- >> 1 file changed, 58 insertions(+), 20 deletions(-) >> >> -- >> 2.17.1
On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote: > You might mention that this is an important feature, as on at least some > systems, ppi function 23 is the only way to enable/disable PCR banks. > > I have tested this patch set on my HP Spectre laptop, and I am finally > able to turn the sha-1 bank on and off. Much appreciated! > > Tested-by: David Safford <david.safford@ge.com> Great thanks David. /Jarkko
On 1/18/19 10:00 AM, Jarkko Sakkinen wrote: > On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote: >> You might mention that this is an important feature, as on at least some >> systems, ppi function 23 is the only way to enable/disable PCR banks. >> >> I have tested this patch set on my HP Spectre laptop, and I am finally >> able to turn the sha-1 bank on and off. Much appreciated! >> >> Tested-by: David Safford <david.safford@ge.com> > Great thanks David. While we are at it and for the grand finale of the day :-) +All you people, keep yourself alive! +Keep yourself alive! +Keep yourself alive! +C'mon, give me your reviewed's +to keep me satisfied! +Give me your signed-off's (1) +to keep me satisfied! +Keep yourself alive! +A few test-by's will keep me satisfied! +Keep yourself alive! +Check-in! (2) + +[In the style of Queen] Jarrko, do (1) and (2) to keep me satisfied :-)
On Fri, Feb 08, 2019 at 04:21:02PM -0500, Stefan Berger wrote: > On 1/18/19 10:00 AM, Jarkko Sakkinen wrote: > > On Fri, Jan 11, 2019 at 08:28:00PM +0000, Safford, David (GE Global Research) wrote: > > > You might mention that this is an important feature, as on at least some > > > systems, ppi function 23 is the only way to enable/disable PCR banks. > > > > > > I have tested this patch set on my HP Spectre laptop, and I am finally > > > able to turn the sha-1 bank on and off. Much appreciated! > > > > > > Tested-by: David Safford <david.safford@ge.com> > > Great thanks David. > > > While we are at it and for the grand finale of the day :-) > > +All you people, keep yourself alive! > +Keep yourself alive! > +Keep yourself alive! > +C'mon, give me your reviewed's > +to keep me satisfied! > +Give me your signed-off's (1) > +to keep me satisfied! > +Keep yourself alive! > +A few test-by's will keep me satisfied! > +Keep yourself alive! > +Check-in! (2) > + > +[In the style of Queen] > > > Jarrko, do (1) and (2) to keep me satisfied :-) I still think that in 5/5 branching could be better but is not a biggie for me (does not make the implementation as whole any kind of mess) and since it is now peer tested I rather would not modify it right now. Applied to master and next! /Jarkko
On 2/8/19 5:00 PM, Jarkko Sakkinen wrote: > On Fri, Feb 08, 2019 at 04:21:02PM -0500, Stefan Berger wrote: > I still think that in 5/5 branching could be better but is not a biggie > for me (does not make the implementation as whole any kind of mess) and > since it is now peer tested I rather would not modify it right now. > > Applied to master and next! 5/5 may cause a complaint about the scanf'ing of a single value in an existing line. Let's see... Thanks. Stefan