From patchwork Tue May 4 12:48:33 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12238031 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-10.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH,MAILING_LIST_MULTI,SPF_HELO_NONE, SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D19C2C433ED for ; Tue, 4 May 2021 12:49:20 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 8312161185 for ; Tue, 4 May 2021 12:49:20 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8312161185 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.122279.230573 (Exim 4.92) (envelope-from ) id 1lduU9-0005hj-Ao; Tue, 04 May 2021 12:49:09 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 122279.230573; Tue, 04 May 2021 12:49:09 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lduU9-0005hc-7Y; Tue, 04 May 2021 12:49:09 +0000 Received: by outflank-mailman (input) for mailman id 122279; Tue, 04 May 2021 12:49:08 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1lduU7-0005hX-VY for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:08 +0000 Received: from mail-qk1-x72e.google.com (unknown [2607:f8b0:4864:20::72e]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id b60ccf20-5525-43f5-87ae-b1dfd6a5731d; Tue, 04 May 2021 12:49:07 +0000 (UTC) Received: by mail-qk1-x72e.google.com with SMTP id u20so8296200qku.10 for ; Tue, 04 May 2021 05:49:07 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa]) by smtp.gmail.com with ESMTPSA id i11sm2355001qtv.8.2021.05.04.05.49.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 04 May 2021 05:49:05 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: b60ccf20-5525-43f5-87ae-b1dfd6a5731d DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3Tal1ALW05zmL2hsosOStx0zh1sfSUh+K85bAjmwB0s=; b=g+zsHD5UKRDMcY71P8S37WwU7yTMTXKBdFvm/mB+j42Ll9sJG2HAabiggqE1fKEoLW 7vzugJF3g4LFJguXY6616H7LfXXkcSRT3YB/SoTAP0fIeKjA6GdhcAkzhVToeKHzK4iC k/B9bRsHEkKZ/9jYuBA6uh6Zv9u7bWghKSZYW39ASCOW5vkU3seScFxUnoYueK8P0W1o ++nvp1b5QRWiC0UhOEiSnjczqanU9jx5TqJ6eytDl2nVP0+FwE73AcsEGG/36PYE+EYh hECuCwk34VkwGB1BTzAlgaR9p/656rfx82QIzggYGbl/i+U/eyzDKNrnCxsakx/VPhY3 hmUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=3Tal1ALW05zmL2hsosOStx0zh1sfSUh+K85bAjmwB0s=; b=YwkBZmV4esowj89i2QXwl9Bwb5KP5KZxuFvkk0seeb3K9793/+A8BpmtAQUyNiMYN2 63FZN+usUS8R5WqW8YWeXO6lCWAyeUQ+sPYH8MYIWn6c7FyJAcdVd7MArbnCVDzSk0Tt lWdVCRf7kpl8HG7FSOBGn36C3ieS1brn3q7v6YX2zuFg62chUVYRYUoWRlFSIIaWLbi5 PFRkXHL0dqH5q+b4hzPtxcBswc/fDzF2aS5TT9K/kfPiGvY3NHaNuAyTHNLxwHkemqLn j6A55tKPVO8DEGod7zYNTH12NOXPab74wIibCnl20wu5LR4ddtV8H0iFx7r1X730PAr+ npoA== X-Gm-Message-State: AOAM532d97bu6TYiMfXvqIpFSGr0ya4nI7skEHRhxsYKtIGOgJIaIJvH kyYpo4G4AmDRwrbD7tlsEytGC+NIUyA= X-Google-Smtp-Source: ABdhPJy5/Jft3DXtjDP9GwNUBxgzKrfsRvUUNHQx+GTa/Eck1jXs+Dxc0b5qzzHOmmmX5f5Gppskng== X-Received: by 2002:a05:620a:13bc:: with SMTP id m28mr8490152qki.357.1620132546581; Tue, 04 May 2021 05:49:06 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Ian Jackson , Wei Liu , Daniel De Graaf , Quan Xu , Samuel Thibault , Dag Nygren Subject: [PATCH 0/9] vtpmmgr: Some fixes - still incomplete Date: Tue, 4 May 2021 08:48:33 -0400 Message-Id: <20210504124842.220445-1-jandryuk@gmail.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 vtpmmgr TPM 2.0 support is incomplete. There is no code to save the tpm2 keys generated by the vtpmmgr, so it's impossible to restore vtpm state with tpm2. The vtpmmgr also issues TPM 1.2 commands to the TPM 2.0 hardware which naturally fails. Dag reported this [1][2], and I independently re-discovered it. I have not fixed the above issues. These are some fixes I made while investigating tpm2 support. At a minimum, "docs: Warn about incomplete vtpmmgr TPM 2.0 support" should be applied to warn others. This is useful for debugging: vtpmmgr: Print error code to aid debugging This fixes vtpmmgr output (also noted by Dag [3]) but maybe removing %z would be better: stubom: newlib: Enable C99 formats for %z This gives more flexibility if you are already using the TPM2 hardware: vtpmmgr: Allow specifying srk_handle for TPM2 These are some changes to unload keys from the TPM hardware (so they are not still loaded for anything that runs afterwards): vtpmmgr: Move vtpmmgr_shutdown vtpmmgr: Flush transient keys on shutdown vtpmmgr: Flush all transient keys vtpmmgr: Shutdown more gracefully This lets vtpms initialize their random pools: vtpmmgr: Support GetRandom passthrough on TPM 2.0 [1] https://lore.kernel.org/xen-devel/8285393.eUs1EhXEQl@eseries.newtech.fi/ [2] https://lore.kernel.org/xen-devel/1615731.eyaQ0j4tC5@eseries.newtech.fi/ [3] https://lore.kernel.org/xen-devel/3151252.0ZAaMuH7Fy@dag.newtech.fi/ Jason Andryuk (9): docs: Warn about incomplete vtpmmgr TPM 2.0 support vtpmmgr: Print error code to aid debugging stubom: newlib: Enable C99 formats for %z vtpmmgr: Allow specifying srk_handle for TPM2 vtpmmgr: Move vtpmmgr_shutdown vtpmmgr: Flush transient keys on shutdown vtpmmgr: Flush all transient keys vtpmmgr: Shutdown more gracefully vtpmmgr: Support GetRandom passthrough on TPM 2.0 docs/man/xen-vtpmmgr.7.pod | 18 +++++++++++ stubdom/Makefile | 2 +- stubdom/vtpmmgr/init.c | 49 ++++++++++++++++++++---------- stubdom/vtpmmgr/marshal.h | 10 ++++++ stubdom/vtpmmgr/tpm.c | 2 +- stubdom/vtpmmgr/tpm2.c | 2 +- stubdom/vtpmmgr/vtpm_cmd_handler.c | 48 +++++++++++++++++++++++++++++ stubdom/vtpmmgr/vtpmmgr.c | 12 +++++++- 8 files changed, 123 insertions(+), 20 deletions(-)