[v2,00/13] vtpmmgr: Some fixes - still incomplete

Message ID	20210506135923.161427-1-jandryuk@gmail.com (mailing list archive)
Headers	show Return-Path: <SRS0=KcDw=KB=lists.xenproject.org=xen-devel-bounces@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 62BE86103E Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org> From: Jason Andryuk <jandryuk@gmail.com> To: xen-devel@lists.xenproject.org Cc: Jason Andryuk <jandryuk@gmail.com>, Ian Jackson <iwj@xenproject.org>, Wei Liu <wl@xen.org>, Daniel De Graaf <dgdegra@tycho.nsa.gov>, Quan Xu <quan.xu0@gmail.com>, Samuel Thibault <samuel.thibault@ens-lyon.org> Subject: [PATCH v2 00/13] vtpmmgr: Some fixes - still incomplete Date: Thu, 6 May 2021 09:59:10 -0400 Message-Id: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	vtpmmgr: Some fixes - still incomplete \| expand [v2,00/13] vtpmmgr: Some fixes - still incomplete [v2,01/13] docs: Warn about incomplete vtpmmgr TPM 2.0 support [v2,02/13] vtpmmgr: Print error code to aid debugging [v2,03/13] stubom: newlib: Enable C99 formats for %z [v2,04/13] vtpmmgr: Allow specifying srk_handle for TPM2 [v2,05/13] vtpmmgr: Move vtpmmgr_shutdown [v2,06/13] vtpmmgr: Flush transient keys on shutdown [v2,07/13] vtpmmgr: Flush all transient keys [v2,08/13] vtpmmgr: Shutdown more gracefully [v2,09/13] vtpmmgr: Support GetRandom passthrough on TPM 2.0 [v2,10/13] vtpmmgr: Remove bogus cast from TPM2_GetRandom [v2,11/13] vtpmmgr: Fix owner_auth & srk_auth parsing [v2,12/13] vtpmmgr: Check req_len before unpacking command [v2,13/13] vtpm: Correct timeout units and command duration

Message ID

20210506135923.161427-1-jandryuk@gmail.com (mailing list archive)

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 62BE86103E
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Ian Jackson <iwj@xenproject.org>,
	Wei Liu <wl@xen.org>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH v2 00/13] vtpmmgr: Some fixes - still incomplete
Date: Thu,  6 May 2021 09:59:10 -0400
Message-Id: <20210506135923.161427-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

vtpmmgr: Some fixes - still incomplete | expand

Message

Jason Andryuk May 6, 2021, 1:59 p.m. UTC

vtpmmgr TPM 2.0 support is incomplete.  There is no code to save the
tpm2 keys generated by the vtpmmgr, so it's impossible to restore vtpm
state with tpm2.  The vtpmmgr also issues TPM 1.2 commands to the TPM
2.0 hardware which naturally fails.  Dag reported this [1][2], and I
independently re-discovered it.

I have not fixed the above issues.  These are some fixes I made while
investigating tpm2 support.  At a minimum, "docs: Warn about incomplete
vtpmmgr TPM 2.0 support" should be applied to warn others.

This is useful for debugging:
vtpmmgr: Print error code to aid debugging

This fixes vtpmmgr output (also noted by Dag [3]):
stubom: newlib: Enable C99 formats for %z

This gives more flexibility if you are already using the TPM2 hardware:
vtpmmgr: Allow specifying srk_handle for TPM2

These are some changes to unload keys from the TPM hardware (so they
are not still loaded for anything that runs afterwards):
vtpmmgr: Move vtpmmgr_shutdown
vtpmmgr: Flush transient keys on shutdown
vtpmmgr: Flush all transient keys
vtpmmgr: Shutdown more gracefully

This lets vtpms initialize their random pools:
vtpmmgr: Support GetRandom passthrough on TPM 2.0

New in v2:
TPM2_GetRandom fix per Samuel:
vtpmmgr: Remove bogus cast from TPM2_GetRandom

Change ":" to "=":
vtpmmgr: Fix owner_auth & srk_auth parsing

Follow on from comments from Samuel
vtpmmgr: Check req_len before unpacking command

Fix for vtpm emulator to work with Linux 5.4
vtpm: Correct timeout units and command duration

Changes in v2:
Added R-by & Ack-by to 1-3,5-8
Updated #4 to use srk_handle=
Updated #7 commit message
Updated #9 per Samuel
Added #10-13

[1] https://lore.kernel.org/xen-devel/8285393.eUs1EhXEQl@eseries.newtech.fi/
[2] https://lore.kernel.org/xen-devel/1615731.eyaQ0j4tC5@eseries.newtech.fi/
[3] https://lore.kernel.org/xen-devel/3151252.0ZAaMuH7Fy@dag.newtech.fi/

Jason Andryuk (13):
  docs: Warn about incomplete vtpmmgr TPM 2.0 support
  vtpmmgr: Print error code to aid debugging
  stubom: newlib: Enable C99 formats for %z
  vtpmmgr: Allow specifying srk_handle for TPM2
  vtpmmgr: Move vtpmmgr_shutdown
  vtpmmgr: Flush transient keys on shutdown
  vtpmmgr: Flush all transient keys
  vtpmmgr: Shutdown more gracefully
  vtpmmgr: Support GetRandom passthrough on TPM 2.0
  vtpmmgr: Remove bogus cast from TPM2_GetRandom
  vtpmmgr: Fix owner_auth & srk_auth parsing
  vtpmmgr: Check req_len before unpacking command
  vtpm: Correct timeout units and command duration

 docs/man/xen-vtpmmgr.7.pod              | 18 +++++++
 stubdom/Makefile                        |  4 +-
 stubdom/vtpm-command-duration.patch     | 52 +++++++++++++++++++
 stubdom/vtpm-microsecond-duration.patch | 52 +++++++++++++++++++
 stubdom/vtpmmgr/init.c                  | 57 +++++++++++++--------
 stubdom/vtpmmgr/marshal.h               | 15 ++++++
 stubdom/vtpmmgr/tpm.c                   |  2 +-
 stubdom/vtpmmgr/tpm2.c                  | 15 ++++--
 stubdom/vtpmmgr/vtpm_cmd_handler.c      | 67 ++++++++++++++++++++++++-
 stubdom/vtpmmgr/vtpmmgr.c               | 12 ++++-
 10 files changed, 266 insertions(+), 28 deletions(-)
 create mode 100644 stubdom/vtpm-command-duration.patch
 create mode 100644 stubdom/vtpm-microsecond-duration.patch