From patchwork Thu May 6 13:59:11 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242179 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,URI_NOVOWEL,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 75D79C43460 for ; Thu, 6 May 2021 14:00:14 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 0F1BB6103E for ; Thu, 6 May 2021 14:00:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 0F1BB6103E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123533.232988 (Exim 4.92) (envelope-from ) id 1leeXl-0003zy-JF; Thu, 06 May 2021 13:59:57 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123533.232988; Thu, 06 May 2021 13:59:57 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXl-0003zp-F7; Thu, 06 May 2021 13:59:57 +0000 Received: by outflank-mailman (input) for mailman id 123533; Thu, 06 May 2021 13:59:55 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXj-0003iB-N7 for xen-devel@lists.xenproject.org; Thu, 06 May 2021 13:59:55 +0000 Received: from mail-qt1-x82b.google.com (unknown [2607:f8b0:4864:20::82b]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5d060e54-3546-4113-998d-8797937aaeb2; Thu, 06 May 2021 13:59:55 +0000 (UTC) Received: by mail-qt1-x82b.google.com with SMTP id o1so4050262qta.1 for ; Thu, 06 May 2021 06:59:55 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.06.59.53 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 06:59:53 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5d060e54-3546-4113-998d-8797937aaeb2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=poW51U2VVY5gXkXvZ25b1vYYpwTn8lqPWe1EiAs4Tbg=; b=HD7SXwT1NtfGxVWBp6YBENsTVJbzVh4hYQ7yBUVP/I57IT5WiRkPD0qxJ9Z9Odak6e z4kGtG4S2UPVug+BzfZGv1fEQWFV3enWUR4GuK9XqXF7VZPYJuSrjfXltS54iyhVBI73 PsUgwc01UpMbTgfI8Mj0Kq6FQ64bEw345mssQe2pvL0ptGC322h0SzK1iEaKHB9N+NFm z55TXBqM5jGrZcPdoQ6ywyn33/L8aEyYL+q0nrmBBpuNSdpc7tsrc9MVJKJZginFtWNS sH+U+ZqOChZWLlHSD2YHv/nh3InxnkDdr+7ORPZg8BhVbnMMhv3kLf/xk+D1FGIIcN4g v4CA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=poW51U2VVY5gXkXvZ25b1vYYpwTn8lqPWe1EiAs4Tbg=; b=kaXmgcg1hYdqIIqeb9OBT7iHqkxBFyl5YP8GfBXRvoS9b8tUz7QjZylbcC0j54H6uf +vKSYkqIfbbP3lKWkPkofZ/O43BsD1azJau8ZGAJ22o7e1p4FhZHIrgWivq0W4urCxWy wd/zfGa4xYrp9Ge6qSzXSIi2BhcUP8VOvQ/W6tfNAU59w665G5p+n7TOopehgvA1wiDc dwozjxRzArr+gyKYF03aIYiEP/nn9SnolUgTXRW839JRFkXLop5oCrPVijl0wx0bD1NC 7ObOzVH5G2ssjXq9fgbT274Q3A6ybijUV1Wf3FSAjgK2am7SrFYylBZRbsQE6IyexjWX YN5Q== X-Gm-Message-State: AOAM532cX/DS+vsp73ODkBU7TF2uRkp2FY+qRPqtgsY4KbcvCUQ9rbfQ wJzypJNXFKp9zFWC23p1iAi5yHCN77c= X-Google-Smtp-Source: ABdhPJx0LAeDDpflzjiEYTOwZOIRcLGZhioDrPhNBATKFN1RUoXo5q/WK1BQeG6fvr4KxQdFiBnfrg== X-Received: by 2002:aed:2128:: with SMTP id 37mr4311335qtc.163.1620309594470; Thu, 06 May 2021 06:59:54 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Ian Jackson , Wei Liu , Andrew Cooper Subject: [PATCH v2 01/13] docs: Warn about incomplete vtpmmgr TPM 2.0 support Date: Thu, 6 May 2021 09:59:11 -0400 Message-Id: <20210506135923.161427-2-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 The vtpmmgr TPM 2.0 support is incomplete. Add a warning about that to the documentation so others don't have to work through discovering it is broken. Signed-off-by: Jason Andryuk Acked-by: Andrew Cooper --- docs/man/xen-vtpmmgr.7.pod | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod index af825a7ffe..875dcce508 100644 --- a/docs/man/xen-vtpmmgr.7.pod +++ b/docs/man/xen-vtpmmgr.7.pod @@ -222,6 +222,17 @@ XSM label, not the kernel. =head1 Appendix B: vtpmmgr on TPM 2.0 +=head2 WARNING: Incomplete - cannot persist data + +TPM 2.0 support for vTPM manager is incomplete. There is no support for +persisting an encryption key, so vTPM manager regenerates primary and secondary +key handles each boot. + +Also, the vTPM manger group command implementation hardcodes TPM 1.2 commands. +This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejects +the TPM 1.2 commands. vTPM manager with TPM 2.0 cannot create groups and +therefore cannot persist vTPM contents. + =head2 Manager disk image setup: The vTPM Manager requires a disk image to store its encrypted data. The image From patchwork Thu May 6 13:59:12 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242175 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id AFD4DC433ED for ; Thu, 6 May 2021 14:00:13 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 4550661175 for ; Thu, 6 May 2021 14:00:13 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4550661175 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123534.233000 (Exim 4.92) (envelope-from ) id 1leeXp-0004X9-TO; Thu, 06 May 2021 14:00:01 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123534.233000; Thu, 06 May 2021 14:00:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXp-0004WY-P4; Thu, 06 May 2021 14:00:01 +0000 Received: by outflank-mailman (input) for mailman id 123534; Thu, 06 May 2021 14:00:00 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXo-0003iB-NM for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:00 +0000 Received: from mail-qk1-x72b.google.com (unknown [2607:f8b0:4864:20::72b]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 35cf9597-2d37-4779-b7e5-b5274f56732d; Thu, 06 May 2021 13:59:56 +0000 (UTC) Received: by mail-qk1-x72b.google.com with SMTP id a22so4385472qkl.10 for ; Thu, 06 May 2021 06:59:56 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.06.59.54 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 06:59:55 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 35cf9597-2d37-4779-b7e5-b5274f56732d DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=SCid/Fz7LIrkhT623U47nCiexIJBPSb/z7U4jQky+9M=; b=o74AxszkG4ApqEkoZ8gmh9ZcWJHzVmj9wYURxh2AI+TkrexELduphfW+qEXIX+gkuo adrRZWaGh77TNrzEn+VCKwwlm68QOuah312/X/FjOIjE759FbPWIxCBDUySfHoG1gRv2 LYskFUGFsNJZGi1at+wWQh4EfpnYfZ54tSd/qtnoG9ZMBDdnE6a3lQjTECSeyi3WmG0S ee1YQnzPQ13t2/ho7lrg/VvZoUTLqsLPYUuX9qczGd1GdFjd31BBUcd2TAfkHNrSyals rt+cV2ODjk+1uKVvjs1Xkus0cF3gfNr+NtP7cBXK6GU2f0gKX8nsgF5zqVKu/RPXfoaB 4zAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=SCid/Fz7LIrkhT623U47nCiexIJBPSb/z7U4jQky+9M=; b=TrNukfYeITWXslD2Sf4E5xCfTC6jGiSPdOn9X0EQF6D94BS6Fb4KqS98dWkWrzsWqa mwLvLd0D7xns4JMUi6LxaVs9mgyTrFIe19/RfU8ZtjJaNxij8iZuiIexdY+A0RAN5T/1 mvKFk5zqEg0LCt8KlCX/5U3tTgNsn+6TYIpK4ishGDEVVaGeDt7TyGIlgPOE3fgM+914 xFxmWkr4UPkqMEuwvoMb0185NwDgoGB+8zeDhkL37ZopOhlEarFt9ANWu2VS5m/3xOJk 5Fo2+cxHXmrdpHdhPNnCw7QSXhhzWFjkgkxQdK9DYj/mNBcj8q0/5dvFAfI4XB8UMV+T Xzfw== X-Gm-Message-State: AOAM53016wWfpxgHw88D9MdkQPpuNZH2v0J+JIG7Xd1gMM1pJFNfdnAq 4Uhy/SF/phg2xYy22R3oSsEBEvG67n8= X-Google-Smtp-Source: ABdhPJznW38Pts006EYI4l39hd8n1Uo8kITRc1YT80eVCcvk6D4zMIvvHlnpALjfDJcYZCDkjDXYlw== X-Received: by 2002:a05:620a:e05:: with SMTP id y5mr4149112qkm.250.1620309595574; Thu, 06 May 2021 06:59:55 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 02/13] vtpmmgr: Print error code to aid debugging Date: Thu, 6 May 2021 09:59:12 -0400 Message-Id: <20210506135923.161427-3-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 tpm_get_error_name returns "Unknown Error Code" when an error string is not defined. In that case, we should print the Error Code so it can be looked up offline. tpm_get_error_name returns a const string, so just have the two callers always print the error code so it is always available. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault --- stubdom/vtpmmgr/tpm.c | 2 +- stubdom/vtpmmgr/tpm2.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stubdom/vtpmmgr/tpm.c b/stubdom/vtpmmgr/tpm.c index 779cddd64e..83b2bc16b2 100644 --- a/stubdom/vtpmmgr/tpm.c +++ b/stubdom/vtpmmgr/tpm.c @@ -109,7 +109,7 @@ UINT32 rsp_status; \ UNPACK_OUT(TPM_RSP_HEADER, &rsp_tag, &rsp_len, &rsp_status); \ if (rsp_status != TPM_SUCCESS) { \ - vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s\n", tpm_get_error_name(rsp_status)); \ + vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s (%x)\n", tpm_get_error_name(rsp_status), rsp_status); \ status = rsp_status; \ goto abort_egress; \ } \ diff --git a/stubdom/vtpmmgr/tpm2.c b/stubdom/vtpmmgr/tpm2.c index c9f1016ab5..655e6d164c 100644 --- a/stubdom/vtpmmgr/tpm2.c +++ b/stubdom/vtpmmgr/tpm2.c @@ -126,7 +126,7 @@ ptr = unpack_TPM_RSP_HEADER(ptr, \ &(tag), &(paramSize), &(status));\ if ((status) != TPM_SUCCESS){ \ - vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s\n", tpm_get_error_name(status));\ + vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s (%x)\n", tpm_get_error_name(status), (status));\ goto abort_egress;\ }\ } while(0) From patchwork Thu May 6 13:59:13 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242181 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id DA586C43462 for ; Thu, 6 May 2021 14:00:15 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 77DDD6103E for ; Thu, 6 May 2021 14:00:15 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 77DDD6103E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123536.233011 (Exim 4.92) (envelope-from ) id 1leeXv-0005Vu-5W; Thu, 06 May 2021 14:00:07 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123536.233011; Thu, 06 May 2021 14:00:07 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXv-0005Vk-1s; Thu, 06 May 2021 14:00:07 +0000 Received: by outflank-mailman (input) for mailman id 123536; Thu, 06 May 2021 14:00:05 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXt-0003iB-NZ for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:05 +0000 Received: from mail-qt1-x831.google.com (unknown [2607:f8b0:4864:20::831]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 5510c360-3273-4078-818c-feb0b1c5fd49; Thu, 06 May 2021 13:59:57 +0000 (UTC) Received: by mail-qt1-x831.google.com with SMTP id g13so4036987qts.4 for ; Thu, 06 May 2021 06:59:57 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.06.59.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 06:59:56 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 5510c360-3273-4078-818c-feb0b1c5fd49 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=K2IS4DIH6mLVlW67hNLVvhjqoD6ItQVTxI1gVdmna5w=; b=O+YCoBZo1K0G1sBZPrSk8KEPWO7UHlD2AFTiezkwB7XInHsh+bWguOGAMV4/rQBY0R Ls0TzFg8BhB0XLkw61Aa5YGgPo/TuX+rp+pSiBXH76F8ssEmyyifotDaKAcdFDsOpfMH T+//z3/qW3h5W1wduRU1Q4UeJd4COqUgdCLbrbPuA1Py2ml7u5v9o10stk2J92NznM6j cP0i+b2aCn/OP+wc9lGfBtGlnJB4FaqM0WaQoLl9uV2b5EFzCH/iuXbKjll6IEhuOXOA kP9IJTbpuk6GkRmQXDo//H5jzwry6bCwECTt7ATv1G9ecxq+3fEOafagQWArZTfTYZXX Y/zQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=K2IS4DIH6mLVlW67hNLVvhjqoD6ItQVTxI1gVdmna5w=; b=NQzSQeLUkNwSJ+mhfzeDs5LbalCOmE6NgoVFQXPQ6nsxaUfNuQkxf6Np8lYvo2DgML ETZgHKAhyjFtlI5U3/qaYake8hxen8ieW9U48/w8p1YC3bdks4k9wC2fAS86HytcpJgK 0YzXbtxKKFt/HSDEigpKnA05x/S5/Qf7HtoYOAGw86iegEw/C9smcEfY01kx7tmPREpm t8iQ7YJLiLFGaxRcO73F0nL3sWCbYbc3K4vNiBFipiyHMQyn7kM/4NyPd0eRz2PotvvF pP2WB2gYj3H1fVgr7mZKlVP4DbpY6jNM0GoRTE62LpbTWE6PgT6egkReaM+vtejJIF32 W2vQ== X-Gm-Message-State: AOAM533Te1rqf7JP9x933/QX+EIh3Pbh9FXyEakBAkuYkixNRUAgdCF8 vfXgT3QzMo+3jjwwDjGwzphcSF3Ltqs= X-Google-Smtp-Source: ABdhPJzKmDpKlFkDdTij8Y3/yo50zJDY90tSPO+GddOvwyita+2uSsv2W35Iln1+DCgigN2dW8CdvQ== X-Received: by 2002:ac8:6f4c:: with SMTP id n12mr4580168qtv.22.1620309596651; Thu, 06 May 2021 06:59:56 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Ian Jackson , Wei Liu , Samuel Thibault Subject: [PATCH v2 03/13] stubom: newlib: Enable C99 formats for %z Date: Thu, 6 May 2021 09:59:13 -0400 Message-Id: <20210506135923.161427-4-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 vtpmmgr was changed to print size_t with the %z modifier, but newlib isn't compiled with %z support. So you get output like: root seal: zu; sector of 13: zu root: zu v=zu itree: 36; sector of 112: zu group: zu v=zu id=zu md=zu group seal: zu; 5 in parent: zu; sector of 13: zu vtpm: zu+zu; sector of 48: zu Enable the C99 formats in newlib so vtpmmgr prints the numeric values. Fixes 9379af08ccc0 "stubdom: vtpmmgr: Correctly format size_t with %z when printing." Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault --- stubdom/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubdom/Makefile b/stubdom/Makefile index 90d9ffcd9f..c6de5f68ae 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -105,7 +105,7 @@ cross-newlib: $(NEWLIB_STAMPFILE) $(NEWLIB_STAMPFILE): mk-headers-$(XEN_TARGET_ARCH) newlib-$(NEWLIB_VERSION) mkdir -p newlib-$(XEN_TARGET_ARCH) ( cd newlib-$(XEN_TARGET_ARCH) && \ - CC_FOR_TARGET="$(CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) $(NEWLIB_CFLAGS)" AR_FOR_TARGET=$(AR) LD_FOR_TARGET=$(LD) RANLIB_FOR_TARGET=$(RANLIB) ../newlib-$(NEWLIB_VERSION)/configure --prefix=$(CROSS_PREFIX) --verbose --target=$(GNU_TARGET_ARCH)-xen-elf --enable-newlib-io-long-long --disable-multilib && \ + CC_FOR_TARGET="$(CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) $(NEWLIB_CFLAGS)" AR_FOR_TARGET=$(AR) LD_FOR_TARGET=$(LD) RANLIB_FOR_TARGET=$(RANLIB) ../newlib-$(NEWLIB_VERSION)/configure --prefix=$(CROSS_PREFIX) --verbose --target=$(GNU_TARGET_ARCH)-xen-elf --enable-newlib-io-long-long --enable-newlib-io-c99-formats --disable-multilib && \ $(MAKE) DESTDIR= && \ $(MAKE) DESTDIR= install ) From patchwork Thu May 6 13:59:14 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242183 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id D9F51C433B4 for ; Thu, 6 May 2021 14:00:19 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 80A266103E for ; Thu, 6 May 2021 14:00:19 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 80A266103E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123537.233024 (Exim 4.92) (envelope-from ) id 1leeY0-0005wI-Gt; Thu, 06 May 2021 14:00:12 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123537.233024; Thu, 06 May 2021 14:00:12 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeY0-0005w6-Cj; Thu, 06 May 2021 14:00:12 +0000 Received: by outflank-mailman (input) for mailman id 123537; Thu, 06 May 2021 14:00:10 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeXy-0003iB-Nv for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:10 +0000 Received: from mail-qk1-x72a.google.com (unknown [2607:f8b0:4864:20::72a]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id ffb43a8e-7703-447f-b2a4-bb32925fd77c; Thu, 06 May 2021 13:59:58 +0000 (UTC) Received: by mail-qk1-x72a.google.com with SMTP id q136so4938929qka.7 for ; Thu, 06 May 2021 06:59:58 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.06.59.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 06:59:57 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ffb43a8e-7703-447f-b2a4-bb32925fd77c DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=tdayrghQPCz70YHcLBlydERZJ3sNcRxWDd88jzJUALc=; b=Xl/6BPBiUg0uCStcneFXNCblFkA8fBAAtMd99bvBPHjbgibrYEP1QXTqKXo9sFK2Z5 gBXVLKXVqBdSWl02EOWV4NOjwuUZlL1zDlb4luMTk5auVsFRYYvfR54w9Ouss6yRGKXe gLxa1QleBm2hdwpQhzM21wn6jgKwxK/wI3FL9rd8ZY1a9qyPfB5p78CHL3H6IazL6DaJ +Twf8D/zUSS12p6Iv6KpGpI59jm+qNGigZ7ni1m7wDlw2b0tVfXo5ETW7391UCIuuHiq fwb8P3vbExxHQ5LERzLIOzdspbb6V+PxP4HksLyRBhPIEJmthbRcL8RlN6anKQl9HJzQ GLLw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=tdayrghQPCz70YHcLBlydERZJ3sNcRxWDd88jzJUALc=; b=StLLP4vrM1Wj2H1RksxUkl/v5DHqkdkWpN1dmCrIWnKsirisxU9SK1ejfr8nmslAKW bup5jblHYQYQ4xIrCtRZGB1P1oh84opsSgluTyU6Z0P5yzx+x0eOQ5Hnjeeo86zexFlm B4jkWVl3yxyChze8qdai4C8zOgFg2Yg8/0nnTHPdh2EzF7amWJ6gJ/iKyYpFg69uM/rT sjjFbd2/dTsIYsW8vFUrytYxiT1aeFT040oJxfmCzWMtHVvFq4i2NZsg3UETh8TDvAMD Zc1QaKvbcM0NCnFiF4marSDdCloZl1bLa3853GhjsXOA9SOFIXrVsHYgCgvPKEdRqYNI k4lw== X-Gm-Message-State: AOAM531S2OZpzbJxAFx0632UgCgqMrZPdMRC0eDBAp4yzdhWq61kNbqA 3do/VdikcKv4CCWXnbjXBi6XJ/G0UKs= X-Google-Smtp-Source: ABdhPJyk/YfrpM7kXpRPeGB7iQ5jVt6CcqzOeDiOnzgAYg+rwg1wDpdcBKYx0JbzqpuI+EhhMyuCqA== X-Received: by 2002:a05:620a:13e2:: with SMTP id h2mr3875260qkl.235.1620309597850; Thu, 06 May 2021 06:59:57 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Ian Jackson , Wei Liu , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 04/13] vtpmmgr: Allow specifying srk_handle for TPM2 Date: Thu, 6 May 2021 09:59:14 -0400 Message-Id: <20210506135923.161427-5-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 Bypass taking ownership of the TPM2 if an srk_handle is specified. This srk_handle must be usable with Null auth for the time being. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- v2: Use "=" seperator --- docs/man/xen-vtpmmgr.7.pod | 7 +++++++ stubdom/vtpmmgr/init.c | 11 ++++++++++- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod index 875dcce508..3286954568 100644 --- a/docs/man/xen-vtpmmgr.7.pod +++ b/docs/man/xen-vtpmmgr.7.pod @@ -92,6 +92,13 @@ Valid arguments: =over 4 +=item srk_handle= + +Specify a srk_handle for TPM 2.0. TPM 2.0 uses a key hierarchy, and +this allow specifying the parent handle for vtpmmgr to create its own +key under. Using this option bypasses vtpmmgr trying to take ownership +of the TPM. + =item owner_auth= =item srk_auth= diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 1506735051..130e4f4bf6 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts) goto err_invalid; } } + else if(!strncmp(argv[i], "srk_handle=", 11)) { + if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) != 1) { + goto err_invalid; + } + } else if(!strncmp(argv[i], "tpmdriver=", 10)) { if(!strcmp(argv[i] + 10, "tpm_tis")) { opts->tpmdriver = TPMDRV_TPM_TIS; @@ -586,7 +591,11 @@ TPM_RESULT vtpmmgr2_create(void) { TPM_RESULT status = TPM_SUCCESS; - TPMTRYRETURN(tpm2_take_ownership()); + if ( vtpm_globals.srk_handle == 0 ) { + TPMTRYRETURN(tpm2_take_ownership()); + } else { + tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area); + } /* create SK */ TPM2_Create_Params_out out; From patchwork Thu May 6 13:59:15 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242185 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 40BCBC433ED for ; Thu, 6 May 2021 14:00:25 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id DC789610FC for ; Thu, 6 May 2021 14:00:24 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org DC789610FC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123539.233036 (Exim 4.92) (envelope-from ) id 1leeY5-0006Yi-SD; Thu, 06 May 2021 14:00:17 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123539.233036; Thu, 06 May 2021 14:00:17 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeY5-0006YV-P3; Thu, 06 May 2021 14:00:17 +0000 Received: by outflank-mailman (input) for mailman id 123539; Thu, 06 May 2021 14:00:15 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeY3-0003iB-Ni for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:15 +0000 Received: from mail-qk1-x72c.google.com (unknown [2607:f8b0:4864:20::72c]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 7f2b0a8a-1094-4fc4-b780-cb8eb8f45673; Thu, 06 May 2021 13:59:59 +0000 (UTC) Received: by mail-qk1-x72c.google.com with SMTP id x8so4970604qkl.2 for ; Thu, 06 May 2021 06:59:59 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.06.59.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 06:59:58 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 7f2b0a8a-1094-4fc4-b780-cb8eb8f45673 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=jlS7YCsZWAJRCh7VQeSElH9c4MLj2HkvcGmj37dX+gg=; b=pVdEJP/iDrGELOtr9qRnBVOIPZ2ZN0l0ZfloCS2HRZitIANAaey0IPnF7UmqjLIn96 n/JRq1SY5EL/IBGqmnbMFmSx/QWGztcQle9WuuUrSG+BYWRzpZUdxmV3QHR8hnGfbv// Ije3dTarTSN0P+MyqQ4/EE+KKcrfzzZBZPb8JGfjOk7LxYam3vXT8WnN7h2GIv0ulPSa YwGlJoaSSHzoCBFDdTVzVcOl2lKURv4aLZOM7AaagnwNM6E4jKxJ0F8lXwrObKix13KL R5MYM0VNqy9uYBMR4ePJ2VwPQCPuBsHewBg/JntIZBzqBT3yUxgO6eoGi7dL1JFsLSie 202g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jlS7YCsZWAJRCh7VQeSElH9c4MLj2HkvcGmj37dX+gg=; b=kaaDUKbLUOxh+JHrKWsSui9oApRPegu1IA5IAwLPrCItDq4qxgXAnl37/dhXQMCuwn bZQhjmeQVugg85aWoTjCNuhoI6Dap7TX07gvtevN1dq80omX5/XarPQBfTnmcgUOH3hZ sG62ZdDBF6Y69+fqOya1FECrQ9d71/xfGKLtawZSmeNRm8A9BNGGS54LqtotB4gRIWwS wAbH65sLQse31ZLDPY34UEYOJb5+HVuVTnVI641GQ+4A28UkeuDreQ7u+Pgtsoypif0t XPAyNDko6ADA4D3DeToVR9c11T9fuFGR2NS6cH7guwbtf1OaOpwGcwllDFcuA4jeAx40 TGsg== X-Gm-Message-State: AOAM533NpPqWQu000l+X+eMI6yKVLdIYorP+pyI2SAXY8lsJzkc+6etK yEF9wTNvubcg1lRs04L3Urzb2DPCpz4= X-Google-Smtp-Source: ABdhPJwSnWOKEZY6X4zaxq3gEapAmbN8i/Fn9uZbztWZrw1J2bhZYr6B32L2xUaFQxx4LT/XNVZUpQ== X-Received: by 2002:a37:8744:: with SMTP id j65mr4376689qkd.304.1620309598982; Thu, 06 May 2021 06:59:58 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 05/13] vtpmmgr: Move vtpmmgr_shutdown Date: Thu, 6 May 2021 09:59:15 -0400 Message-Id: <20210506135923.161427-6-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 Reposition vtpmmgr_shutdown so it can call flush_tpm2 without a forward declaration. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/vtpmmgr/init.c | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 130e4f4bf6..decf8e8b4d 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -503,20 +503,6 @@ egress: return status; } -void vtpmmgr_shutdown(void) -{ - /* Cleanup TPM resources */ - TPM_TerminateHandle(vtpm_globals.oiap.AuthHandle); - - /* Close tpmback */ - shutdown_tpmback(); - - /* Close tpmfront/tpm_tis */ - close(vtpm_globals.tpm_fd); - - vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n"); -} - /* TPM 2.0 */ static void tpm2_AuthArea_ctor(const char *authValue, UINT32 authLen, @@ -797,3 +783,17 @@ abort_egress: egress: return status; } + +void vtpmmgr_shutdown(void) +{ + /* Cleanup TPM resources */ + TPM_TerminateHandle(vtpm_globals.oiap.AuthHandle); + + /* Close tpmback */ + shutdown_tpmback(); + + /* Close tpmfront/tpm_tis */ + close(vtpm_globals.tpm_fd); + + vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n"); +} From patchwork Thu May 6 13:59:16 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242187 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 94B4FC433ED for ; Thu, 6 May 2021 14:00:29 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 3034C610FC for ; Thu, 6 May 2021 14:00:29 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 3034C610FC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123542.233048 (Exim 4.92) (envelope-from ) id 1leeYA-000767-5z; Thu, 06 May 2021 14:00:22 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123542.233048; Thu, 06 May 2021 14:00:22 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYA-00075y-1f; Thu, 06 May 2021 14:00:22 +0000 Received: by outflank-mailman (input) for mailman id 123542; Thu, 06 May 2021 14:00:20 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeY8-0003iB-Nn for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:20 +0000 Received: from mail-qv1-xf34.google.com (unknown [2607:f8b0:4864:20::f34]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id ddcf99ed-964d-469e-ac1c-2014191c38bb; Thu, 06 May 2021 14:00:00 +0000 (UTC) Received: by mail-qv1-xf34.google.com with SMTP id j3so3073994qvs.1 for ; Thu, 06 May 2021 07:00:00 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.06.59.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 06:59:59 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: ddcf99ed-964d-469e-ac1c-2014191c38bb DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=bPkiWxfn9TxWci7jUlEYMQpJFIgv4BLfsaWuHMIMW38=; b=RzyJ90eZH5ru3q2u6T6ceR4GUw/nWf3Qjqw0TYkDxibbXmtpbqI/pO8Qes2hxE9/Vk gKsiYCh2ThxppnjzMny+C/OZ9y5Bjl03yJQHVE1e98bQ2Ti/CB51ChHj9Fk7ZAlMtyEd LJH75WHXqRvFcddwwwn1SgMGPYhYq4kdpBOTTaYH3BZgrmkdC0nkUrxc+fhbK/xujhFx YP7uKNW7N9vEgvva0k+6mM8KSxaUmx1lEnU847HUs+ji8AjQI1lKn67ZLaOMIhOmuJCJ MSsR0bfOLLZmP325f/ZhDGfEkpR7qaQesqRAqcSe0s9gWu53h2EC244GwrIsp6dAXpa/ i7rQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=bPkiWxfn9TxWci7jUlEYMQpJFIgv4BLfsaWuHMIMW38=; b=SbpByoOCh4LWoozyAKSQnXlP4OLmOf8u7apkHkLDa8fbHUokqApOyFIUPEwpbIQ+A4 hEuYqn5VuIUB9J7rFsOo2Lcq5+kOxziPl6U6GaIRco0gMM4m8di0Mwx72bTMmVnJ5JQe hsCf2PAGixaWbznIgUyLrtZOrXriAzvDzm4voEuKwmZtaE2WjjdfQnUy7Vx8Wn9aLk66 ZVf3gIQknn8ikgakNBiiOaQh0GXCbLGxLffiEqyT3iWzAT5UmQ+yJBJwUri9pzHBZ1xG ZYO+ZfPRMi4tsLo/58g0JbPDfcZv6rUA1N/lB9Q1Sk44/rOLz8UzaMisjpMqy2jm135u gElQ== X-Gm-Message-State: AOAM531qW9NDVvier8rx5wGS/ZUwkkcJA5XUEH3X5QoawCCsrNwd/N55 AYuf4iM6rrth8CZLKaGLsCHalapTtsM= X-Google-Smtp-Source: ABdhPJwy73jUFiBa9zPp9bCMtDNse2DIEKkyvSQXE/Nck56eaqMgVEvaQ4s+ylVd4ZsZu+rieyg+jg== X-Received: by 2002:a05:6214:766:: with SMTP id f6mr4327467qvz.17.1620309600120; Thu, 06 May 2021 07:00:00 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 06/13] vtpmmgr: Flush transient keys on shutdown Date: Thu, 6 May 2021 09:59:16 -0400 Message-Id: <20210506135923.161427-7-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 Remove our key so it isn't left in the TPM for someone to come along after vtpmmgr shutsdown. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/vtpmmgr/init.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index decf8e8b4d..56b4be85b3 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void) /* Close tpmback */ shutdown_tpmback(); + if (hw_is_tpm2()) { + /* Blow away all stale handles left in the tpm*/ + if (flush_tpm2() != TPM_SUCCESS) { + vtpmlogerror(VTPM_LOG_TPM, + "TPM2_FlushResources failed, continuing shutdown..\n"); + } + } + /* Close tpmfront/tpm_tis */ close(vtpm_globals.tpm_fd); From patchwork Thu May 6 13:59:17 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242189 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 7D6E6C433B4 for ; Thu, 6 May 2021 14:00:34 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 2E6DC610FC for ; Thu, 6 May 2021 14:00:34 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 2E6DC610FC Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123545.233060 (Exim 4.92) (envelope-from ) id 1leeYF-0007kN-Nv; Thu, 06 May 2021 14:00:27 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123545.233060; Thu, 06 May 2021 14:00:27 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYF-0007j2-H1; Thu, 06 May 2021 14:00:27 +0000 Received: by outflank-mailman (input) for mailman id 123545; Thu, 06 May 2021 14:00:25 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYD-0003iB-Nt for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:25 +0000 Received: from mail-qt1-x833.google.com (unknown [2607:f8b0:4864:20::833]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 10e26b75-1e83-45b8-9c17-a6a2f03adc2a; Thu, 06 May 2021 14:00:01 +0000 (UTC) Received: by mail-qt1-x833.google.com with SMTP id c11so3938904qth.2 for ; Thu, 06 May 2021 07:00:01 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.00 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:00 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 10e26b75-1e83-45b8-9c17-a6a2f03adc2a DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=jlN6pfqKDZP3Jzb3yYX+3eh3XU7QBQjlR000MozME8g=; b=olpNpbuLF3uupDB/Jnzg/BOqPZl3l1tFa8X5wgL8uGPhV+PEUVQmFfEAPwLTRmKseC lKHYkl+/+hRXM5y5vtL3IPop5/gM4SssGwRL7KAAS3peLOvVFqknK66658dkwnZ06Tkb p4qBWpN/bbXC+RVs9e+CXixT+xptECMK5q2DUGHE3BPi3SqgxJo5lVxBW2tWGhqQRkYs 1lgQi7T0aI3dmrJD0o5vU4sJyw9wza5FkA4+WMb29ydenUjVybcH688U0EXbGT//7Bm2 dJ38P8YAYDmXrKmKZUwr8MEazYjxrbMcWRwEOOedbCWcRZMKT33XY/HeQt8sMHmqun8j h8GA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=jlN6pfqKDZP3Jzb3yYX+3eh3XU7QBQjlR000MozME8g=; b=t0a4ZfZSxjvgjH03qHeUtIpM4i1mnc7wwRTUtH4DxykfMIIIvxMhZ7DWHTmGqgkMjK PKct7ud5T2ahuj36E7f4fuXCjMi0CU2+kSj16wV3663r4ImpGwNUMXOELk38pY/8cXDt Jpysi0aOIsoeGBr6ilsSPiQSHxhcb1em55rS89RJCnXurXoKaa35ko7t0luswTvZn8Kw yvZ5tmNavCHN29UCu9PAsrJ9u7X8wUKoeAnUqLZYzCkPPUlHxjVjGF7RdRnFLje+ISsi LaLQ6puUHBgAg2feLPAEFrXquf4VLkTNJCo+fHTULSUNp2jnQs7veTkEDXOYBiBGZx3P O5ng== X-Gm-Message-State: AOAM532EkoYO9FRqdkRFW9UpAPdtO7BjVXyePJA8QJf+1qw9Phl7nojm BOschGpfC9J/cHbnSFK5TBCPKeW1jFI= X-Google-Smtp-Source: ABdhPJwNpmmBhCUN1SbJ1hejGCXJjDYOTk3/yub1eoBDphC5tpbqaqa9CF5zSno/mhIN93VXZAWRjQ== X-Received: by 2002:ac8:5c14:: with SMTP id i20mr4477274qti.175.1620309601296; Thu, 06 May 2021 07:00:01 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 07/13] vtpmmgr: Flush all transient keys Date: Thu, 6 May 2021 09:59:17 -0400 Message-Id: <20210506135923.161427-8-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 We're only flushing 2 transients, but there are 3 handles. Use <= to also flush the third handle since TRANSIENT_LAST is inclusive The number of transient handles/keys is hardware dependent, so this should query for the limit. And assignment of handles is assumed to be sequential from the minimum. That may not be guaranteed, but seems okay with my tpm2. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- v2 add "since TRANSIENT_LAST is inclusive" to commit message. --- stubdom/vtpmmgr/init.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 56b4be85b3..4ae34a4fcb 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -656,7 +656,7 @@ static TPM_RC flush_tpm2(void) { int i; - for (i = TRANSIENT_FIRST; i < TRANSIENT_LAST; i++) + for (i = TRANSIENT_FIRST; i <= TRANSIENT_LAST; i++) TPM2_FlushContext(i); return TPM_SUCCESS; From patchwork Thu May 6 13:59:18 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242191 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11BF8C433ED for ; Thu, 6 May 2021 14:00:39 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id B62666103E for ; Thu, 6 May 2021 14:00:38 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org B62666103E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123548.233072 (Exim 4.92) (envelope-from ) id 1leeYK-0008I7-0d; Thu, 06 May 2021 14:00:32 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123548.233072; Thu, 06 May 2021 14:00:31 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYJ-0008Hv-TA; Thu, 06 May 2021 14:00:31 +0000 Received: by outflank-mailman (input) for mailman id 123548; Thu, 06 May 2021 14:00:30 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYI-0003iB-O2 for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:30 +0000 Received: from mail-qk1-x72c.google.com (unknown [2607:f8b0:4864:20::72c]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id d772169a-d0f4-4cdc-a684-7476d154bdc6; Thu, 06 May 2021 14:00:03 +0000 (UTC) Received: by mail-qk1-x72c.google.com with SMTP id 197so4935247qkl.12 for ; Thu, 06 May 2021 07:00:03 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.01 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:01 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: d772169a-d0f4-4cdc-a684-7476d154bdc6 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=ybgo2iqpAthKznwUf2rKB8sj2C1FVcmokKqjDDD9c5k=; b=QEMn2z8Au1zTcK9KWNUAWf4/pwLJGCha5xCHPbaVcHvwTs/0WGeDRi+dSSLkj+PFGd 4DPTDrPpCoBGdEGFejSupnuB+2ecOeU06MvzCQFF4Z4YIc0V09aZGj5Jea66cvYjABzy upkTZ1/LVmbDH46CpQSVtDMmhaQRMlMJ50/DPtppaq76ByrVqcXk7PZVdjbnqRBYfrK6 o5uIPQNEnoCso1VhvhvrN8PTVvJsleyC5gE2wrCqOomdQP6iHpSBulGhGXC4/z5+jybO zE41gDLiMQffA77a8KAFAyKdaMoJhCp5S+VEkXRu+IFYewK60CD6hvfCjuscdjXREmzS D3PQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=ybgo2iqpAthKznwUf2rKB8sj2C1FVcmokKqjDDD9c5k=; b=X4L74DWmgglI3gIgXV84TsVIHfaiZc2Gz1qwQINdvk7hQ7E0p7DTwxqTI1MKJE2HJS Kwr5wVqtXaxTq0wOAznR/zocitG/C7yM917IfYU2U3+hGr23mhUEseBPznzMMRzH0h5M YWWz/zq0Y/d9Hl1mPu9Ox4RzNniqIqKTZkivb42Y4MkHF+5pa38sUNzDK4hjUbHbbJjO 3VgQUBD9pksXMeEM8LeFLJyn19l0kP6Ch/hZ6HxPCUS1ohDuww3wm1UM3feahMsem/tf g4y21C6oHM3y9jeLUS7sCxghL1drxPVZbVT/+taHqXYBbzo3eWQSH5NdQpA++zLNMOSA 7JqA== X-Gm-Message-State: AOAM530+lpr04dCiaNyEpN1GVx9HBD8mvQQlYG8MPnW3cKRUXJCfSIeM V9dvm/FR/NTogq689ZgKD2VmLqa5aWA= X-Google-Smtp-Source: ABdhPJwYESUQtl/XOHs0n5w17jqWUNLlZiVMYKCuK2J/fCzM3i3lA5rxNuBIThjTw2IEM0dxq30QDw== X-Received: by 2002:a37:45d3:: with SMTP id s202mr4141671qka.424.1620309602421; Thu, 06 May 2021 07:00:02 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault , Samuel Thibault Subject: [PATCH v2 08/13] vtpmmgr: Shutdown more gracefully Date: Thu, 6 May 2021 09:59:18 -0400 Message-Id: <20210506135923.161427-9-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 vtpmmgr uses the default, weak app_shutdown, which immediately calls the shutdown hypercall. This short circuits the vtpmmgr clean up logic. We need to perform the clean up to actually Flush our key out of the tpm. Setting do_shutdown is one step in that direction, but vtpmmgr will most likely be waiting in tpmback_req_any. We need to call shutdown_tpmback to cancel the wait inside tpmback and perform the shutdown. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/vtpmmgr/vtpmmgr.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/stubdom/vtpmmgr/vtpmmgr.c b/stubdom/vtpmmgr/vtpmmgr.c index 9fddaa24f8..46ea018921 100644 --- a/stubdom/vtpmmgr/vtpmmgr.c +++ b/stubdom/vtpmmgr/vtpmmgr.c @@ -67,11 +67,21 @@ int hw_is_tpm2(void) return (hardware_version.hw_version == TPM2_HARDWARE) ? 1 : 0; } +static int do_shutdown; + +void app_shutdown(unsigned int reason) +{ + printk("Shutdown requested: %d\n", reason); + do_shutdown = 1; + + shutdown_tpmback(); +} + void main_loop(void) { tpmcmd_t* tpmcmd; uint8_t respbuf[TCPA_MAX_BUFFER_LENGTH]; - while(1) { + while (!do_shutdown) { /* Wait for requests from a vtpm */ vtpmloginfo(VTPM_LOG_VTPM, "Waiting for commands from vTPM's:\n"); if((tpmcmd = tpmback_req_any()) == NULL) { From patchwork Thu May 6 13:59:19 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242193 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8186EC433ED for ; Thu, 6 May 2021 14:00:43 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 1C7A86103E for ; Thu, 6 May 2021 14:00:43 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 1C7A86103E Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123552.233084 (Exim 4.92) (envelope-from ) id 1leeYO-0000Oo-9s; Thu, 06 May 2021 14:00:36 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123552.233084; Thu, 06 May 2021 14:00:36 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYO-0000Oh-5K; Thu, 06 May 2021 14:00:36 +0000 Received: by outflank-mailman (input) for mailman id 123552; Thu, 06 May 2021 14:00:35 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYN-0003iB-OC for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:35 +0000 Received: from mail-qk1-x730.google.com (unknown [2607:f8b0:4864:20::730]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id c37acdc0-f19d-4581-89c9-16376abafabc; Thu, 06 May 2021 14:00:04 +0000 (UTC) Received: by mail-qk1-x730.google.com with SMTP id l129so4940985qke.8 for ; Thu, 06 May 2021 07:00:04 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:03 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c37acdc0-f19d-4581-89c9-16376abafabc DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=Xs1qSTBmNZ6MyDxAQr1ybF/sqzOXtnBmJm894lxdIZ8=; b=tHfz+NTyXpk78wHnIcVo4zHaklFwprxZ+8yfagEEfzwYJA1ki77Li6jrJ9g4/Izhjr 8RDshlJK9cScWT3MN7e9ew7fjc0Aq0kZ77I8nWtUnWhde3PNEsHbA4s/AGO/pcDNS7kW hNSUWw1CLHbhg5MlASYImhKgySpag9kgCHvnWRV1mDCgfSdc4h2cQSPcPnD5TQRR5RGT ZpyQsVBohskhLxCh0ZFvXclm/wes9b28NrZeDD3oRtpz1wyiu6TJaOYG86xIX3ycD8h3 gE2gomoM0DDwoheWf5AulpKBJJMISGRQsW2sM0MJEtVQDOkHOwqbHh0Mbz9uVCgk0XV+ kLHg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=Xs1qSTBmNZ6MyDxAQr1ybF/sqzOXtnBmJm894lxdIZ8=; b=MBe6Q3npVLesLz7/eAB/W+nfThB3DtR3Kir5jkEk9xkJz/38Tja/DS9LBemsQvo5hX jZ2yswzSCF7m1bViw2SVsPfjEmW/lucVIlsinMH7CUljyATSylAu80amyMlrrFq+BSdx sTm1g8e/NOWbcJ8LwkLdSU0FWBEtMlwogBv9RtnJV66lAFgvk4Py7PQHbnsbR+sUzTOL t6LdwPv9E65dCZtpcLpd3oBWxavxa79tN67oj9/SB+FzqG43Iw5mz+B/QSDKgee4kOMT nBnT9y5SGNbBgxe1T7g2/0EWMBTEZ+io6MknKNDC2YbBFb0AjmZgue4BbkNvz40nuM4+ +01w== X-Gm-Message-State: AOAM5307iIyPenfmU0LHn7a17IQi0pH3IJMDsssg9C7R3+z57cFehxik sFRooB9KRuJ9tVda80OOZOTzGSH09qA= X-Google-Smtp-Source: ABdhPJw9AC8SqgTmEg5gThVactbzhJlZGRBSwxSqIJewZU3bb/+e3+8m84on7iyL531mU6tp0UWEgA== X-Received: by 2002:a05:620a:8d0:: with SMTP id z16mr711055qkz.394.1620309603611; Thu, 06 May 2021 07:00:03 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 09/13] vtpmmgr: Support GetRandom passthrough on TPM 2.0 Date: Thu, 6 May 2021 09:59:19 -0400 Message-Id: <20210506135923.161427-10-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 GetRandom passthrough currently fails when using vtpmmgr with a hardware TPM 2.0. vtpmmgr (8): INFO[VTPM]: Passthrough: TPM_GetRandom vtpm (12): vtpm_cmd.c:120: Error: TPM_GetRandom() failed with error code (30) When running on TPM 2.0 hardware, vtpmmgr needs to convert the TPM 1.2 TPM_ORD_GetRandom into a TPM2 TPM_CC_GetRandom command. Besides the differing ordinal, the TPM 1.2 uses 32bit sizes for the request and response (vs. 16bit for TPM2). Place the random output directly into the tpmcmd->resp and build the packet around it. This avoids bouncing through an extra buffer, but the header has to be written after grabbing the random bytes so we have the number of bytes to include in the size. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault --- v2: Add bounds and size checks Whitespace fixup --- stubdom/vtpmmgr/marshal.h | 15 ++++++++ stubdom/vtpmmgr/vtpm_cmd_handler.c | 61 +++++++++++++++++++++++++++++- 2 files changed, 75 insertions(+), 1 deletion(-) diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h index dce19c6439..f1037a7976 100644 --- a/stubdom/vtpmmgr/marshal.h +++ b/stubdom/vtpmmgr/marshal.h @@ -890,6 +890,15 @@ inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESSION* auth) { return rv; } +static +inline int sizeof_TPM_RQU_HEADER(BYTE* ptr) { + int rv = 0; + rv += sizeof_UINT16(ptr); + rv += sizeof_UINT32(ptr); + rv += sizeof_UINT32(ptr); + return rv; +} + static inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr, TPM_TAG tag, @@ -920,8 +929,14 @@ inline int unpack3_TPM_RQU_HEADER(BYTE* ptr, UINT32* pos, UINT32 max, unpack3_UINT32(ptr, pos, max, ord); } +static +inline int sizeof_TPM_RQU_GetRandom(BYTE* ptr) { + return sizeof_TPM_RQU_HEADER(ptr) + sizeof_UINT32(ptr); +} + #define pack_TPM_RSP_HEADER(p, t, s, r) pack_TPM_RQU_HEADER(p, t, s, r) #define unpack_TPM_RSP_HEADER(p, t, s, r) unpack_TPM_RQU_HEADER(p, t, s, r) #define unpack3_TPM_RSP_HEADER(p, l, m, t, s, r) unpack3_TPM_RQU_HEADER(p, l, m, t, s, r) +#define sizeof_TPM_RSP_HEADER(p) sizeof_TPM_RQU_HEADER(p) #endif diff --git a/stubdom/vtpmmgr/vtpm_cmd_handler.c b/stubdom/vtpmmgr/vtpm_cmd_handler.c index 2ac14fae77..c879b24c13 100644 --- a/stubdom/vtpmmgr/vtpm_cmd_handler.c +++ b/stubdom/vtpmmgr/vtpm_cmd_handler.c @@ -47,6 +47,7 @@ #include "vtpm_disk.h" #include "vtpmmgr.h" #include "tpm.h" +#include "tpm2.h" #include "tpmrsa.h" #include "tcg.h" #include "mgmt_authority.h" @@ -772,6 +773,64 @@ static int vtpmmgr_permcheck(struct tpm_opaque *opq) return 1; } +TPM_RESULT vtpmmgr_handle_getrandom(struct tpm_opaque *opaque, + tpmcmd_t* tpmcmd) +{ + TPM_RESULT status = TPM_SUCCESS; + TPM_TAG tag; + UINT32 size; + const int max_rand_size = TCPA_MAX_BUFFER_LENGTH - + sizeof_TPM_RQU_GetRandom(tpmcmd->req); + UINT32 rand_offset; + UINT32 rand_size; + TPM_COMMAND_CODE ord; + BYTE *p; + + if (tpmcmd->req_len != sizeof_TPM_RQU_GetRandom(tpmcmd->req)) { + status = TPM_BAD_PARAMETER; + tag = TPM_TAG_RQU_COMMAND; + goto abort_egress; + } + + p = unpack_TPM_RQU_HEADER(tpmcmd->req, &tag, &size, &ord); + + if (!hw_is_tpm2()) { + size = TCPA_MAX_BUFFER_LENGTH; + TPMTRYRETURN(TPM_TransmitData(tpmcmd->req, tpmcmd->req_len, + tpmcmd->resp, &size)); + tpmcmd->resp_len = size; + + return TPM_SUCCESS; + } + + /* TPM_GetRandom req:
*/ + unpack_UINT32(p, &rand_size); + + /* Returning fewer bytes is acceptable per the spec. */ + if (rand_size > max_rand_size) + rand_size = max_rand_size; + + /* Call TPM2_GetRandom but return a TPM_GetRandom response. */ + /* TPM_GetRandom resp:
*/ + rand_offset = sizeof_TPM_RSP_HEADER(tpmcmd->resp) + + sizeof_UINT32(tpmcmd->resp); + + TPMTRYRETURN(TPM2_GetRandom(&rand_size, tpmcmd->resp + rand_offset)); + + p = pack_TPM_RSP_HEADER(tpmcmd->resp, TPM_TAG_RSP_COMMAND, + rand_offset + rand_size, status); + p = pack_UINT32(p, rand_size); + tpmcmd->resp_len = rand_offset + rand_size; + + return status; + +abort_egress: + tpmcmd->resp_len = VTPM_COMMAND_HEADER_SIZE; + pack_TPM_RSP_HEADER(tpmcmd->resp, tag + 3, tpmcmd->resp_len, status); + + return status; +} + TPM_RESULT vtpmmgr_handle_cmd( struct tpm_opaque *opaque, tpmcmd_t* tpmcmd) @@ -842,7 +901,7 @@ TPM_RESULT vtpmmgr_handle_cmd( switch(ord) { case TPM_ORD_GetRandom: vtpmloginfo(VTPM_LOG_VTPM, "Passthrough: TPM_GetRandom\n"); - break; + return vtpmmgr_handle_getrandom(opaque, tpmcmd); case TPM_ORD_PcrRead: vtpmloginfo(VTPM_LOG_VTPM, "Passthrough: TPM_PcrRead\n"); // Quotes also need to be restricted to hide PCR values From patchwork Thu May 6 13:59:20 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242203 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id B1701C433ED for ; Thu, 6 May 2021 14:10:53 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 60048610A5 for ; Thu, 6 May 2021 14:10:53 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 60048610A5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123579.233108 (Exim 4.92) (envelope-from ) id 1leei9-0003mX-HW; Thu, 06 May 2021 14:10:41 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123579.233108; Thu, 06 May 2021 14:10:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leei9-0003mQ-EH; Thu, 06 May 2021 14:10:41 +0000 Received: by outflank-mailman (input) for mailman id 123579; Thu, 06 May 2021 14:10:40 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYS-0003iB-ON for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:40 +0000 Received: from mail-qk1-x732.google.com (unknown [2607:f8b0:4864:20::732]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id bdbc5300-8ed8-4b5d-a25c-9cea716549e0; Thu, 06 May 2021 14:00:05 +0000 (UTC) Received: by mail-qk1-x732.google.com with SMTP id a22so4386201qkl.10 for ; Thu, 06 May 2021 07:00:05 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:04 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: bdbc5300-8ed8-4b5d-a25c-9cea716549e0 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=1sC6PaVJyxmKcXNwmv0ZrJDDSAEP8iNaKd4bhckdCXE=; b=ebg8vvSndFSKXEg6iZxUqqYDaQQx/5MfRXdnR/tjWhdDLlXhrtUnRj2sCNEekwYmjh ybyz9bp0xcbBAbf9CTB3rOt7mCBeOW8um2t9B8Dt6nB4miBlMkNFuA0caiwU9QD8O1JC 8PK8RZppD6CN90dh4484V28rThyThXJXQ/rq2gWc3qK6mL5hkXrhu86I4u2HiwLtjKIK kXJb+w4et4cK8LiQ4r00nSjywYKd/X96/yegCFgjHKfQcXNvMe3qHcF0WNTZpDGbHfAh Qr9i5G5Q72f8CLDTt8obeuVHMd8aZ0aEZW2VrtKs4RClpx4L8vp2ARgyafVC6KqT0r0y vWRQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=1sC6PaVJyxmKcXNwmv0ZrJDDSAEP8iNaKd4bhckdCXE=; b=aAwDLugZYiuTuUqoHrE+/faCmTLp8eFybamzV3Mt6mtX81AMTYFBCwdbRVUpVjuVKp LM36HVPCpjUcGAzrPMI7UEjS0J5PsAtTz6zKNpw1hOFpUDws+SLOE6C82Vny30WKP9qt mVgM4/X1v06mmcr6C5GKU6ryGaYYg61A7/4HTq1dYliVivV+B/5prbwKZH2rU2vNC+/B EYeiJZHeLC+d7iUvK/Cjp8stJndJSl7Sl/JFSTYR+RJG5M2I7X6m5Ge7AP8iHJwiXFyu T1+JycNTqW+vq/jTGbyFa192b3X4z41VnXKMKl0zX5eUxYyKxrTXkQtMFvz/NYrCQJ9m +wfg== X-Gm-Message-State: AOAM5319+PRiFDgvIiadgDBZ4gRr5k7jDQmTtvRKgeTnrcm7dS+e8r8a FeiKe5OTOkns1MSjBJJVBYXumZRoB6U= X-Google-Smtp-Source: ABdhPJzL4DGsx5vrbgjgb3flP4SmhP7g6Cx9swZiXeM7Pt8mE0yentKObQYuauanntkIQoyK/yOXlQ== X-Received: by 2002:ae9:ed44:: with SMTP id c65mr4076178qkg.271.1620309604778; Thu, 06 May 2021 07:00:04 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 10/13] vtpmmgr: Remove bogus cast from TPM2_GetRandom Date: Thu, 6 May 2021 09:59:20 -0400 Message-Id: <20210506135923.161427-11-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 The UINT32 <-> UINT16 casting in TPM2_GetRandom is incorrect. Use a local UINT16 as needed for the TPM hardware command and assign the result. Suggested-by: Samuel Thibault Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/vtpmmgr/tpm2.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/stubdom/vtpmmgr/tpm2.c b/stubdom/vtpmmgr/tpm2.c index 655e6d164c..ebd06eac74 100644 --- a/stubdom/vtpmmgr/tpm2.c +++ b/stubdom/vtpmmgr/tpm2.c @@ -427,15 +427,22 @@ abort_egress: TPM_RC TPM2_GetRandom(UINT32 * bytesRequested, BYTE * randomBytes) { + UINT16 bytesReq; TPM_BEGIN(TPM_ST_NO_SESSIONS, TPM_CC_GetRandom); - ptr = pack_UINT16(ptr, (UINT16)*bytesRequested); + if (*bytesRequested > UINT16_MAX) + bytesReq = UINT16_MAX; + else + bytesReq = *bytesRequested; + + ptr = pack_UINT16(ptr, bytesReq); TPM_TRANSMIT(); TPM_UNPACK_VERIFY(); - ptr = unpack_UINT16(ptr, (UINT16 *)bytesRequested); - ptr = unpack_TPM_BUFFER(ptr, randomBytes, *bytesRequested); + ptr = unpack_UINT16(ptr, &bytesReq); + *bytesRequested = bytesReq; + ptr = unpack_TPM_BUFFER(ptr, randomBytes, bytesReq); abort_egress: return status; From patchwork Thu May 6 13:59:21 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242207 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5078CC433B4 for ; Thu, 6 May 2021 14:11:05 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id F21F1610A5 for ; Thu, 6 May 2021 14:11:04 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org F21F1610A5 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123584.233132 (Exim 4.92) (envelope-from ) id 1leeiQ-0004Um-9C; Thu, 06 May 2021 14:10:58 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123584.233132; Thu, 06 May 2021 14:10:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeiQ-0004Ud-5C; Thu, 06 May 2021 14:10:58 +0000 Received: by outflank-mailman (input) for mailman id 123584; Thu, 06 May 2021 14:10:56 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYX-0003iB-OQ for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:45 +0000 Received: from mail-qk1-x733.google.com (unknown [2607:f8b0:4864:20::733]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id f8f56f0f-9e3a-445c-945a-17631d221a2c; Thu, 06 May 2021 14:00:06 +0000 (UTC) Received: by mail-qk1-x733.google.com with SMTP id i17so4956110qki.3 for ; Thu, 06 May 2021 07:00:06 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:05 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: f8f56f0f-9e3a-445c-945a-17631d221a2c DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=fT9IdXW7l+JAkySBAGlsnWyPD7h3K3UgTIcjVV3hRCI=; b=tNt/BCVDGnQIFABGe2ZWB18X8SFKSiqnSWCqUj8FdMxLUkBTbWcJie1AAC/WPCi/wr yTsCdoxBmvrUix2iPiKDSJr8B0qdoGoZ+aWPqYUXLVMtjnDA0ifjuoaZPoHRiFEYWPCk yD42j08omdX8kbxovmFHYVdcOZ+jCXZBL996OKWjcYsCgE5gyBV+n+CxkcCFory+x7eN ywxS8GHY+3ititjoEiLiBO5+4bkIWxJfwcPLJ14HoUZog5AKrDJ36InkVgwmk3cIr2aW b8cqiGm7m8YLi/7fkluSTe90PBIsnZybF4VhRCSSpzEW/niUgAb+nOebMzCowBPSMs71 fyuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=fT9IdXW7l+JAkySBAGlsnWyPD7h3K3UgTIcjVV3hRCI=; b=sq2ru581JBa0VdT4ZL/HlQj8bYkrK2ptl3T3nKbByNavUXnzUUdXexMqbe+zaqVgJn YATrQBJ4vJ5om0elzKWGW/N/SIZ8pqGE3j43eejax29wuYHLF7F1nSWUC20l2H2BqUQZ ZzTHIg2IRT+Nt712e0p7Htk8/hX3E26bUT0En+QYF/mMfgKdxRzTWm4PJJtZ5vAtiVFI NM3tjIVpq5kpdQ3N+rttsESYI0CBYHodi6Dy5OGJS+RXIGnN/DHF8D5JhcxmCQYMA9o8 dAYN0kjrRtTqOibJQnAeFzjiMc28o5wwQ7EC/r53ZtDKrtmGB71WUSaVN8SM73aRR856 0y4g== X-Gm-Message-State: AOAM533NmrQWL9D6ioseVASwPBmLJKta6bq5CCmLpPcHnvgCfHsmTNVS zd4Sn/iUPwkohgez/lkCgYbm6cnzohw= X-Google-Smtp-Source: ABdhPJwh1m7BK20Tg9fj5e50WDNGt2C1hyl1Lxkxwuoo3bDiYFRPyAiyclRu7H+WgfOjXHnPvzhblA== X-Received: by 2002:a37:6691:: with SMTP id a139mr3933885qkc.229.1620309605989; Thu, 06 May 2021 07:00:05 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 11/13] vtpmmgr: Fix owner_auth & srk_auth parsing Date: Thu, 6 May 2021 09:59:21 -0400 Message-Id: <20210506135923.161427-12-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 Argument parsing only matches to before ':' and then the string with leading ':' is passed to parse_auth_string which fails to parse. Extend the length to include the seperator in the match. While here, switch the seperator to "=". The man page documented "=" and the other tpm.* arguments already use "=". Since it didn't work before, we don't need to worry about backwards compatibility. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/vtpmmgr/init.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c index 4ae34a4fcb..62dc5994de 100644 --- a/stubdom/vtpmmgr/init.c +++ b/stubdom/vtpmmgr/init.c @@ -289,16 +289,16 @@ int parse_cmdline_opts(int argc, char** argv, struct Opts* opts) memcpy(vtpm_globals.srk_auth, WELLKNOWN_AUTH, sizeof(TPM_AUTHDATA)); for(i = 1; i < argc; ++i) { - if(!strncmp(argv[i], "owner_auth:", 10)) { - if((rc = parse_auth_string(argv[i] + 10, vtpm_globals.owner_auth)) < 0) { + if(!strncmp(argv[i], "owner_auth=", 11)) { + if((rc = parse_auth_string(argv[i] + 11, vtpm_globals.owner_auth)) < 0) { goto err_invalid; } if(rc == 1) { opts->gen_owner_auth = 1; } } - else if(!strncmp(argv[i], "srk_auth:", 8)) { - if((rc = parse_auth_string(argv[i] + 8, vtpm_globals.srk_auth)) != 0) { + else if(!strncmp(argv[i], "srk_auth=", 9)) { + if((rc = parse_auth_string(argv[i] + 9, vtpm_globals.srk_auth)) != 0) { goto err_invalid; } } From patchwork Thu May 6 13:59:22 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242209 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 11376C433B4 for ; Thu, 6 May 2021 14:11:33 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id A4B7E60698 for ; Thu, 6 May 2021 14:11:32 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A4B7E60698 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123594.233144 (Exim 4.92) (envelope-from ) id 1leeir-0005XJ-Hu; Thu, 06 May 2021 14:11:25 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123594.233144; Thu, 06 May 2021 14:11:25 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeir-0005XC-EF; Thu, 06 May 2021 14:11:25 +0000 Received: by outflank-mailman (input) for mailman id 123594; Thu, 06 May 2021 14:11:24 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYc-0003iB-OS for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:50 +0000 Received: from mail-qv1-xf32.google.com (unknown [2607:f8b0:4864:20::f32]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id 3f2608d6-893c-4fef-a0dc-3062f788dbe2; Thu, 06 May 2021 14:00:07 +0000 (UTC) Received: by mail-qv1-xf32.google.com with SMTP id i8so3089726qvv.0 for ; Thu, 06 May 2021 07:00:07 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:06 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: 3f2608d6-893c-4fef-a0dc-3062f788dbe2 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=/E99YQTRx0RTZe0/WLzL6pyfS/6uYlG8h+BkItkooCA=; b=UaCztVZ/FvgmmGfmCyRvuOBoUlaURs6FyQg4qli38IOSMD2KRlepGKyjkoUZQoPNLz lKHaRMoQiD0JsidacRHL+lDV7hJLYzEufuD0VzEyZ4n3MPg2UfG/0zJcNBR3Ca6myBTG sxg1oUbygQfedRgXWi19MI7621vvkuKeqw4uq82nV1wsF/ph+mzW0xFxYnArgHu+Ha1l ry9VCBRbrw3kDRaYlou3tg2T+zsItnOKPy2EKfoQpVjyjL07O7bQowF3ndNdESIjW4lM F5D05iQ3AKf6eMRoRHG5v3I7G3pELEwPxWVbSWtrPMl/YZRvFGKGzrVVeaoQ7fHVGz9I TUMQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=/E99YQTRx0RTZe0/WLzL6pyfS/6uYlG8h+BkItkooCA=; b=CisDO9qDcWcI41/9/g7zxouud4tVGCzSEGM6zH09mEDHrBJlrV35pE/HdSaRKB0sEp Bl6HClJxXF/A1OENLo4LIqxtqUg8QelYzpPo5RqPCuQAlvuxY7KofvQEeSGraOdKM0UJ c1N10OHBfBYhyO9vAdtNdkzF8lSojwRqACdAmiNoF/6ZnU2md/kbyzWRiBX3kyvpArhg siuuusmbZ2THYBHXNNfbr38Yv2Gheoo3TY6G/rWi55e3+UcMCOKoBWMAxeHPwcKK4I1z uihe65n+sm83z5DqPF5ExKb86JZ3+dzcS8Eh8XeKar7UClC8fvQKKFLNQdW0nIByX0UY ZDJg== X-Gm-Message-State: AOAM531SCcfg5i7a9gawC2JNW+yuOMVCKkmgyH8sj281+pjeb4CZwleR NIByq7wfvFOG/ggimSG3MJPIvrtJu8w= X-Google-Smtp-Source: ABdhPJxleNtmX+v0KHt/6+jkeldv+4xkcWlSn4GhoIc/oVW82SbEtnz/Kcgb+4eNSUSrCMmthwqHgg== X-Received: by 2002:a05:6214:241:: with SMTP id k1mr4430410qvt.29.1620309607051; Thu, 06 May 2021 07:00:07 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Daniel De Graaf , Quan Xu , Samuel Thibault Subject: [PATCH v2 12/13] vtpmmgr: Check req_len before unpacking command Date: Thu, 6 May 2021 09:59:22 -0400 Message-Id: <20210506135923.161427-13-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 vtpm_handle_cmd doesn't ensure there is enough space before unpacking the req buffer. Add a minimum size check. Called functions will have to do their own checking if they need more data from the request. The error case is tricky since abort_egress wants to rely with a corresponding tag. Just hardcode TPM_TAG_RQU_COMMAND since the vtpm is sending in malformed commands in the first place. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/vtpmmgr/vtpm_cmd_handler.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/stubdom/vtpmmgr/vtpm_cmd_handler.c b/stubdom/vtpmmgr/vtpm_cmd_handler.c index c879b24c13..5586be6997 100644 --- a/stubdom/vtpmmgr/vtpm_cmd_handler.c +++ b/stubdom/vtpmmgr/vtpm_cmd_handler.c @@ -840,6 +840,12 @@ TPM_RESULT vtpmmgr_handle_cmd( UINT32 size; TPM_COMMAND_CODE ord; + if (tpmcmd->req_len < sizeof_TPM_RQU_HEADER(tpmcmd->req)) { + status = TPM_BAD_PARAMETER; + tag = TPM_TAG_RQU_COMMAND; + goto abort_egress; + } + unpack_TPM_RQU_HEADER(tpmcmd->req, &tag, &size, &ord); From patchwork Thu May 6 13:59:23 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Jason Andryuk X-Patchwork-Id: 12242205 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-15.8 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FORGED_FROMDOMAIN,FREEMAIL_FROM, HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_CR_TRAILER,INCLUDES_PATCH, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id C10E3C433ED for ; Thu, 6 May 2021 14:11:02 +0000 (UTC) Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPS id 623F760FF2 for ; Thu, 6 May 2021 14:11:02 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 623F760FF2 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=gmail.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=xen-devel-bounces@lists.xenproject.org Received: from list by lists.xenproject.org with outflank-mailman.123583.233120 (Exim 4.92) (envelope-from ) id 1leeiM-00048u-S2; Thu, 06 May 2021 14:10:54 +0000 X-Outflank-Mailman: Message body and most headers restored to incoming version Received: by outflank-mailman (output) from mailman id 123583.233120; Thu, 06 May 2021 14:10:54 +0000 Received: from localhost ([127.0.0.1] helo=lists.xenproject.org) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeiM-00048n-NQ; Thu, 06 May 2021 14:10:54 +0000 Received: by outflank-mailman (input) for mailman id 123583; Thu, 06 May 2021 14:10:53 +0000 Received: from us1-rack-iad1.inumbo.com ([172.99.69.81]) by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from ) id 1leeYh-0003iB-OU for xen-devel@lists.xenproject.org; Thu, 06 May 2021 14:00:55 +0000 Received: from mail-qv1-xf32.google.com (unknown [2607:f8b0:4864:20::f32]) by us1-rack-iad1.inumbo.com (Halon) with ESMTPS id c3021232-c65c-49fc-ae5a-973073c5306d; Thu, 06 May 2021 14:00:09 +0000 (UTC) Received: by mail-qv1-xf32.google.com with SMTP id u1so3042441qvg.11 for ; Thu, 06 May 2021 07:00:09 -0700 (PDT) Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:6095:81da:832e:3929]) by smtp.gmail.com with ESMTPSA id 189sm2069992qkh.99.2021.05.06.07.00.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 06 May 2021 07:00:07 -0700 (PDT) X-BeenThere: xen-devel@lists.xenproject.org List-Id: Xen developer discussion List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , Errors-To: xen-devel-bounces@lists.xenproject.org Precedence: list Sender: "Xen-devel" X-Inumbo-ID: c3021232-c65c-49fc-ae5a-973073c5306d DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=INJlvdLEiMRlxDVXoqvU7bWzaHIWnzxg1XcmDrQV7tE=; b=hzDTz2nGVFQefH2LMpgFDEFvOb/lGoQmVVe3Meg2/PusuSTC0hqWI2vO7FnpbedbVa VMqXxtJAdCD9yvOW8NBc4fY/pQrae9CWlfVudRO6TdwQKm0UQvcvAIueXYZ6I3zUIknf dFonW8qa3bo/iXTtt7etwOBahlooJw+SEZ2Q9MuowQulRfgIgqBFdZDSEDMvY0LP7Pzo rKr1U5U9X/q2glIKloDNJwFB5X1gMKPOqVWi126Dv3ULLodTeWVn9MMqPvPR/8CMV/sY CsXSBmPDxtEMvoKD8iEGoW2JiOaAHyFKt7sZkdT/AuVc08KxtQv32TmJOv5vnoAFnmA6 7+5g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=INJlvdLEiMRlxDVXoqvU7bWzaHIWnzxg1XcmDrQV7tE=; b=NAnIojiTEZnVAcF+oZhaGiu2uDSubddlZ5R5DV5KcBNO/PHhsPGqOhIexIuHzqLPZR Y8RDhhxE1jCnEt/oaGJfw1d7TGRglegL1BA9Tzp447h8SHKoD9Ky/A8JEfd0uKRE8LEV NgJyvs0Y1UVQe/PpQU2kViXyYSth2LWUdpgrKHHqoOmO4qYN6WYH9KPmgADAwzx37ed1 oByagZV6HdBskpaT9z0nhU5AVbJQZVDs2jDRL5J6JHxbINZNkLb5aGuUd8PDTXZzl/q7 35Dwp+IYDSe6m+xVS0HBnu/Sa1EPBmjUfcmICPnCPY8X/ncvGE93xjz80U6CEVFzDqxo ISxg== X-Gm-Message-State: AOAM5305N1E///mqXpDYle95QaTTb8VeLBRYuAk6RkSiKWyWkcCFrd9i ayHxt/+p/ZxB8RhnbsUsvGfkTONoRcI= X-Google-Smtp-Source: ABdhPJxTqMFHefgYQlpQl9V3rpHD48J1Hf1gvVoQC47X7dXoL2/OtjrZzrC0QRpN22L5c1VOFkd7Kw== X-Received: by 2002:a0c:f0c4:: with SMTP id d4mr4347832qvl.54.1620309608256; Thu, 06 May 2021 07:00:08 -0700 (PDT) From: Jason Andryuk To: xen-devel@lists.xenproject.org Cc: Jason Andryuk , Ian Jackson , Wei Liu , Samuel Thibault Subject: [PATCH v2 13/13] vtpm: Correct timeout units and command duration Date: Thu, 6 May 2021 09:59:23 -0400 Message-Id: <20210506135923.161427-14-jandryuk@gmail.com> X-Mailer: git-send-email 2.31.1 In-Reply-To: <20210506135923.161427-1-jandryuk@gmail.com> References: <20210506135923.161427-1-jandryuk@gmail.com> MIME-Version: 1.0 Add two patches: vtpm-microsecond-duration.patch fixes the units for timeouts and command durations. vtpm-command-duration.patch increases the timeout linux uses to allow commands to succeed. Linux works around low timeouts, but not low durations. The second patch allows commands to complete that often timeout with the lower command durations. Signed-off-by: Jason Andryuk Reviewed-by: Samuel Thibault Reviewed-by: Daniel P. Smith --- stubdom/Makefile | 2 + stubdom/vtpm-command-duration.patch | 52 +++++++++++++++++++++++++ stubdom/vtpm-microsecond-duration.patch | 52 +++++++++++++++++++++++++ 3 files changed, 106 insertions(+) create mode 100644 stubdom/vtpm-command-duration.patch create mode 100644 stubdom/vtpm-microsecond-duration.patch diff --git a/stubdom/Makefile b/stubdom/Makefile index c6de5f68ae..06aa69d8bc 100644 --- a/stubdom/Makefile +++ b/stubdom/Makefile @@ -239,6 +239,8 @@ tpm_emulator-$(XEN_TARGET_ARCH): tpm_emulator-$(TPMEMU_VERSION).tar.gz patch -d $@ -p1 < vtpm-implicit-fallthrough.patch patch -d $@ -p1 < vtpm_TPM_ChangeAuthAsymFinish.patch patch -d $@ -p1 < vtpm_extern.patch + patch -d $@ -p1 < vtpm-microsecond-duration.patch + patch -d $@ -p1 < vtpm-command-duration.patch mkdir $@/build cd $@/build; CC=${CC} $(CMAKE) .. -DCMAKE_C_FLAGS:STRING="-std=c99 -DTPM_NO_EXTERN $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) -Wno-declaration-after-statement" touch $@ diff --git a/stubdom/vtpm-command-duration.patch b/stubdom/vtpm-command-duration.patch new file mode 100644 index 0000000000..6fdf2fc9be --- /dev/null +++ b/stubdom/vtpm-command-duration.patch @@ -0,0 +1,52 @@ +From e7c976b5864e7d2649292d90ea60d5aea091a990 Mon Sep 17 00:00:00 2001 +From: Jason Andryuk +Date: Sun, 14 Mar 2021 12:46:34 -0400 +Subject: [PATCH 2/2] Increase command durations + +Wth Linux 5.4 xen-tpmfront and a Xen vtpm-stubdom, xen-tpmfront was +failing commands with -ETIME: +tpm tpm0: tpm_try_transmit: send(): error-62 + +The vtpm was returning the data, but it was after the duration timeout +in vtpm_send. Linux may have started being more stringent about timing? + +The vtpm-stubdom has a little delay since it writes its disk before +returning the response. + +Anyway, the durations are rather low. When they were 1/10/1000 before +converting to microseconds, Linux showed all three durations rounded to +10000. Update them with values from a physical TPM1.2. These were +taken from a WEC which was software downgraded from a TPM2 to a TPM1.2. +They might be excessive, but I'd rather have a command succeed than +return -ETIME. + +An IFX physical TPM1.2 uses: +1000000 +1500000 +150000000 + +Signed-off-by: Jason Andryuk +--- + tpm/tpm_data.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tpm/tpm_data.c b/tpm/tpm_data.c +index bebaf10..844afca 100644 +--- a/tpm/tpm_data.c ++++ b/tpm/tpm_data.c +@@ -71,9 +71,9 @@ static void init_timeouts(void) + tpmData.permanent.data.tis_timeouts[1] = 2000000; + tpmData.permanent.data.tis_timeouts[2] = 750000; + tpmData.permanent.data.tis_timeouts[3] = 750000; +- tpmData.permanent.data.cmd_durations[0] = 1000; +- tpmData.permanent.data.cmd_durations[1] = 10000; +- tpmData.permanent.data.cmd_durations[2] = 1000000; ++ tpmData.permanent.data.cmd_durations[0] = 3000000; ++ tpmData.permanent.data.cmd_durations[1] = 3000000; ++ tpmData.permanent.data.cmd_durations[2] = 600000000; + } + + void tpm_init_data(void) +-- +2.30.2 + diff --git a/stubdom/vtpm-microsecond-duration.patch b/stubdom/vtpm-microsecond-duration.patch new file mode 100644 index 0000000000..7a906e72c5 --- /dev/null +++ b/stubdom/vtpm-microsecond-duration.patch @@ -0,0 +1,52 @@ +From 5a510e0afd7c288e3f0fb3523ec749ba1366ad61 Mon Sep 17 00:00:00 2001 +From: Jason Andryuk +Date: Sun, 14 Mar 2021 12:42:10 -0400 +Subject: [PATCH 1/2] Use microseconds for timeouts and durations + +The timeout and duration fields should be in microseconds according to +the spec. + +TPM_CAP_PROP_TIS_TIMEOUT: +A 4 element array of UINT32 values each denoting the timeout value in +microseconds for the following in this order: + +TPM_CAP_PROP_DURATION: +A 3 element array of UINT32 values each denoting the duration value in +microseconds of the duration of the three classes of commands: + +Linux will scale the timeouts up by 1000, but not the durations. Change +the units for both sets as appropriate. + +Signed-off-by: Jason Andryuk +--- + tpm/tpm_data.c | 14 +++++++------- + 1 file changed, 7 insertions(+), 7 deletions(-) + +diff --git a/tpm/tpm_data.c b/tpm/tpm_data.c +index a3a79ef..bebaf10 100644 +--- a/tpm/tpm_data.c ++++ b/tpm/tpm_data.c +@@ -67,13 +67,13 @@ static void init_nv_storage(void) + static void init_timeouts(void) + { + /* for the timeouts we use the PC platform defaults */ +- tpmData.permanent.data.tis_timeouts[0] = 750; +- tpmData.permanent.data.tis_timeouts[1] = 2000; +- tpmData.permanent.data.tis_timeouts[2] = 750; +- tpmData.permanent.data.tis_timeouts[3] = 750; +- tpmData.permanent.data.cmd_durations[0] = 1; +- tpmData.permanent.data.cmd_durations[1] = 10; +- tpmData.permanent.data.cmd_durations[2] = 1000; ++ tpmData.permanent.data.tis_timeouts[0] = 750000; ++ tpmData.permanent.data.tis_timeouts[1] = 2000000; ++ tpmData.permanent.data.tis_timeouts[2] = 750000; ++ tpmData.permanent.data.tis_timeouts[3] = 750000; ++ tpmData.permanent.data.cmd_durations[0] = 1000; ++ tpmData.permanent.data.cmd_durations[1] = 10000; ++ tpmData.permanent.data.cmd_durations[2] = 1000000; + } + + void tpm_init_data(void) +-- +2.30.2 +