RE: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit()

[PATCH v5 00/17] Remove nested TPM operations · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 01/17] tpm: use tpm_buf in tpm_transmit_cmd() as the IO parameter · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 02/17] tpm: fix invalid return value in pubek_show() · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 03/17] tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 03/17] tpm: return 0 from pcrs_show() when tpm1_pcr_read() fails · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 04/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 04/17] tpm: call tpm2_flush_space() on error in tpm_try_transmit() · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 05/17] tpm: print tpm2_commit_space() error inside tpm2_commit_space() · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 05/17] tpm: print tpm2_commit_space() error inside tpm2_commit_space() · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 06/17] tpm: clean up tpm_try_transmit() error handling flow · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 06/17] tpm: clean up tpm_try_transmit() error handling flow · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 07/17] tpm: declare struct tpm_header · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 07/17] tpm: declare struct tpm_header · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 08/17] tpm: access command header through struct in tpm_try_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 08/17] tpm: access command header through struct in tpm_try_transmit() · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 09/17] tpm: move tpm_validate_commmand() to tpm2-space.c · Jarkko Sakkinen <hidden> · 2018-11-08
RE: [PATCH v5 09/17] tpm: move tpm_validate_commmand() to tpm2-space.c · Winkler, Tomas <hidden> · 2018-11-08
Re: [PATCH v5 09/17] tpm: move tpm_validate_commmand() to tpm2-space.c · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 10/17] tpm: encapsulate tpm_dev_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 11/17] tpm: move TPM space code out of tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 11/17] tpm: move TPM space code out of tpm_transmit() · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
Re: [PATCH v5 11/17] tpm: move TPM space code out of tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 12/17] tpm: remove @space from tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 12/17] tpm: remove @space from tpm_transmit() · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 13/17] tpm: use tpm_try_get_ops() in tpm-sysfs.c. · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 13/17] tpm: use tpm_try_get_ops() in tpm-sysfs.c. · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
[PATCH v5 14/17] tpm: remove TPM_TRANSMIT_UNLOCKED flag · Jarkko Sakkinen <hidden> · 2018-11-08
Re: [PATCH v5 14/17] tpm: remove TPM_TRANSMIT_UNLOCKED flag · Stefan Berger <stefanb@linux.ibm.com> · 2018-11-08
Re: [PATCH v5 14/17] tpm: remove TPM_TRANSMIT_UNLOCKED flag · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 15/17] tpm: introduce tpm_chip_start() and tpm_chip_stop() · Jarkko Sakkinen <hidden> · 2018-11-08
[PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
RE: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Winkler, Tomas <hidden> · 2018-11-08
Re: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08
RE: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Winkler, Tomas <hidden> · 2018-11-09
Re: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-13
RE: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Winkler, Tomas <hidden> · 2018-11-13
Re: [PATCH v5 16/17] tpm: take TPM chip power gating out of tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-13
[PATCH v5 17/17] tpm: remove @flags from tpm_transmit() · Jarkko Sakkinen <hidden> · 2018-11-08

From: Winkler, Tomas <hidden>
Date: 2018-11-13 11:59:05
Also in: linux-security-module, lkml

-----Original Message-----
From: Jarkko Sakkinen [mailto:jarkko.sakkinen@linux.intel.com]
Sent: Tuesday, November 13, 2018 13:12
To: Winkler, Tomas <redacted>
Cc: linux-integrity@vger.kernel.org; linux-security-module@vger.kernel.org;
James Bottomley [off-list ref]; Struk,
Tadeusz [off-list ref]; Stefan Berger
[off-list ref]; Nayna Jain [off-list ref]; Peter
Huewe [off-list ref]; Jason Gunthorpe [off-list ref]; Arnd
Bergmann [off-list ref]; Greg Kroah-Hartman
[off-list ref]; open list [off-list ref]
Subject: Re: [PATCH v5 16/17] tpm: take TPM chip power gating out of
tpm_transmit()

On Fri, Nov 09, 2018 at 09:37:48PM +0000, Winkler, Tomas wrote:

quoted

On Thu, Nov 08, 2018 at 06:38:59PM +0000, Winkler, Tomas wrote:

quoted

Call tpm_chip_start() and tpm_chip_stop() in

* tpm_try_get_ops() and tpm_put_ops()
* tpm_chip_register()
* tpm2_del_space()

And remove these calls from tpm_transmit(). The core reason for
this change is that in tpm_vtpm_proxy a locality change requires
a virtual TPM command (a command made up just for that driver).

I don't think you can do that,  locality has to be request for
each command, as  for example tboot can request higher locality any

time.

quoted

That could be a potential problem. How tboot intervention gets
prevented without this patch?

As it was said, need to request locality and relinquish it for each
command, I believe thought this is not required for client platforms
only for servers.

And what I'm trying to under is why so.

If the intervention can happen at any time that would imply that even if you
would request and relinquish locality for a single TPM command, the
intervention could happen in the middle. That is why I'm asking why without
this patch things are just fine.

Yes, w/o this constrain it would be okay to request locality only once, 
we can ask tboot ask again but at the time the requirement was that locality can be taken of at any point, 
I believe that the locality won't be granted till a single command is completed.

Anyhow still the power gating is wrong in this patch do not ignore that part.

Thanks
Tomas

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help