On 1/11/19 3:28 PM, Safford, David (GE Global Research) wrote:

quoted

-----Original Message-----
From: linux-integrity-owner@vger.kernel.org <linux-integrity-
owner@vger.kernel.org> On Behalf Of Stefan Berger
Sent: Wednesday, January 09, 2019 5:11 PM
To: linux-integrity@vger.kernel.org; jarkko.sakkinen@linux.intel.com
Cc: linux-security-module@vger.kernel.org; linux-kernel@vger.kernel.org;
Stefan Berger [off-list ref]
Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3

This series of patches extends the TPM subsystem's PPI support to support
TPM PPI revision 1.3 where more commands are supported (up to 101) and
the TPM 2 command code '23' takes an additional parameter.

For the command code '23' see this document here on document page 39:
https://trustedcomputinggroup.org/wp-content/uploads/Physical-
Presence-Interface_1-30_0-52.pdf

    Stefan

You might mention that this is an important feature, as on at least some
systems, ppi function 23 is the only way to enable/disable PCR banks.

'The only way' depends on how good or bad the firmware support for this 
is. SeaBIOS will have a menu item that lets one toggle the activation of 
the PCR banks in the firmware menu -- assuming my patch makes it 
upstream :-)

I have tested this patch set on my HP Spectre laptop, and I am finally
able to turn the sha-1 bank on and off. Much appreciated!

Tested-by: David Safford <redacted>

Thanks.


     Stefan

quoted

Stefan Berger (5):
   tpm: ppi: pass function revision ID to tpm_eval_dsm()
   tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
   tpm: ppi: Display up to 101 operations as define for version 1.3
   tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
   tpm: ppi: Enable submission of optional command parameter for PPI 1.3

  drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++--------
--
  1 file changed, 58 insertions(+), 20 deletions(-)

--
2.17.1