From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132569; cv=none;
	d=zohomail.com; s=zohoarc;
	b=IdUjhfU6N/MO69GIgFb+wVsSIBNSiUXOTrHJ9uvsqZw9pO09HSyyKJWxYNv1OCRz1f3vPWrEh12Wmi60UChFPR+x5ser6R0IXF/OyNM3wlAU+pM8MGAVur6SipfbpvM3TwXAAi6o/8/q04cnFpfOb1vlP3YoKUbJF5AmJ3myR2U=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132569;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=3KzzfjROMAHRA0Cu1BG5VLwtVA1MVVdfpHeND8oqJ2s=;
	b=FgMlHAUPOYbrLaCd1kNKbR35iOc4CXsMb0SDsdACyEqxbGHtTzPOzzATgMGhsnCGB1D0KXdyy5cQ7c5JfjPi0QdOQCtHnmdgVorU7xfiN7Opu26Wm0E3tFe7JeXB9dijBeONkDIxcG+p4eQxc3K1EB+NhKeQsEqcRIzqUflV0KY=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 16201325691141006.3232993869609;
 Tue, 4 May 2021 05:49:29 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122280.230586 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUE-0005kA-NH; Tue, 04 May 2021 12:49:14 +0000
Received: by outflank-mailman (output) from mailman id 122280.230586;
 Tue, 04 May 2021 12:49:14 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUE-0005k1-Id; Tue, 04 May 2021 12:49:14 +0000
Received: by outflank-mailman (input) for mailman id 122280;
 Tue, 04 May 2021 12:49:12 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUC-0005hX-Qv
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:12 +0000
Received: from mail-qk1-x733.google.com (unknown [2607:f8b0:4864:20::733])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 946902fd-f0d2-4c30-aca5-e82efc7bfee3;
 Tue, 04 May 2021 12:49:11 +0000 (UTC)
Received: by mail-qk1-x733.google.com with SMTP id k127so8295938qkc.6
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:11 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.10
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:10 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 946902fd-f0d2-4c30-aca5-e82efc7bfee3
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=3KzzfjROMAHRA0Cu1BG5VLwtVA1MVVdfpHeND8oqJ2s=;
        b=Z1mqDmUNXCDfiBRm5rhrsqEJUoJIgMk+Pi+znrsBuB/1g6cQmHDAmwD3dwb4d122CE
         lqlmGYTiyr43E5GscRvhsk55hxa2tQwk4LgHxPzdpuJbZ6TnjlL2A25ALevXUryF7ahc
         DMJvDP8sfZKtdKyQ3rpwsnDCzYMt/Hpyl5fbB1dAD6neI5Bxr9OSG9cjAbSTDqIARZD1
         ozOj0A79gFKVsb+AkNgNdoNJjnfRU7bY6gYF9cVtt8bjiOqHsBW+9utWaUtPZkNfnWLf
         viy96ok1QxMfXLP5wT8EwABmpIZ6RXiT7JQaH13z1O694pZ7pLinehCflueL1Do9pHU8
         SsyQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=3KzzfjROMAHRA0Cu1BG5VLwtVA1MVVdfpHeND8oqJ2s=;
        b=ZzjMlzOlaOgrmFpymWGXjJpGSRXvcfcqlVf/eE6Jsl63OZOYweBYDrwjK5xMC4KXXE
         f29ALw0TUqOT5pxqF4Tx74vwrcFtFb8pFccdFx+ZwVQLxf7IR9X8HFJ2wtptljLGYY4n
         dEkT20Nms7TO77fkWuKGG4bqpIDxBFkFZ7W1r8uKD1KRa0voVJAJeZ979bSKU/26Vc45
         dHCaMi6UK112q442kcsTSU8TBH4dtzkTwFIeRnve8M+VtfVT+Y3y99VUxAHd+Iq/y3sQ
         SJv5RR10mkP8rh6R4MQeoeHQwvY2oret7If3VUume8mr6HuZc7BEkDqxCXnXhj9y7oxL
         uwmw==
X-Gm-Message-State: AOAM533Vn6kJjV3PEJ+SJgVpdaCL1MVI0Y0FgU5suo3Fyr3K4Kr6NaLY
	/v/jv4WBunCWk6Nbz0HPUvGtwlRLtzk=
X-Google-Smtp-Source: 
 ABdhPJx33CuWTBGjz85fbgCR8dzRj4XXn1W5IDA4Vv7+cIK1vR9R0m97XLxCBsvYZfnw8LLjv+RuQQ==
X-Received: by 2002:a37:ae44:: with SMTP id x65mr24485179qke.9.1620132550933;
        Tue, 04 May 2021 05:49:10 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Ian Jackson <iwj@xenproject.org>,
	Wei Liu <wl@xen.org>
Subject: [PATCH 1/9] docs: Warn about incomplete vtpmmgr TPM 2.0 support
Date: Tue,  4 May 2021 08:48:34 -0400
Message-Id: <20210504124842.220445-2-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

The vtpmmgr TPM 2.0 support is incomplete.  Add a warning about that to
the documentation so others don't have to work through discovering it is
broken.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
---
 docs/man/xen-vtpmmgr.7.pod | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod
index af825a7ffe..875dcce508 100644
--- a/docs/man/xen-vtpmmgr.7.pod
+++ b/docs/man/xen-vtpmmgr.7.pod
@@ -222,6 +222,17 @@ XSM label, not the kernel.
=20
 =3Dhead1 Appendix B: vtpmmgr on TPM 2.0
=20
+=3Dhead2 WARNING: Incomplete - cannot persist data
+
+TPM 2.0 support for vTPM manager is incomplete.  There is no support for
+persisting an encryption key, so vTPM manager regenerates primary and seco=
ndary
+key handles each boot.
+
+Also, the vTPM manger group command implementation hardcodes TPM 1.2 comma=
nds.
+This means running manage-vtpmmgr.pl fails when the TPM 2.0 hardware rejec=
ts
+the TPM 1.2 commands.  vTPM manager with TPM 2.0 cannot create groups and
+therefore cannot persist vTPM contents.
+
 =3Dhead2 Manager disk image setup:
=20
 The vTPM Manager requires a disk image to store its encrypted data. The im=
age
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132572; cv=none;
	d=zohomail.com; s=zohoarc;
	b=d9FOZaw2PXMz/YWdh1uS3Uy3sJwndlRgGU+Y/aFXhqDcWu+JmhohMez0AvYwWFJjn2Z8Q/NcA08g9Iv0EqjEjdrbwvc7LaWyAwcAwZMGa2Y0UWkRplie91J/ZhG2WU7oaXwBeRK5ndqBHVhV761nw10cIe4hDaH0uMEiSsLIFVw=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132571;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=mBt899KCzk+1nbxQuHuD9pe5MRuqdb/uNTd34+igWrM=;
	b=Vy45PNkC6jwuh5D1VBgpvwXm3qv8CiruaTuIJPeBPCygLDsCDNg5vUF7yMIVuxV3/VaG/oM43o3RA7HdSzgPcLVColxyjSW85Xkp0wQ/RkKM/ogZAgghQw21uLH7OCCco5J8HLYv2zBWILTt1KOlmXOLKtcK6KGKDnmQ8VILJUw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132571989361.9441532653351;
 Tue, 4 May 2021 05:49:31 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122281.230598 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUJ-0005o7-UW; Tue, 04 May 2021 12:49:19 +0000
Received: by outflank-mailman (output) from mailman id 122281.230598;
 Tue, 04 May 2021 12:49:19 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUJ-0005o0-R0; Tue, 04 May 2021 12:49:19 +0000
Received: by outflank-mailman (input) for mailman id 122281;
 Tue, 04 May 2021 12:49:17 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUH-0005hX-RF
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:17 +0000
Received: from mail-qt1-x82c.google.com (unknown [2607:f8b0:4864:20::82c])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 37a208f9-55da-474d-b809-2c31378d1d2e;
 Tue, 04 May 2021 12:49:12 +0000 (UTC)
Received: by mail-qt1-x82c.google.com with SMTP id o1so6152340qta.1
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:12 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.11
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:11 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 37a208f9-55da-474d-b809-2c31378d1d2e
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=mBt899KCzk+1nbxQuHuD9pe5MRuqdb/uNTd34+igWrM=;
        b=G/Us5UcFLnbOBW2ZxV/xvgiRyKBiZispCo68BGevhBKsXCLZtNTLLTc4oPSfFJalWY
         hFENro5shnFlNzV5GZ+qEECrYCZDtO74ZZ/Y/iebR9qmVb2biicsJUvFdB6scJn6tcaw
         2xuh1FD38bAYlvkqgdyjEG6hvmk1uk90DiDhyjuMuj8FFFNyG0HT/if7yY8dR1tbazYG
         v/b7PUaMKPyY2DfLi8CK9jLSVU2/yU3vP/QS5O8ZLsel1lYVxxOT5YpxtS1qlWhp3UNA
         3mWvvS87E0tKEyFqCNVoZq4bCmtnui3HEmUD7n+eJ93fdAJH2ru32RuUqrS4JV+HtLRC
         34zg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=mBt899KCzk+1nbxQuHuD9pe5MRuqdb/uNTd34+igWrM=;
        b=t0lpoCK2acfOcG3WWFMBGBnOgTuRc3NETXD8u2H5SlFhz3MHvL0iTc+VEa1lMWu8uK
         dwP4XfstadKxt2bKt1QvNbWjlpAcVPB69ZM0O/vwrtyjFN9hTDcdWZ/JS5Inh1kBvka7
         8TP7wvf+04X3bBJe3IHNPw9igsp7frCBQHc7AGKNoygk8CeWv2b3M2eRabBGn9c60bgw
         EWO2hDmNs6ptagub92/o+Baw7KYvMEZPN3ImW2EW08wJewmVq99Hg8HJL+rTL+OE68B7
         ZJ6CpWTD1ra+kQCHJoSisU8/Obl3TAR2SE7zmyp/Za2Al7lK2eV49K3hXwhALQJTXwjv
         rH0A==
X-Gm-Message-State: AOAM5339/iVnZmc5XtJskGhLq/4+gXqQqkDWXKyCpiF3sLBmvpYBniaJ
	pADLNyy2I/zAkoDwZhswh/1BQTw+lL4=
X-Google-Smtp-Source: 
 ABdhPJwNXWm+uBV0EUqUcW0M49kF1m7xKv8ZVNnfm8ZAL8isMlbC1MwV+wwtOvN2wXOH7wVCTmEQCw==
X-Received: by 2002:ac8:5358:: with SMTP id d24mr3180823qto.351.1620132552280;
        Tue, 04 May 2021 05:49:12 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 2/9] vtpmmgr: Print error code to aid debugging
Date: Tue,  4 May 2021 08:48:35 -0400
Message-Id: <20210504124842.220445-3-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

tpm_get_error_name returns "Unknown Error Code" when an error string
is not defined.  In that case, we should print the Error Code so it can
be looked up offline.  tpm_get_error_name returns a const string, so
just have the two callers always print the error code so it is always
available.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
 stubdom/vtpmmgr/tpm.c  | 2 +-
 stubdom/vtpmmgr/tpm2.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/stubdom/vtpmmgr/tpm.c b/stubdom/vtpmmgr/tpm.c
index 779cddd64e..83b2bc16b2 100644
--- a/stubdom/vtpmmgr/tpm.c
+++ b/stubdom/vtpmmgr/tpm.c
@@ -109,7 +109,7 @@
 			UINT32 rsp_status; \
 			UNPACK_OUT(TPM_RSP_HEADER, &rsp_tag, &rsp_len, &rsp_status); \
 			if (rsp_status !=3D TPM_SUCCESS) { \
-				vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s\n", tpm_get_err=
or_name(rsp_status)); \
+				vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s (%x)\n", tpm_ge=
t_error_name(rsp_status), rsp_status); \
 				status =3D rsp_status; \
 				goto abort_egress; \
 			} \
diff --git a/stubdom/vtpmmgr/tpm2.c b/stubdom/vtpmmgr/tpm2.c
index c9f1016ab5..655e6d164c 100644
--- a/stubdom/vtpmmgr/tpm2.c
+++ b/stubdom/vtpmmgr/tpm2.c
@@ -126,7 +126,7 @@
     ptr =3D unpack_TPM_RSP_HEADER(ptr, \
           &(tag), &(paramSize), &(status));\
     if ((status) !=3D TPM_SUCCESS){ \
-        vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s\n", tpm_get=
_error_name(status));\
+        vtpmlogerror(VTPM_LOG_TPM, "Failed with return code %s (%x)\n", tp=
m_get_error_name(status), (status));\
         goto abort_egress;\
     }\
 } while(0)
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132576; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ExrZBLaY6j9EX1QDiX/lPTcf3xpPQBKxnFbRzvAm9GpnAyeoVO7q3w2HP9Tv9RrgcqHfG9hwwwgBjxo3KiHcKA2ix1KDNdjoS2zg+Mj2jm0T2vRMKLc+uOfzcIBCOyog5VlQ2lXFRzK4wEll00cLpm7qU8AAi47SrDfAopuFaBo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132576;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=Y48tGnkudDovdl/5JuqPSC9kMpsbk+sIm1W0tcK17X8=;
	b=W+Rh6dGxKl9HsxoattuLFKjQG0hMAwNPmqHEgDWcsKWom4UOwNxUO6jOCxYhDLVwauEGEHllFu80vrn7jIYAaMjssabh2C3H3c/NSXox4X57I8pfdTBWUv5lMsPU7dHn07+ub6LWejm37u1JeUDxNQ9qcURF/S/ki4nivAXtsxk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132576134302.44996402256106;
 Tue, 4 May 2021 05:49:36 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122283.230610 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUO-0005sJ-9K; Tue, 04 May 2021 12:49:24 +0000
Received: by outflank-mailman (output) from mailman id 122283.230610;
 Tue, 04 May 2021 12:49:24 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUO-0005s8-5k; Tue, 04 May 2021 12:49:24 +0000
Received: by outflank-mailman (input) for mailman id 122283;
 Tue, 04 May 2021 12:49:22 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUM-0005hX-RN
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:22 +0000
Received: from mail-qk1-x735.google.com (unknown [2607:f8b0:4864:20::735])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 3699f7f1-1e70-41dc-be90-334e67911516;
 Tue, 04 May 2021 12:49:14 +0000 (UTC)
Received: by mail-qk1-x735.google.com with SMTP id a2so8300387qkh.11
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:14 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.12
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:12 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 3699f7f1-1e70-41dc-be90-334e67911516
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=Y48tGnkudDovdl/5JuqPSC9kMpsbk+sIm1W0tcK17X8=;
        b=D9u6t/78OOZobHOleD5mosdiTLzjI0yT/Vwz2SX8CqEyiK890JH2KY4OMfo8XMPaqz
         An7urQlk5XuCejgn29hKhx+liwck/MHjiUeIBW8W6pXVZDJ7UwAoc3rY5G5qt4OkZCDH
         SHlQGsfK+rl9e/JQxbohFfolV/jEuZTtsp3DUIXIRD86cZl7W0vMZ1ACD3/MljF1Fvh4
         a977kXEEITQLooL6KZxDbM7WWSg1LIyN5gPQzYSkGzoZPgOsXJyPYBVclfqGzagKFiP0
         aqbrapmYc2E9wDJkTyE30kNRTizkJQXRexzwZ//E3OwVSOAwwNFUneahEV9sgtRjdkoW
         odIA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=Y48tGnkudDovdl/5JuqPSC9kMpsbk+sIm1W0tcK17X8=;
        b=Q9vJHqxATvn6xt6UzX5hWeFojGT7YBOmqTCd6rpjUhHFULm8ccsFUOxfwpp4+pOem+
         hHLrhD4K6/WQPqALDs3mNKWzYyuAaf/2+kplerJ+fmTWPwK9i9ODhW5BXadsI/fgOTku
         zeph9QkEbOFMg3X8ggHkFRVxlI0snrtKNofMg98mWVznZhCZqQou9EhDqvMSCUDFIDQN
         ly/tF6jiTID10Ul5p5A/c8RsvNVuNqKA+t3NXEqWg+YroZ8Fx8qFSS+7bbafw7m9WeT8
         jt9Mh6Ywe2kHWXRxWdLOvqf/eOeF+BeN1PVdxQ0Xd8g/TLpLr8MQN3hy3OpH7Te5rst0
         dN8A==
X-Gm-Message-State: AOAM533LDtjlyE4fKhKVjewBUlqyEbSLAwss+T+yo63A7VHWDpX0q1Oy
	NHeTGEy9zrRNv/yOBNoUbdjdA+Qtn4s=
X-Google-Smtp-Source: 
 ABdhPJwuPnT/sqnCz0dlIhe6T7rERiv//tc6a1gUXO0jBEomuTR9x/exHYo6BgSqVcqURggccyun+A==
X-Received: by 2002:a05:620a:918:: with SMTP id
 v24mr24268623qkv.54.1620132553430;
        Tue, 04 May 2021 05:49:13 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Ian Jackson <iwj@xenproject.org>,
	Wei Liu <wl@xen.org>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 3/9] stubom: newlib: Enable C99 formats for %z
Date: Tue,  4 May 2021 08:48:36 -0400
Message-Id: <20210504124842.220445-4-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

vtpmmgr was changed to print size_t with the %z modifier, but newlib
isn't compiled with %z support.  So you get output like:

root seal: zu; sector of 13: zu
root: zu v=3Dzu
itree: 36; sector of 112: zu
group: zu v=3Dzu id=3Dzu md=3Dzu
group seal: zu; 5 in parent: zu; sector of 13: zu
vtpm: zu+zu; sector of 48: zu

Enable the C99 formats in newlib so vtpmmgr prints the numeric values.

Fixes 9379af08ccc0 "stubdom: vtpmmgr: Correctly format size_t with %z
when printing."

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
I haven't tried, but the other option would be to cast size_t and avoid
%z.  Since this seems to be the only mini-os use of %z, that may be
better than building a larger newlib.
---
 stubdom/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubdom/Makefile b/stubdom/Makefile
index 90d9ffcd9f..c6de5f68ae 100644
--- a/stubdom/Makefile
+++ b/stubdom/Makefile
@@ -105,7 +105,7 @@ cross-newlib: $(NEWLIB_STAMPFILE)
 $(NEWLIB_STAMPFILE): mk-headers-$(XEN_TARGET_ARCH) newlib-$(NEWLIB_VERSION)
 	mkdir -p newlib-$(XEN_TARGET_ARCH)
 	( cd newlib-$(XEN_TARGET_ARCH) && \
-	  CC_FOR_TARGET=3D"$(CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) $(NEWLIB_CFL=
AGS)" AR_FOR_TARGET=3D$(AR) LD_FOR_TARGET=3D$(LD) RANLIB_FOR_TARGET=3D$(RAN=
LIB) ../newlib-$(NEWLIB_VERSION)/configure --prefix=3D$(CROSS_PREFIX) --ver=
bose --target=3D$(GNU_TARGET_ARCH)-xen-elf --enable-newlib-io-long-long --d=
isable-multilib && \
+	  CC_FOR_TARGET=3D"$(CC) $(TARGET_CPPFLAGS) $(TARGET_CFLAGS) $(NEWLIB_CFL=
AGS)" AR_FOR_TARGET=3D$(AR) LD_FOR_TARGET=3D$(LD) RANLIB_FOR_TARGET=3D$(RAN=
LIB) ../newlib-$(NEWLIB_VERSION)/configure --prefix=3D$(CROSS_PREFIX) --ver=
bose --target=3D$(GNU_TARGET_ARCH)-xen-elf --enable-newlib-io-long-long --e=
nable-newlib-io-c99-formats --disable-multilib && \
 	  $(MAKE) DESTDIR=3D && \
 	  $(MAKE) DESTDIR=3D install )
=20
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132581; cv=none;
	d=zohomail.com; s=zohoarc;
	b=XDFZDFHdIV6yQi58yWeNYmaI24V9kYax2xEfeq7Jo1lDdV1+xELZQO2y7XJhp/lbNOfXj05H6MdabmRXPxuqrhgtmMPrwY7yDXDUL/lFl2TE/QJSNcl/fYg+J8Y5JLkOB09cYz79qD8FOJqNSjCLGoKVs9JbDteN806ukmSVjsg=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132581;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=NzGJMXzPpKRh7oGL0zGJA40Q9xjMNDkXow9gtE6yA3E=;
	b=If84L+gFlDtiK/sAcBxodqsQLRefiT2fPaR4NULN66fPE1WXjuXbcXizaTVuSLOz7JcJ7kcwX9FEmOmvkmQnafrkm/1Nfwap8sIjbVMiZr8z/j3hBpZbBGVSY/y4grXL2g+Gpuwez+o9Bi6IE4VrkojfJFR01WzFusOmVmb6vkU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132581508305.4006065225095;
 Tue, 4 May 2021 05:49:41 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122284.230622 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUT-0005xX-Le; Tue, 04 May 2021 12:49:29 +0000
Received: by outflank-mailman (output) from mailman id 122284.230622;
 Tue, 04 May 2021 12:49:29 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUT-0005xN-Hg; Tue, 04 May 2021 12:49:29 +0000
Received: by outflank-mailman (input) for mailman id 122284;
 Tue, 04 May 2021 12:49:27 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUR-0005hX-RX
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:27 +0000
Received: from mail-qk1-x72d.google.com (unknown [2607:f8b0:4864:20::72d])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 9cf9e786-2da6-4426-a16e-07b399763b73;
 Tue, 04 May 2021 12:49:15 +0000 (UTC)
Received: by mail-qk1-x72d.google.com with SMTP id u20so8296617qku.10
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:15 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.13
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:14 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 9cf9e786-2da6-4426-a16e-07b399763b73
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=NzGJMXzPpKRh7oGL0zGJA40Q9xjMNDkXow9gtE6yA3E=;
        b=Sup3MNbEW57h/VsmIS0kBok+uAZWBc3oAU6hzp6wCLu+3wA1dhIdbFwvmvBkh7bMy+
         Ovfp2rakfnwrj7sLKqbJGlfPPJR/9Phko11nJexPcbALlZb1QMxK56MGL8BC1VKhj+3w
         YQQEKqCbPXeMvHyIxFrj4tzMz/e6SHvlOrGO7cx4h/8o5s1ABtGQOfwdjTIJGfJzitxv
         V5dFPk7/BhOmaHa+JoKJM4PvamLMRayKXIKBF/KJw9Go8uSSAS1k+aEY+2KKBTMMCRTe
         /HQBD9+QDF0cnMkhFwqxk5I00Zrek0e0hk2nrRXLSXjSojI0JFe6AuQ4UNKEvT8z7eWY
         z8QA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=NzGJMXzPpKRh7oGL0zGJA40Q9xjMNDkXow9gtE6yA3E=;
        b=bIY0V9Pdjdkid8La2QOLaHlRaIHIhh408+7TxtCHU1mUd54EZ7rA9MoDLxQYr22bhe
         GCbU62uMncCd7McxKL9YPypxj7IV9bNdEO1NHyZ4WG2BPoVyf8xBI5SqsK7dwiLbG+JY
         1uvTh8HZvybhE1yg9hqEh/EVIK1Lu2cRZsKum2JeA8N7S7VrmTh1VgPaD9pnZ5poWTeZ
         4NbAVCTYkcWwmBSzzJ0lhbY+aHxqypEH9+/HsRctbWRkKXXcf/KG3+l7O1O21NbW5R7Q
         7pEZz9r0cCu1aahdWsDmMtzcMbMJiRcG7fLqjsutWPjgu1WNFpimohqfaljDJob0HBIw
         Aciw==
X-Gm-Message-State: AOAM533JO9Y9I2548LdeNSHGwphOAMKIWkAIofjwz4BsYb23IuhWaxt7
	q6HtCSSvvfKWSWcjTsNpuky2KtO49jk=
X-Google-Smtp-Source: 
 ABdhPJw4AohCj+xilj3RZmADBGUvFfvRHx+tfERd2JyoFkgLdp0H0S6qbdcoyBto7IJ6ROqHQ4eYYQ==
X-Received: by 2002:a37:745:: with SMTP id 66mr20175763qkh.5.1620132554549;
        Tue, 04 May 2021 05:49:14 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Ian Jackson <iwj@xenproject.org>,
	Wei Liu <wl@xen.org>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 4/9] vtpmmgr: Allow specifying srk_handle for TPM2
Date: Tue,  4 May 2021 08:48:37 -0400
Message-Id: <20210504124842.220445-5-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

Bypass taking ownership of the TPM2 if an srk_handle is specified.

This srk_handle must be usable with Null auth for the time being.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
---
 docs/man/xen-vtpmmgr.7.pod |  7 +++++++
 stubdom/vtpmmgr/init.c     | 11 ++++++++++-
 2 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/docs/man/xen-vtpmmgr.7.pod b/docs/man/xen-vtpmmgr.7.pod
index 875dcce508..3286954568 100644
--- a/docs/man/xen-vtpmmgr.7.pod
+++ b/docs/man/xen-vtpmmgr.7.pod
@@ -92,6 +92,13 @@ Valid arguments:
=20
 =3Dover 4
=20
+=3Ditem srk_handle=3D<HANDLE>
+
+Specify a srk_handle for TPM 2.0.  TPM 2.0 uses a key hierarchy, and
+this allow specifying the parent handle for vtpmmgr to create its own
+key under.  Using this option bypasses vtpmmgr trying to take ownership
+of the TPM.
+
 =3Ditem owner_auth=3D<AUTHSPEC>
=20
 =3Ditem srk_auth=3D<AUTHSPEC>
diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index 1506735051..c01d03e9f4 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -302,6 +302,11 @@ int parse_cmdline_opts(int argc, char** argv, struct O=
pts* opts)
             goto err_invalid;
          }
       }
+      else if(!strncmp(argv[i], "srk_handle:", 11)) {
+         if(sscanf(argv[i] + 11, "%x", &vtpm_globals.srk_handle) !=3D 1) {
+            goto err_invalid;
+         }
+      }
       else if(!strncmp(argv[i], "tpmdriver=3D", 10)) {
          if(!strcmp(argv[i] + 10, "tpm_tis")) {
             opts->tpmdriver =3D TPMDRV_TPM_TIS;
@@ -586,7 +591,11 @@ TPM_RESULT vtpmmgr2_create(void)
 {
     TPM_RESULT status =3D TPM_SUCCESS;
=20
-    TPMTRYRETURN(tpm2_take_ownership());
+    if ( vtpm_globals.srk_handle =3D=3D 0 ) {
+        TPMTRYRETURN(tpm2_take_ownership());
+    } else {
+        tpm2_AuthArea_ctor(NULL, 0, &vtpm_globals.srk_auth_area);
+    }
=20
    /* create SK */
     TPM2_Create_Params_out out;
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132585; cv=none;
	d=zohomail.com; s=zohoarc;
	b=IwjRaDMV9ceiNkTNu21mbOXsrHlpIDVQ1LTGIvI2E58dVyjgn3T17ifwyyLKRElF8NOHfnFV89TtSGy1gT4CHzfhqga6YsW85Nu2ugGQJ7B7XvgntoNbdTo8eAQLlaQ5yUgeX8ytOji9BT7/WEdQuP3dRMf7p3ShH0Tx6yeas/g=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132585;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=EcH+63aPNYFng4f+xHjI7oU7HEm0WiVbIzYTc1mGNtw=;
	b=X/k+PyN4Ty7TL649wUuMQeZGKYfqY7JA609ypeDYXCZaQmb0arm02i4EqagOt/ffJtSYbRwepRW1QUvFFQvboIwLSms64/5+zY0eta+elETHbb+kvmzlZufVcZWD3le4FulrYi13HjsHYUl9GO5hHdWbJscRq5QCm1kCVSzm+rw=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132585562170.2700087883178;
 Tue, 4 May 2021 05:49:45 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122286.230634 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUX-00062d-Vg; Tue, 04 May 2021 12:49:33 +0000
Received: by outflank-mailman (output) from mailman id 122286.230634;
 Tue, 04 May 2021 12:49:33 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUX-00062U-SF; Tue, 04 May 2021 12:49:33 +0000
Received: by outflank-mailman (input) for mailman id 122286;
 Tue, 04 May 2021 12:49:32 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUW-0005hX-Rg
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:32 +0000
Received: from mail-qk1-x733.google.com (unknown [2607:f8b0:4864:20::733])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 49133945-3ed6-47e0-953f-deaafcdad809;
 Tue, 04 May 2021 12:49:16 +0000 (UTC)
Received: by mail-qk1-x733.google.com with SMTP id i17so8324308qki.3
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:16 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.14
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:15 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 49133945-3ed6-47e0-953f-deaafcdad809
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=EcH+63aPNYFng4f+xHjI7oU7HEm0WiVbIzYTc1mGNtw=;
        b=XicsVm3VzRnST1nHLjHEHOgRNYyW3z62WGVZqJgCZ2WUO2n+pVVbUqhmvPjK64iTqh
         cjWqp2Wqm4fhQPgxTgGtT8Pu5jDLckiRX6+Y9bX5WWn10ufb3LAW9e94l+hesFvbquYE
         UJv/vDZlTzXFfQdYSX3r8Ya8pT2tK9VyTQUhK2vYpfvKOmByM+lnqIW4b9M61x81jKN/
         OGIG/h/2oIjwgMcGUR0lms9XodeXi1ARLH5DuNaxQtg0EaWRBXiVmBpQ3pMd+Jk298//
         /A7eHTBilOMl9WxV2ATRn3NEVHd8bIP83L+ZtZNiT5mkYMDJ8/RswJv5RLnKjDZbdFwa
         zy7g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=EcH+63aPNYFng4f+xHjI7oU7HEm0WiVbIzYTc1mGNtw=;
        b=rUQsA6sVteIZsGY7mN1yYf/wpLSV1J5uV41Oj35HZObAintTk/4xzAl8WuINuVTt6d
         MAAKd2yF1mNrbIJUfW0KYgSbBOUSVypcCVeNbzVLM6s7XjwEPq0aiKjV5i0bsynYb/yf
         QnIqIwN5wGNamqMNbWAZmCJzm0/vkS9ZdS0cjBwL0wW+P3R/gsakvOjvXsTfzBRLL6FK
         6mTeDtCoKWcFqwg9uDWHhHeJ6c6RrOw7VDKpYqbVKUGFYUr8hjLMnwtGcWQMjLZHIoG6
         1W0k2+0sVltzWLUErKKMq89TYnjtuZP64l53qR2dpZMKzBK0OsID/Mt3TxaI7/RT0lcT
         njaQ==
X-Gm-Message-State: AOAM533RuI/aW+gd/NSmSsEHSB1oyUOd+yaYiXiUOwo8MRKoN/wNCq1F
	BoXgmGSWhzXTM4+7vIFbeuS3OpPh080=
X-Google-Smtp-Source: 
 ABdhPJw/+ohffaaA5Um631ptKNm5wa1RdxFRcwvA4+8PC+zZc3l8NcdkTmCvJba514s3Jrryj5dFhg==
X-Received: by 2002:a05:620a:1230:: with SMTP id
 v16mr1496277qkj.14.1620132555775;
        Tue, 04 May 2021 05:49:15 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 5/9] vtpmmgr: Move vtpmmgr_shutdown
Date: Tue,  4 May 2021 08:48:38 -0400
Message-Id: <20210504124842.220445-6-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

Reposition vtpmmgr_shutdown so it can call flush_tpm2 without a forward
declaration.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
 stubdom/vtpmmgr/init.c | 28 ++++++++++++++--------------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index c01d03e9f4..569b0dd1dc 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -503,20 +503,6 @@ egress:
    return status;
 }
=20
-void vtpmmgr_shutdown(void)
-{
-   /* Cleanup TPM resources */
-   TPM_TerminateHandle(vtpm_globals.oiap.AuthHandle);
-
-   /* Close tpmback */
-   shutdown_tpmback();
-
-   /* Close tpmfront/tpm_tis */
-   close(vtpm_globals.tpm_fd);
-
-   vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n");
-}
-
 /* TPM 2.0 */
=20
 static void tpm2_AuthArea_ctor(const char *authValue, UINT32 authLen,
@@ -797,3 +783,17 @@ abort_egress:
 egress:
     return status;
 }
+
+void vtpmmgr_shutdown(void)
+{
+   /* Cleanup TPM resources */
+   TPM_TerminateHandle(vtpm_globals.oiap.AuthHandle);
+
+   /* Close tpmback */
+   shutdown_tpmback();
+
+   /* Close tpmfront/tpm_tis */
+   close(vtpm_globals.tpm_fd);
+
+   vtpmloginfo(VTPM_LOG_VTPM, "VTPM Manager stopped.\n");
+}
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132591; cv=none;
	d=zohomail.com; s=zohoarc;
	b=JksvKvfimUSoF1PEbxVvQYVAK9qbvdd4e5398FTfHQ0Iesq0rDBd9t+ht6uBJBVisaSZly39JK2gzCGHWUHXo8zVCLC+FFJ02N2sUfQ+hyvr4KMZfKdVc/nAy9kGimfMqTSbZEl/D7aEuXYs9Jr9TghYyWim1i/BEs8ERz9kmGY=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132591;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=a4b7pqUsgCM7Gh4S5TbhfMLGNActBOFdM2Cun502Sq8=;
	b=HUo+IltIspvxVHC2ZwsGfgYSBfayZNGXyFVDcRx0XVmkvsaiD/+BQjz0R1CzoEGabmQ/I9VBohLCHXK6Ddw6Sw0JYs6DsFNbLuBC44Ctp3KWHF+NRpIiTAOIWuGqdBgN828WztoipIdk/+TwcTEwFFLNK7AN/fpG7XtTFQm/kg4=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132591293601.5986125998345;
 Tue, 4 May 2021 05:49:51 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122289.230646 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUd-00068p-9l; Tue, 04 May 2021 12:49:39 +0000
Received: by outflank-mailman (output) from mailman id 122289.230646;
 Tue, 04 May 2021 12:49:39 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUd-00068f-5y; Tue, 04 May 2021 12:49:39 +0000
Received: by outflank-mailman (input) for mailman id 122289;
 Tue, 04 May 2021 12:49:37 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUb-0005hX-Rs
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:37 +0000
Received: from mail-qk1-x730.google.com (unknown [2607:f8b0:4864:20::730])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id ac142a89-455c-4029-b545-9857656015dc;
 Tue, 04 May 2021 12:49:17 +0000 (UTC)
Received: by mail-qk1-x730.google.com with SMTP id 197so8021009qkl.12
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:17 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.15
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:16 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: ac142a89-455c-4029-b545-9857656015dc
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=a4b7pqUsgCM7Gh4S5TbhfMLGNActBOFdM2Cun502Sq8=;
        b=dzhHDDK46ArIp4L2A5VhPTN8YohkMLSNo9JYU6cZlKUIkuHStMu1ReFAgPMe7FVxTl
         uLziA6EBg5n26usbiMR2T3R6SmhJbj368s4xUf2BQKSOCzMvSXUslFDSUhrj4eRsuFFx
         UANM4zEKlnJiS2lDaJoU+FvR4kh/fdpcjU9c+DA34rVIQDN2odsg4cOnSt6/gwzeYjgu
         252RdKvHrCPWPnC6PtPncPtBYy7o410oVieV+YA+xtoJzU9S0AoW/UtJUYQM5bUJU2tD
         rF0pEGL/NUpGRZLqIwiHoQnxLYDUyPJotd7a9c9AhM69EKeLIkddA15UmRxByIE4zYN9
         5/vg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=a4b7pqUsgCM7Gh4S5TbhfMLGNActBOFdM2Cun502Sq8=;
        b=FGv6CxZSqM8qTymPOWi8iq4wcZhuTbBEQWKqpHTLo/m1oEjlOFiAAUSn+5QtJEfzbF
         NO8JNetjx47hopwu5y33bVHsLZuNaG9xQn/QBuWyK0DBGGweoGxNpieQ6nJxd4fFUUdO
         G9xd8O8276Qe66VeDeV+1ipGaSBOL2sMuoWoUxKwgSbaSMW2fWYEyK0poZnf/D/RJr7j
         rbGl38jZxsTy91kRBPjn4P5G8RuFFqwrleEg8KwDkjYLqjvZD9XLIomcfMM/iDv5G5uf
         McwJMKcYHzxk/6ozjC4YVqQ/CvYtxDrCPjA/JMXnZfJJaf9yfDsdsHqigCaX7OT/mFKN
         +aVw==
X-Gm-Message-State: AOAM533oFdooG3aDFLWW8kQ6/D0M+BvwSe988xlJlZzZLl8pqr2M9n5d
	LqisxSBCb5sF2XtNxubsuMbufgj8/8o=
X-Google-Smtp-Source: 
 ABdhPJxkM0wWqRyiW4XWD1IwsuRGHA7MegVMGGjyxEmpughkogQ4MUtOqxkmzUjUKAxsAAUl+Klk5w==
X-Received: by 2002:a37:a8c6:: with SMTP id
 r189mr20972326qke.446.1620132556773;
        Tue, 04 May 2021 05:49:16 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 6/9] vtpmmgr: Flush transient keys on shutdown
Date: Tue,  4 May 2021 08:48:39 -0400
Message-Id: <20210504124842.220445-7-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

Remove our key so it isn't left in the TPM for someone to come along
after vtpmmgr shutsdown.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
 stubdom/vtpmmgr/init.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index 569b0dd1dc..d9fefa9be6 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -792,6 +792,14 @@ void vtpmmgr_shutdown(void)
    /* Close tpmback */
    shutdown_tpmback();
=20
+    if (hw_is_tpm2()) {
+        /* Blow away all stale handles left in the tpm*/
+        if (flush_tpm2() !=3D TPM_SUCCESS) {
+            vtpmlogerror(VTPM_LOG_TPM,
+                         "TPM2_FlushResources failed, continuing shutdown.=
.\n");
+        }
+    }
+
    /* Close tpmfront/tpm_tis */
    close(vtpm_globals.tpm_fd);
=20
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132595; cv=none;
	d=zohomail.com; s=zohoarc;
	b=Qq5vrC/vKjaHpDYHm6p183n+cp2t2pd+JDde59dlr1Ece7sW4e4aictz44RU3Fzthss3beonEs9Gq7UnxGcq50I9Wr0j2bP9JdPhe9qmTXkWkbJ6pQiR/DI1ejHVV3gUI2/2OVfFeYmeJmv9i/FNr4FYWN6Vu3/k8ip6OAHNYOU=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132595;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=IY3688lCpOSYrT/VQUB4uhc+PuFxy7DpqKpBTNFfpKA=;
	b=Q5ZtU21ruS1Moxy4CVUaJvNdpZYY9rf/oumaXRN0eHzTuWVOy3kAYDFAAqYggJwHL1yh1aUPnaM+lcZyJ8u/8suSIlXJLruAk/4r3Xzz+DN7OfRbmyipGf8rRrRaapXboy9AaHUNn611070D0tmzJyY/onzdYN7odcNDd8FJcxA=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132595742994.439041929393;
 Tue, 4 May 2021 05:49:55 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122293.230657 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUh-0006Es-PW; Tue, 04 May 2021 12:49:43 +0000
Received: by outflank-mailman (output) from mailman id 122293.230657;
 Tue, 04 May 2021 12:49:43 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUh-0006Ej-Lv; Tue, 04 May 2021 12:49:43 +0000
Received: by outflank-mailman (input) for mailman id 122293;
 Tue, 04 May 2021 12:49:42 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUg-0005hX-S2
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:42 +0000
Received: from mail-qk1-x733.google.com (unknown [2607:f8b0:4864:20::733])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 08ac263e-1521-4c02-b1de-0a817ac8cc6b;
 Tue, 04 May 2021 12:49:18 +0000 (UTC)
Received: by mail-qk1-x733.google.com with SMTP id v20so8316949qkv.5
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:18 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.16
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:17 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 08ac263e-1521-4c02-b1de-0a817ac8cc6b
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=IY3688lCpOSYrT/VQUB4uhc+PuFxy7DpqKpBTNFfpKA=;
        b=Mmc0fH56zWwQ1LV01pYXV2jkRXyynZHWJ0rK/6gwah0byGawyFX+lzPw27/dn4vimR
         2Z0A+1mrOZzPJa635380x7QGdS2hUTtoU/IGhRUE4b6qhvfnW4UREWvlZG2mXdTQLApm
         wAdtgNk8NgJl1weCwggzmNt1lT4iLv50X1xulz/Zkax8Mqy20a+A1/aK9jf8J7WYja+T
         0fZxu5dobo999pwIni2ajUiWmWg0tT3fZAklntLd/Q090Rm0Fn92eybjhq8/JKQvfV8T
         Fu2WxaVYcWlBDGsGk1/xuN9lGn1hyQTl23/ss2aTxahrVg/4vtHpOZUqMKDVYxhYaqg6
         wYeg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=IY3688lCpOSYrT/VQUB4uhc+PuFxy7DpqKpBTNFfpKA=;
        b=dGtoihiYnQn3Bpw4Jwm8CJGesOzU1rXoMBovYcq5Sei61MHNqQ34+baLywxaNkVyWz
         n+CnPChuAm4IPJdU5kq/afeD6Y8UqSWCAYgVVl8UT/hBgyLUOdFzTigPg5SJuSZxibdc
         58W4xsZJpg1Qwcru8zBtkYxsfL2N/3nU6Y07h+Vtt8M9/IDZ+FkPNgsKFqnd1xaaqQBL
         Bw6L6nn37YjtOD/XdDwhxkewTG7wODjVQMz0k4dd1KrcOEs8Mg9j28jDSk8tlM3X7+eP
         jaynb29h/Z49+eODwu2wkq3sY6v1VFrgwT1HgfAw2H5t5Rmx07/EHGVT0y8fh2EtzT2d
         5U2g==
X-Gm-Message-State: AOAM533+UCjOHvSPOUWqVAATkgHzFHci0fM/m0URpnTu6wBzEZRKTKpw
	/FPcxtGJYOFM3MFG+eXS7/bnOMuwv8A=
X-Google-Smtp-Source: 
 ABdhPJy0DBjg5zaFaKwENUOB2K3O2SgQN2b1tHKM5coz0xMFMeNl88Nbu+peZEA7nvp5D8XkuqesaQ==
X-Received: by 2002:a37:ae44:: with SMTP id x65mr24485640qke.9.1620132557845;
        Tue, 04 May 2021 05:49:17 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 7/9] vtpmmgr: Flush all transient keys
Date: Tue,  4 May 2021 08:48:40 -0400
Message-Id: <20210504124842.220445-8-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

We're only flushing 2 transients, but there are 3 handles.  Use <=3D to also
flush the third handle.

The number of transient handles/keys is hardware dependent, so this
should query for the limit.  And assignment of handles is assumed to be
sequential from the minimum.  That may not be guaranteed, but seems okay
with my tpm2.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
 stubdom/vtpmmgr/init.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/stubdom/vtpmmgr/init.c b/stubdom/vtpmmgr/init.c
index d9fefa9be6..e0dbcac3ad 100644
--- a/stubdom/vtpmmgr/init.c
+++ b/stubdom/vtpmmgr/init.c
@@ -656,7 +656,7 @@ static TPM_RC flush_tpm2(void)
 {
     int i;
=20
-    for (i =3D TRANSIENT_FIRST; i < TRANSIENT_LAST; i++)
+    for (i =3D TRANSIENT_FIRST; i <=3D TRANSIENT_LAST; i++)
          TPM2_FlushContext(i);
=20
     return TPM_SUCCESS;
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132599; cv=none;
	d=zohomail.com; s=zohoarc;
	b=gOCwpDI/AWG9vdv5Ja02sMPwVn5UP+Xc68jr0E0T9m5iuqraQ2WpQIb2dkOXue3cN4u8CYnR1OC0lNCLjbml3cu8aZj7Q7LMRz/UXRTMhA0WHxd1BltSXtHDt5fzhgrCFQ0XJchfEYzYS3z9077088Og3Kq4nImvsnkGmQlhigI=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132599;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=0DdizkBoM7pfPhbNOdVIyMYXA8hmL6MF3OIfF/uZavE=;
	b=F27UfIf08zYmvytMzXXvNkHrtJkOj7fkmQQwsf7K4Hewu4hBEJek6VuTEfkWT3dhLxg+M6fLH7O57PZlSSCq3ytL1PSVAiBPtvGxIdX012Vd7vvT5+G9c/9KwegxFY2Dud3C2yj0VrMq8ITMsOTD3nC0bZeGQxCiKiLtOaNnTWM=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132599845988.1422164683672;
 Tue, 4 May 2021 05:49:59 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122296.230670 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUn-0006L6-59; Tue, 04 May 2021 12:49:49 +0000
Received: by outflank-mailman (output) from mailman id 122296.230670;
 Tue, 04 May 2021 12:49:49 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUn-0006Kv-1d; Tue, 04 May 2021 12:49:49 +0000
Received: by outflank-mailman (input) for mailman id 122296;
 Tue, 04 May 2021 12:49:47 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUl-0005hX-Rw
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:47 +0000
Received: from mail-qk1-x72f.google.com (unknown [2607:f8b0:4864:20::72f])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 8e116294-23d2-48e3-bd0e-8ded2f2daf19;
 Tue, 04 May 2021 12:49:19 +0000 (UTC)
Received: by mail-qk1-x72f.google.com with SMTP id i67so5189471qkc.4
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:19 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:18 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 8e116294-23d2-48e3-bd0e-8ded2f2daf19
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=0DdizkBoM7pfPhbNOdVIyMYXA8hmL6MF3OIfF/uZavE=;
        b=kF+VGY1G0vz1TpF0CPNN+SmSe6Y8SqQTFCN3JoDULv2uIpxig3DWNaiRYODW+uCzCi
         IdeK8d3SmjNxsWKShWgMc2NBX+g4ciSEG2pXKM4KDqUi+ZbZ0/3c0B1r3Zv6ORT/1E7/
         /riXqDqO8aZfOUCpBiOsoCLbuWLdWVXkdu7q5NppT1/gDSeFEM5vBrEhwEu2td1IjGyh
         HbiZQXtI5nmVyyVM/Pd/+mDABFMgWYmiBQJe8gb4gzXxtFyL1u+7vS8R5L9xn76ZSj/U
         uSLKIOmlaLW2jJ51vHx0S8kWVnvpBk+GqPHcJXt+6O7VPJCjbRTkynx9H9ev7W+yyDjW
         G17w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=0DdizkBoM7pfPhbNOdVIyMYXA8hmL6MF3OIfF/uZavE=;
        b=hpF4bUkiF2G+Kn4dsFIGCKs5t/2dqtfC3y9kzOm70W3br38vNkt7z1Hp9MCffbrqXG
         JvoCkmyNXiFQ9gJL4iWpMpT41GLpqzCIjbdFOGdKM33bAVZWwLwHIpJuK0bPF8DWivKn
         foMIM4KzPk7IQ7y2AF3ON67BSVz2/ftca3xLWw7hIqJEsnxKn8hGMZxwSCYT5xBaXJRZ
         ML2Mhm2zqq99aOKVabQH7aB0GjlqG1lFXGWf80nx4fz9qO6KclgZVTG4Vh15j7oLAXWO
         6Zh/2Rr2ll3pvkQAD3hze4rIiuDcRZZYJdlu8evOHdRtdZ9OWt1j+xELXRqfl9ypDu3r
         6Dcw==
X-Gm-Message-State: AOAM532rN0zKs1R4Dkceho9tE4ZSQLjhBoASBkOSgrhiHO+6a5kZ3oRa
	mLI9H2i3eGtSUBvoI7GrMeeXrirknU4=
X-Google-Smtp-Source: 
 ABdhPJz4nGrzzdi22sWorVw6Psa6zTWQYJGfOf+8+5iLbGs1LACC/jy+Xj5P4ntNBDR5nYeuxHN1SQ==
X-Received: by 2002:a05:620a:918:: with SMTP id
 v24mr24268993qkv.54.1620132558949;
        Tue, 04 May 2021 05:49:18 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 8/9] vtpmmgr: Shutdown more gracefully
Date: Tue,  4 May 2021 08:48:41 -0400
Message-Id: <20210504124842.220445-9-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

vtpmmgr uses the default, weak app_shutdown, which immediately calls the
shutdown hypercall.  This short circuits the vtpmmgr clean up logic.  We
need to perform the clean up to actually Flush our key out of the tpm.

Setting do_shutdown is one step in that direction, but vtpmmgr will most
likely be waiting in tpmback_req_any.  We need to call shutdown_tpmback
to cancel the wait inside tpmback and perform the shutdown.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
Reviewed-by: Samuel Thibault <samuel.thibaut@ens-lyon.org>
---
 stubdom/vtpmmgr/vtpmmgr.c | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/stubdom/vtpmmgr/vtpmmgr.c b/stubdom/vtpmmgr/vtpmmgr.c
index 9fddaa24f8..46ea018921 100644
--- a/stubdom/vtpmmgr/vtpmmgr.c
+++ b/stubdom/vtpmmgr/vtpmmgr.c
@@ -67,11 +67,21 @@ int hw_is_tpm2(void)
     return (hardware_version.hw_version =3D=3D TPM2_HARDWARE) ? 1 : 0;
 }
=20
+static int do_shutdown;
+
+void app_shutdown(unsigned int reason)
+{
+    printk("Shutdown requested: %d\n", reason);
+    do_shutdown =3D 1;
+
+    shutdown_tpmback();
+}
+
 void main_loop(void) {
    tpmcmd_t* tpmcmd;
    uint8_t respbuf[TCPA_MAX_BUFFER_LENGTH];
=20
-   while(1) {
+   while (!do_shutdown) {
       /* Wait for requests from a vtpm */
       vtpmloginfo(VTPM_LOG_VTPM, "Waiting for commands from vTPM's:\n");
       if((tpmcmd =3D tpmback_req_any()) =3D=3D NULL) {
--=20
2.30.2


From nobody Fri Apr 26 22:46:35 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender) client-ip=192.237.175.120;
 envelope-from=xen-devel-bounces@lists.xenproject.org;
 helo=lists.xenproject.org;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass(p=none dis=none)  header.from=gmail.com
ARC-Seal: i=1; a=rsa-sha256; t=1620132607; cv=none;
	d=zohomail.com; s=zohoarc;
	b=k0BDBfbQ6JpQ5WaDNknxJ+tzeWSQHwvno09XyGFzaN7gH+KUYq1MG6atNDoId43wNrtGI9svGHiy56aTnR4jbfpct70qbkDpJEM90LcN5fPc+qRVWnJFpaMI2mRX7Rf1b/eSsT1+3l3Dx+x4DMEvMOU3m2tT4U4kDiPDUvF7FSo=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1620132607;
 h=Content-Transfer-Encoding:Cc:Date:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Help:List-Unsubscribe:MIME-Version:Message-ID:References:Sender:Subject:To;
	bh=5P9pw08EZqXqNEkdmsF7ZDqPU01GGuwd0g313RI0CAY=;
	b=JHNduOxwzjV9yinMt9SIKIDO2/HdDJARtUo/6mzwowyGHRPXgh4OBUvVfQxEhYP2WHlDXr18vm5SanDfog46xpnfFAaiTAYsCtSW5TPhe/YoMZuNPNbYoqsKY8yplV0xyi/rPJvD2vRL6yhwJYhTCA1oia8R74PlbkYUqDlc+wc=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of lists.xenproject.org designates
 192.237.175.120 as permitted sender)
  smtp.mailfrom=xen-devel-bounces@lists.xenproject.org;
	dmarc=pass header.from=<jandryuk@gmail.com> (p=none dis=none)
 header.from=<jandryuk@gmail.com>
Return-Path: <xen-devel-bounces@lists.xenproject.org>
Received: from lists.xenproject.org (lists.xenproject.org [192.237.175.120])
 by mx.zohomail.com
	with SMTPS id 1620132607153709.1257755982167;
 Tue, 4 May 2021 05:50:07 -0700 (PDT)
Received: from list by lists.xenproject.org with
 outflank-mailman.122300.230682 (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUs-0006Ra-Eu; Tue, 04 May 2021 12:49:54 +0000
Received: by outflank-mailman (output) from mailman id 122300.230682;
 Tue, 04 May 2021 12:49:54 +0000
Received: from localhost ([127.0.0.1] helo=lists.xenproject.org)
	by lists.xenproject.org with esmtp (Exim 4.92)
	(envelope-from <xen-devel-bounces@lists.xenproject.org>)
	id 1lduUs-0006RQ-Ah; Tue, 04 May 2021 12:49:54 +0000
Received: by outflank-mailman (input) for mailman id 122300;
 Tue, 04 May 2021 12:49:52 +0000
Received: from us1-rack-iad1.inumbo.com ([172.99.69.81])
 by lists.xenproject.org with esmtp (Exim 4.92) (envelope-from
 <SRS0=tMRT=J7=gmail.com=jandryuk@srs-us1.protection.inumbo.net>)
 id 1lduUq-0005hX-S5
 for xen-devel@lists.xenproject.org; Tue, 04 May 2021 12:49:52 +0000
Received: from mail-qk1-x730.google.com (unknown [2607:f8b0:4864:20::730])
 by us1-rack-iad1.inumbo.com (Halon) with ESMTPS
 id 9ac7165f-96f8-4fbd-9072-2d634d77c41a;
 Tue, 04 May 2021 12:49:20 +0000 (UTC)
Received: by mail-qk1-x730.google.com with SMTP id 197so8021191qkl.12
 for <xen-devel@lists.xenproject.org>; Tue, 04 May 2021 05:49:20 -0700 (PDT)
Received: from pm2-ws13.praxislan02.com ([2001:470:8:67e:92e5:6d58:b544:4daa])
 by smtp.gmail.com with ESMTPSA id
 i11sm2355001qtv.8.2021.05.04.05.49.19
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Tue, 04 May 2021 05:49:19 -0700 (PDT)
X-Outflank-Mailman: Message body and most headers restored to incoming version
X-BeenThere: xen-devel@lists.xenproject.org
List-Id: Xen developer discussion <xen-devel.lists.xenproject.org>
List-Unsubscribe: <https://lists.xenproject.org/mailman/options/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=unsubscribe>
List-Post: <mailto:xen-devel@lists.xenproject.org>
List-Help: <mailto:xen-devel-request@lists.xenproject.org?subject=help>
List-Subscribe: <https://lists.xenproject.org/mailman/listinfo/xen-devel>,
 <mailto:xen-devel-request@lists.xenproject.org?subject=subscribe>
Errors-To: xen-devel-bounces@lists.xenproject.org
Precedence: list
Sender: "Xen-devel" <xen-devel-bounces@lists.xenproject.org>
X-Inumbo-ID: 9ac7165f-96f8-4fbd-9072-2d634d77c41a
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:cc:subject:date:message-id:in-reply-to:references
         :mime-version:content-transfer-encoding;
        bh=5P9pw08EZqXqNEkdmsF7ZDqPU01GGuwd0g313RI0CAY=;
        b=rPD2BYjdtrTPILExTmxr8PkQw+BPrfyypfxVEThxmTXarRi8DWP1Oz7eN7dYciLKqk
         zTVeVXKDd9JR5A5EiAA2AuMkPi2if0f5SjQIiQMwT/ht6S73gyS9LtsDOdCJe67Ec4Nf
         Pep50LlBoi6lc/lCvP5fxaglzepfoqv5WnHmKYXqrS8ZFkHwV5DbXPdQQm36wmrLscgv
         uUoo6ctdKY6C4rkqrieI8acygzu3xaLILQzqJVlCatB+eW2kO1v38ic6owVD80e5UJL6
         TACTV9wgxXwz8qqr1IDCvZN1nYzh80eYobn7yUCp2fpclsZXS8fnPW5kCiKIxecSGuyO
         AxFA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
         :references:mime-version:content-transfer-encoding;
        bh=5P9pw08EZqXqNEkdmsF7ZDqPU01GGuwd0g313RI0CAY=;
        b=R5WL5Di/lkWxym6SDUqvSBR/BIsUW07TL0ob/AEoin+yJ87B6jKjksa8qNidS/heVE
         PHsBTckQU24gH8s6D0jH7BVAKfuEdgpjqUcmAJIn7g5/M/4dew6+k9E4R4aZIQ5hyGGp
         qJm7/jjnxTKx/CvNENEv+SDl1x+1fR1VnsKbIsTPCxkWOrUsicw8aZgBxBEtPgBlvbnR
         0oE8qS6CjOsG80v5HqyHjkkVAg61dJECh9Qx69w875ZccpjZEamWbOa2aOsqN0e8blul
         bZNMQyX+v9u7oq8qufWB6ongltPfO1lRh/18bVLVbmwq0Shxl1RVsviXv2yCEMuX22or
         ARDw==
X-Gm-Message-State: AOAM531VNsQ2gm51umrz7T5K3Gh8bMZTsk5e4Nx1MqA5uxh4/airEhwc
	HdSgENk71q9zqyrK4xehq16uRukNqzI=
X-Google-Smtp-Source: 
 ABdhPJyTEspJiSpERqd+zFpQhhwsfGAiBJpSYZUHyVrbKmTHn9E1iL/VVWvjSNNVZmi7/qjezf9V0g==
X-Received: by 2002:a37:a24b:: with SMTP id
 l72mr15678342qke.189.1620132560052;
        Tue, 04 May 2021 05:49:20 -0700 (PDT)
From: Jason Andryuk <jandryuk@gmail.com>
To: xen-devel@lists.xenproject.org
Cc: Jason Andryuk <jandryuk@gmail.com>,
	Daniel De Graaf <dgdegra@tycho.nsa.gov>,
	Quan Xu <quan.xu0@gmail.com>,
	Samuel Thibault <samuel.thibault@ens-lyon.org>
Subject: [PATCH 9/9] vtpmmgr: Support GetRandom passthrough on TPM 2.0
Date: Tue,  4 May 2021 08:48:42 -0400
Message-Id: <20210504124842.220445-10-jandryuk@gmail.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20210504124842.220445-1-jandryuk@gmail.com>
References: <20210504124842.220445-1-jandryuk@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @gmail.com)
Content-Type: text/plain; charset="utf-8"

GetRandom passthrough currently fails when using vtpmmgr with a hardware
TPM 2.0.
vtpmmgr (8): INFO[VTPM]: Passthrough: TPM_GetRandom
vtpm (12): vtpm_cmd.c:120: Error: TPM_GetRandom() failed with error code (3=
0)

When running on TPM 2.0 hardware, vtpmmgr needs to convert the TPM 1.2
TPM_ORD_GetRandom into a TPM2 TPM_CC_GetRandom command.  Besides the
differing ordinal, the TPM 1.2 uses 32bit sizes for the request and
response (vs. 16bit for TPM2).

Place the random output directly into the tpmcmd->resp and build the
packet around it.  This avoids bouncing through an extra buffer, but the
header has to be written after grabbing the random bytes so we have the
number of bytes to include in the size.

Signed-off-by: Jason Andryuk <jandryuk@gmail.com>
---
 stubdom/vtpmmgr/marshal.h          | 10 +++++++
 stubdom/vtpmmgr/vtpm_cmd_handler.c | 48 ++++++++++++++++++++++++++++++
 2 files changed, 58 insertions(+)

diff --git a/stubdom/vtpmmgr/marshal.h b/stubdom/vtpmmgr/marshal.h
index dce19c6439..20da22af09 100644
--- a/stubdom/vtpmmgr/marshal.h
+++ b/stubdom/vtpmmgr/marshal.h
@@ -890,6 +890,15 @@ inline int sizeof_TPM_AUTH_SESSION(const TPM_AUTH_SESS=
ION* auth) {
 	return rv;
 }
=20
+static
+inline int sizeof_TPM_RQU_HEADER(BYTE* ptr) {
+	int rv =3D 0;
+	rv +=3D sizeof_UINT16(ptr);
+	rv +=3D sizeof_UINT32(ptr);
+	rv +=3D sizeof_UINT32(ptr);
+	return rv;
+}
+
 static
 inline BYTE* pack_TPM_RQU_HEADER(BYTE* ptr,
 		TPM_TAG tag,
@@ -923,5 +932,6 @@ inline int unpack3_TPM_RQU_HEADER(BYTE* ptr, UINT32* po=
s, UINT32 max,
 #define pack_TPM_RSP_HEADER(p, t, s, r) pack_TPM_RQU_HEADER(p, t, s, r)
 #define unpack_TPM_RSP_HEADER(p, t, s, r) unpack_TPM_RQU_HEADER(p, t, s, r)
 #define unpack3_TPM_RSP_HEADER(p, l, m, t, s, r) unpack3_TPM_RQU_HEADER(p,=
 l, m, t, s, r)
+#define sizeof_TPM_RSP_HEADER(p) sizeof_TPM_RQU_HEADER(p)
=20
 #endif
diff --git a/stubdom/vtpmmgr/vtpm_cmd_handler.c b/stubdom/vtpmmgr/vtpm_cmd_=
handler.c
index 2ac14fae77..7ca1d9df94 100644
--- a/stubdom/vtpmmgr/vtpm_cmd_handler.c
+++ b/stubdom/vtpmmgr/vtpm_cmd_handler.c
@@ -47,6 +47,7 @@
 #include "vtpm_disk.h"
 #include "vtpmmgr.h"
 #include "tpm.h"
+#include "tpm2.h"
 #include "tpmrsa.h"
 #include "tcg.h"
 #include "mgmt_authority.h"
@@ -772,6 +773,52 @@ static int vtpmmgr_permcheck(struct tpm_opaque *opq)
 	return 1;
 }
=20
+TPM_RESULT vtpmmgr_handle_getrandom(struct tpm_opaque *opaque,
+				    tpmcmd_t* tpmcmd)
+{
+	TPM_RESULT status =3D TPM_SUCCESS;
+	TPM_TAG tag;
+	UINT32 size;
+	UINT32 rand_offset;
+	UINT32 rand_size;
+	TPM_COMMAND_CODE ord;
+	BYTE *p;
+
+	p =3D unpack_TPM_RQU_HEADER(tpmcmd->req, &tag, &size, &ord);
+
+	if (!hw_is_tpm2()) {
+		size =3D TCPA_MAX_BUFFER_LENGTH;
+		TPMTRYRETURN(TPM_TransmitData(tpmcmd->req, tpmcmd->req_len,
+					      tpmcmd->resp, &size));
+		tpmcmd->resp_len =3D size;
+
+		return TPM_SUCCESS;
+	}
+
+	/* TPM_GetRandom req: <header><uint32 num bytes> */
+	unpack_UINT32(p, &rand_size);
+
+	/* Call TPM2_GetRandom but return a TPM_GetRandom response. */
+	/* TPM_GetRandom resp: <header><uint32 num bytes><num random bytes> */
+        rand_offset =3D sizeof_TPM_RSP_HEADER(tpmcmd->resp) +
+		      sizeof_UINT32(tpmcmd->resp);
+
+	TPMTRYRETURN(TPM2_GetRandom(&rand_size, tpmcmd->resp + rand_offset));
+
+	p =3D pack_TPM_RSP_HEADER(tpmcmd->resp, TPM_TAG_RSP_COMMAND,
+				rand_offset + rand_size, status);
+	p =3D pack_UINT32(p, rand_size);
+	tpmcmd->resp_len =3D rand_offset + rand_size;
+
+	return status;
+
+abort_egress:
+	tpmcmd->resp_len =3D VTPM_COMMAND_HEADER_SIZE;
+	pack_TPM_RSP_HEADER(tpmcmd->resp, tag + 3, tpmcmd->resp_len, status);
+
+	return status;
+}
+
 TPM_RESULT vtpmmgr_handle_cmd(
 		struct tpm_opaque *opaque,
 		tpmcmd_t* tpmcmd)
@@ -842,6 +889,7 @@ TPM_RESULT vtpmmgr_handle_cmd(
 		switch(ord) {
 		case TPM_ORD_GetRandom:
 			vtpmloginfo(VTPM_LOG_VTPM, "Passthrough: TPM_GetRandom\n");
+			return vtpmmgr_handle_getrandom(opaque, tpmcmd);
 			break;
 		case TPM_ORD_PcrRead:
 			vtpmloginfo(VTPM_LOG_VTPM, "Passthrough: TPM_PcrRead\n");
--=20
2.30.2