From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D67B519342B; Tue, 17 Sep 2024 15:44:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587895; cv=none; b=BUnNkqKmb0Y170rhWd5u/Ms2lReaG0n9p0rb2MLoVgO68IinvSIdm7RXb4JiOiXRWzxXR4JD6ghzOa5pHhiLU7q9J4vF4soZ6UtS40YkgYZSyoRGu+MVmX7yehacfsSPKWQ/12JSXCUtTnZKISUgJbzWXzP7hd6BZHGttOj68tE= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587895; c=relaxed/simple; bh=rw9/FeMz51DKME1/reXnnc5Za/cdWbF/63E6IVevQMU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=JlwxsXIkDUvwIHtfFHhUvSBC3XdJrNYc721cAMGvWP9ayQZiEJf61G0ngI1cTeWuk/6XtHdEVNcg0BVriyyK1CRdgd5CoGhKQVwvEdiw5r83Sn5+ZeWQVVed1IBR5iZIZHrB/s8Tz2Z7lReg240uGUq9lp7JqB5NSUZSnvi6jQg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=J1x1R34x; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="J1x1R34x" Received: by smtp.kernel.org (Postfix) with ESMTPSA id F0AE3C4CEC5; Tue, 17 Sep 2024 15:44:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587894; bh=rw9/FeMz51DKME1/reXnnc5Za/cdWbF/63E6IVevQMU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=J1x1R34xwXuYWredtfrrtopU3MK3gM3SAL6yGKt8rAiiOtCdLKsik9YmKDWwsjeB/ XRxRNYNp6SErbu4l6spAh7ynExAEX3SXC5zgOW/+HDgb8XO8PSPr29RDXNK//boCFf Y7Aq45GDWvM0JB4dptCzfTUcmd0Y/m1Lil2d5ohebapFE367dqCDPSc0YyIzYr8/rk trG4mdnVwXzMgXDuqu+z/IL/88uPk7YycRHhZEZeKTpla+uY+6zJyVz9q7zv8KcOsS VV/aG6U3KoSg+sf5wwDqhpsQ8rv4kandlVQe4UlWD2eBTMUmzSR//z4DxgwYCBT/FM wAB5S5ruY3amA== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 1/7] tpm: Remove the top-level documentation tpm2-sessions.c Date: Tue, 17 Sep 2024 18:44:30 +0300 Message-ID: <20240917154444.702370-2-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" The documentation in the file header is duplicate documentation to the documentation Documentation/security/tpm/tpm-security.rst and kdoc comments attached to the exported functions in 'tpm2-sessions.c'. Remove it as maintaining it would be just a waster of time and resources. Signed-off-by: Jarkko Sakkinen Tested-by: Pengyu Ma --- v3: - Refine the commit message. v2: - Refine the commit message. --- drivers/char/tpm/tpm2-sessions.c | 65 -------------------------------- 1 file changed, 65 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 44f60730cff4..6cc1ea81c57c 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1,71 +1,6 @@ // SPDX-License-Identifier: GPL-2.0 - /* * Copyright (C) 2018 James.Bottomley@HansenPartnership.com - * - * Cryptographic helper routines for handling TPM2 sessions for - * authorization HMAC and request response encryption. - * - * The idea is to ensure that every TPM command is HMAC protected by a - * session, meaning in-flight tampering would be detected and in - * addition all sensitive inputs and responses should be encrypted. - * - * The basic way this works is to use a TPM feature called salted - * sessions where a random secret used in session construction is - * encrypted to the public part of a known TPM key. The problem is we - * have no known keys, so initially a primary Elliptic Curve key is - * derived from the NULL seed (we use EC because most TPMs generate - * these keys much faster than RSA ones). The curve used is NIST_P256 - * because that's now mandated to be present in 'TCG TPM v2.0 - * Provisioning Guidance' - * - * Threat problems: the initial TPM2_CreatePrimary is not (and cannot - * be) session protected, so a clever Man in the Middle could return a - * public key they control to this command and from there intercept - * and decode all subsequent session based transactions. The kernel - * cannot mitigate this threat but, after boot, userspace can get - * proof this has not happened by asking the TPM to certify the NULL - * key. This certification would chain back to the TPM Endorsement - * Certificate and prove the NULL seed primary had not been tampered - * with and thus all sessions must have been cryptographically secure. - * To assist with this, the initial NULL seed public key name is made - * available in a sysfs file. - * - * Use of these functions: - * - * The design is all the crypto, hash and hmac gunk is confined in this - * file and never needs to be seen even by the kernel internal user. To - * the user there's an init function tpm2_sessions_init() that needs to - * be called once per TPM which generates the NULL seed primary key. - * - * These are the usage functions: - * - * tpm2_start_auth_session() which allocates the opaque auth structure - * and gets a session from the TPM. This must be called before - * any of the following functions. The session is protected by a - * session_key which is derived from a random salt value - * encrypted to the NULL seed. - * tpm2_end_auth_session() kills the session and frees the resources. - * Under normal operation this function is done by - * tpm_buf_check_hmac_response(), so this is only to be used on - * error legs where the latter is not executed. - * tpm_buf_append_name() to add a handle to the buffer. This must be - * used in place of the usual tpm_buf_append_u32() for adding - * handles because handles have to be processed specially when - * calculating the HMAC. In particular, for NV, volatile and - * permanent objects you now need to provide the name. - * tpm_buf_append_hmac_session() which appends the hmac session to the - * buf in the same way tpm_buf_append_auth does(). - * tpm_buf_fill_hmac_session() This calculates the correct hash and - * places it in the buffer. It must be called after the complete - * command buffer is finalized so it can fill in the correct HMAC - * based on the parameters. - * tpm_buf_check_hmac_response() which checks the session response in - * the buffer and calculates what it should be. If there's a - * mismatch it will log a warning and return an error. If - * tpm_buf_append_hmac_session() did not specify - * TPM_SA_CONTINUE_SESSION then the session will be closed (if it - * hasn't been consumed) and the auth structure freed. */ =20 #include "tpm.h" --=20 2.46.0 From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id EF2411925BE; Tue, 17 Sep 2024 15:44:59 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587900; cv=none; b=WyDd8TPEFKoHWnblY7uiwJGxVWEnFETYL1NxJs6DYarIXAsCetK01Q3yRLNprjy+Q42cNamxOPa928rFAzPZ2/bZ41FDkEPgQhwFzmKjGbp4yGmvCnReNlrG0eNGw/oor1zIXIFKDYosJTFIadiO4PT9xfYz99XxfTt0LUDLf+w= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587900; c=relaxed/simple; bh=G8RsCScdbp+9ybMzUp8FLT1Lh6rs3SGvyd2dSpLYS0k=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=qiTQiZSKHH1iJi5yKJ2P8yFdm9r8zFeCfmU7/xcugBi9QOKgpPWmID4eJlMP/QYKoCNlDW2s32XeqSqoS8rCOaFBLYk422k1pBJKBdyeU8HdSUt3nSPTeG/K9LZQK3INjgyjai7hVFqRXT6a7v6hznV6WZ/ji58cNr0Y2q77UAo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lhTUFMyY; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lhTUFMyY" Received: by smtp.kernel.org (Postfix) with ESMTPSA id DFA4DC4CEC5; Tue, 17 Sep 2024 15:44:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587899; bh=G8RsCScdbp+9ybMzUp8FLT1Lh6rs3SGvyd2dSpLYS0k=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lhTUFMyYGb2/U/xuczJFja6O8Mukl/o3hOpUo+BnD059eAi+hq3G8NJ0kpQYvqY2S ORKQGqSeEBiaPQFWy7qzhV+L8umivyFSD6w7DBPHFiEYdGosJt9sGyV/yg6P+gzuNC HxCh/BzCTkCIMMRgP3gOAKyfXuCGFc1SmqDhmBA/oxCSVCMAf7vVl9jb7cHB+9soMQ ie13Cqo0jln69QgzzZT69bRDXBSGti39mXnCOJAVpMQED18AeUJVzzp/oRf8TV+r1C CscqCGhW2h9M+iNK8aSqyHAGsUCBCmeZ5yx1nVjphV9Z3NAbnl1v7xkkWLBB7XMSz0 jzuc1L2CdjEBQ== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , stable@vger.kernel.org, Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 2/7] tpm: Return on tpm2_create_null_primary() failure Date: Tue, 17 Sep 2024 18:44:31 +0300 Message-ID: <20240917154444.702370-3-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" tpm2_sessions_init() does not ignores the result of saving the null key. Address this by printing either TPM or POSIX error code, and returning -ENODEV back to the caller. Cc: stable@vger.kernel.org # v6.11+ Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation") Signed-off-by: Jarkko Sakkinen Tested-by: Pengyu Ma --- v3: - Handle TPM and POSIX error separately and return -ENODEV always back to the caller. v2: - Refined the commit message. --- drivers/char/tpm/tpm2-sessions.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 6cc1ea81c57c..0993d18ee886 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1273,7 +1273,13 @@ static int tpm2_create_null_primary(struct tpm_chip = *chip) tpm2_flush_context(chip, null_key); } =20 - return rc; + if (rc < 0) + dev_err(&chip->dev, "saving the null key failed with error %d\n", rc); + else if (rc > 0) + dev_err(&chip->dev, "saving the null key failed with TPM error 0x%04X\n"= , rc); + + /* Map all errors to -ENODEV: */ + return rc ? -ENODEV : rc; } =20 /** @@ -1289,7 +1295,7 @@ int tpm2_sessions_init(struct tpm_chip *chip) =20 rc =3D tpm2_create_null_primary(chip); if (rc) - dev_err(&chip->dev, "TPM: security failed (NULL seed derivation): %d\n",= rc); + return rc; =20 chip->auth =3D kmalloc(sizeof(*chip->auth), GFP_KERNEL); if (!chip->auth) --=20 2.46.0 From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8F5AC194138; Tue, 17 Sep 2024 15:45:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587904; cv=none; b=UuxFrK3UyNYxNj7i7IsF9kPggK4flZoXegG405H0YhYmYwoUagmrgBVKO9mX+ePhGT60bUzyaFSt52HLr02RB7jtYJvpY9pJWlLFAxnDUaE8bmAToYJq/IKWM8p14nAr6SBMTy2Vku9XIqW/1p4DJ0QZCJaHhDlIYxjmXhX6Pdo= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587904; c=relaxed/simple; bh=BMyYGqGEO26GNPeQnIBlL1dX/WGOQKX5Yh6/QOkpGHU=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=bDOXHZTpaXrzAZLezK7Va8M4dSJxWqeyWsxf9TLqi92QLAZsBY8jscExuLXL8N73wW1fTLFKnUxRS34A3o35EJ04NbBhegYTj84OlmuDvVgfLyFRm5iiC20gsOX7ZKZxh1Nng1ZMU59PO8MtBLmo28ehaTgpE7Y4qZyxoVGtIs4= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=SwNoTDzB; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="SwNoTDzB" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 90A03C4CEC5; Tue, 17 Sep 2024 15:45:03 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587903; bh=BMyYGqGEO26GNPeQnIBlL1dX/WGOQKX5Yh6/QOkpGHU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=SwNoTDzBM4Lm2wuAGIqEZkyE7plkegd9QQBCKk46t+lvsAvsfyY3sK20RAeJplI6j /if9C1sw2hiXQ+hYMi6R1Lg35AIc8f89kkfgl4pYksTxu1HQdPiajpvKEkidPj6ypn 56me0Zu7hICMSInfC2O9R/GUqy06yFj161DqgXjRzz/SQqBrVYJ52iqAZxKai/FONe BjHOConj+CCP+wi7Z5obWVeJ/TXbVK6dyOjlJjSfs2IpvzlM8UnT8CQgtmw3x85ztX lMTcIXHZ7XyLUC+Q0PnFKV/k7ucK99Z7V7UmIR9iG0JuA7gLb2M9d0J55qDpFyGpMr jFlP712AzvqLA== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , stable@vger.kernel.org, Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 3/7] tpm: Return on tpm2_create_primary() failure in tpm2_load_null() Date: Tue, 17 Sep 2024 18:44:32 +0300 Message-ID: <20240917154444.702370-4-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" tpm2_load_null() ignores the return value of tpm2_create_primary(). Further, it does not heal from the situation when memcmp() returns zero. Address this by returning on failure and saving the null key if there was no detected interference in the bus. Cc: stable@vger.kernel.org # v6.11+ Fixes: eb24c9788cd9 ("tpm: disable the TPM if NULL name changes") Signed-off-by: Jarkko Sakkinen Tested-by: Pengyu Ma --- v3: - Update log messages. Previously the log message incorrectly stated on load failure that integrity check had been failed, even tho the check is done *after* the load operation. v2: - Refined the commit message. - Reverted tpm2_create_primary() changes. They are not required if tmp_null_key is used as the parameter. --- drivers/char/tpm/tpm2-sessions.c | 38 +++++++++++++++++--------------- 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 0993d18ee886..03c56f0eda49 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -850,32 +850,34 @@ static int tpm2_parse_start_auth_session(struct tpm2_= auth *auth, =20 static int tpm2_load_null(struct tpm_chip *chip, u32 *null_key) { - int rc; unsigned int offset =3D 0; /* dummy offset for null seed context */ u8 name[SHA256_DIGEST_SIZE + 2]; + u32 tmp_null_key; + int rc; =20 rc =3D tpm2_load_context(chip, chip->null_key_context, &offset, - null_key); - if (rc !=3D -EINVAL) + &tmp_null_key); + if (rc !=3D -EINVAL) { + if (!rc) + *null_key =3D tmp_null_key; return rc; + } + dev_info(&chip->dev, "the null key has been reset\n"); =20 - /* an integrity failure may mean the TPM has been reset */ - dev_err(&chip->dev, "NULL key integrity failure!\n"); - /* check the null name against what we know */ - tpm2_create_primary(chip, TPM2_RH_NULL, NULL, name); - if (memcmp(name, chip->null_key_name, sizeof(name)) =3D=3D 0) - /* name unchanged, assume transient integrity failure */ + rc =3D tpm2_create_primary(chip, TPM2_RH_NULL, &tmp_null_key, name); + if (rc) return rc; - /* - * Fatal TPM failure: the NULL seed has actually changed, so - * the TPM must have been illegally reset. All in-kernel TPM - * operations will fail because the NULL primary can't be - * loaded to salt the sessions, but disable the TPM anyway so - * userspace programmes can't be compromised by it. - */ - dev_err(&chip->dev, "NULL name has changed, disabling TPM due to interfer= ence\n"); - chip->flags |=3D TPM_CHIP_FLAG_DISABLE; =20 + /* Return the null key if the name has not been changed: */ + if (memcmp(name, chip->null_key_name, sizeof(name)) =3D=3D 0) { + *null_key =3D tmp_null_key; + return 0; + } + + /* Deduce from the name change TPM interference: */ + dev_err(&chip->dev, "the null key integrity check failedh\n"); + tpm2_flush_context(chip, tmp_null_key); + chip->flags |=3D TPM_CHIP_FLAG_DISABLE; return rc; } =20 --=20 2.46.0 From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4B73B194AE6; Tue, 17 Sep 2024 15:45:08 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587909; cv=none; b=A3FCdklooJYBAvVbJ55OyjFuMmrLJDAhruJ8k0ti6KqCsG40oUZHnMxWFUjXg31Q1PXkDNcfMR7T1vGV26kaKfFniOhu6l8duqUhnXj4h21t7pt8q/2DuYyYjQLR3cCtlMHNhduFB7V54pnVTKvuHEhg+nDE21Fi8wJwt/pG3/Q= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587909; c=relaxed/simple; bh=C3Mpaxh2OV6YvryYeWN6bkOf7x9QWfSOd3mncoa4OuE=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=mjqliJ3i44g+OVX/suibt/LWuPQEluMb3hwgAeLVzNIkfzn02fpnpWeb1j2J9cRnYut4asovnznjirB5BHoAPI/gKEGpF13U2JHLi9hw260uTwEcVLvoRro0u4FO3SK2xwZMzgcgZ34qONVEhBx4AXCqPtW1DoOfbT3J0IAaEqY= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=lqK7quu1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="lqK7quu1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 76696C4CEC5; Tue, 17 Sep 2024 15:45:08 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587908; bh=C3Mpaxh2OV6YvryYeWN6bkOf7x9QWfSOd3mncoa4OuE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=lqK7quu1NRBUgl9TMeGqUFdTSBklwF5p+aTLQXsLLk96BOpABcIe4nOmkKmDZ7piZ w8KIZo+Dz9Y/ZvkX5JenFxV/99NvTcYENtlbg0TP+z0rfkuYeMCdRYACfGGGnnTnTb CHI0sGLM7u/V6w+ZDm87iHtLki/uECxDhTXQFJkGHEz87xac4wknH15FXAdu1PQDed 49PduawY+2jfvLw49IaUs/slyet8l8DXgP7TQ2n4CXzST3fcQXHkET1H1x0udkbr5Y hhZnjrwRwRGRszwrzxONs7RgYui3IAPy54ueA0f5YnyDbBhoRimAph/l4JWr0L4IjO MfwgYnXQGgQTA== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 4/7] tpm: flush the null key only when /dev/tpm0 is accessed Date: Tue, 17 Sep 2024 18:44:33 +0300 Message-ID: <20240917154444.702370-5-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of flushing and reloading the null key for every single auth session, flush it only when: 1. User space needs to access /dev/tpm{rm}0. 2. When going to sleep. 3. When unregistering the chip. This removes the need to load and swap the null key between TPM and regular memory per transaction, when the user space is not using the chip. Tested-by: Pengyu Ma Signed-off-by: Jarkko Sakkinen --- v3: - Unchanged. v2: - Refined the commit message. - Added tested-by from Pengyu Ma . - Removed spurious pr_info() statement. --- drivers/char/tpm/tpm-chip.c | 13 +++++++++++++ drivers/char/tpm/tpm-dev-common.c | 7 +++++++ drivers/char/tpm/tpm-interface.c | 9 +++++++-- drivers/char/tpm/tpm2-cmd.c | 3 +++ drivers/char/tpm/tpm2-sessions.c | 17 ++++++++++++++--- include/linux/tpm.h | 2 ++ 6 files changed, 46 insertions(+), 5 deletions(-) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 854546000c92..0ea00e32f575 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -674,6 +674,19 @@ EXPORT_SYMBOL_GPL(tpm_chip_register); */ void tpm_chip_unregister(struct tpm_chip *chip) { +#ifdef CONFIG_TCG_TPM2_HMAC + int rc; + + rc =3D tpm_try_get_ops(chip); + if (!rc) { + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_flush_context(chip, chip->null_key); + chip->null_key =3D 0; + } + tpm_put_ops(chip); + } +#endif + tpm_del_legacy_sysfs(chip); if (tpm_is_hwrng_enabled(chip)) hwrng_unregister(&chip->hwrng); diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-c= ommon.c index c3fbbf4d3db7..4bc07963e260 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -27,6 +27,13 @@ static ssize_t tpm_dev_transmit(struct tpm_chip *chip, s= truct tpm_space *space, struct tpm_header *header =3D (void *)buf; ssize_t ret, len; =20 +#ifdef CONFIG_TCG_TPM2_HMAC + if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_flush_context(chip, chip->null_key); + chip->null_key =3D 0; + } +#endif + ret =3D tpm2_prepare_space(chip, space, buf, bufsiz); /* If the command is not implemented by the TPM, synthesize a * response with a TPM2_RC_COMMAND_CODE return for user-space. diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interf= ace.c index 5da134f12c9a..bfa47d48b0f2 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -379,10 +379,15 @@ int tpm_pm_suspend(struct device *dev) =20 rc =3D tpm_try_get_ops(chip); if (!rc) { - if (chip->flags & TPM_CHIP_FLAG_TPM2) + if (chip->flags & TPM_CHIP_FLAG_TPM2) { +#ifdef CONFIG_TCG_TPM2_HMAC + tpm2_flush_context(chip, chip->null_key); + chip->null_key =3D 0; +#endif tpm2_shutdown(chip, TPM2_SU_STATE); - else + } else { rc =3D tpm1_pm_suspend(chip, tpm_suspend_pcr); + } =20 tpm_put_ops(chip); } diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 1e856259219e..aba024cbe7c5 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -364,6 +364,9 @@ void tpm2_flush_context(struct tpm_chip *chip, u32 hand= le) struct tpm_buf buf; int rc; =20 + if (!handle) + return; + rc =3D tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_FLUSH_CONTEXT); if (rc) { dev_warn(&chip->dev, "0x%08x was not flushed, out of memory\n", diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 03c56f0eda49..5227bf6097a0 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -855,11 +855,19 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 = *null_key) u32 tmp_null_key; int rc; =20 + /* fast path */ + if (chip->null_key) { + *null_key =3D chip->null_key; + return 0; + } + rc =3D tpm2_load_context(chip, chip->null_key_context, &offset, &tmp_null_key); if (rc !=3D -EINVAL) { - if (!rc) + if (!rc) { + chip->null_key =3D tmp_null_key; *null_key =3D tmp_null_key; + } return rc; } dev_info(&chip->dev, "the null key has been reset\n"); @@ -870,6 +878,7 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 *n= ull_key) =20 /* Return the null key if the name has not been changed: */ if (memcmp(name, chip->null_key_name, sizeof(name)) =3D=3D 0) { + chip->null_key =3D tmp_null_key; *null_key =3D tmp_null_key; return 0; } @@ -940,7 +949,6 @@ int tpm2_start_auth_session(struct tpm_chip *chip) tpm_buf_append_u16(&buf, TPM_ALG_SHA256); =20 rc =3D tpm_transmit_cmd(chip, &buf, 0, "start auth session"); - tpm2_flush_context(chip, null_key); =20 if (rc =3D=3D TPM2_RC_SUCCESS) rc =3D tpm2_parse_start_auth_session(auth, &buf); @@ -1272,7 +1280,10 @@ static int tpm2_create_null_primary(struct tpm_chip = *chip) =20 rc =3D tpm2_save_context(chip, null_key, chip->null_key_context, sizeof(chip->null_key_context), &offset); - tpm2_flush_context(chip, null_key); + if (rc) + tpm2_flush_context(chip, null_key); + else + chip->null_key =3D null_key; } =20 if (rc < 0) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index e93ee8d936a9..4eb39db80e05 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -205,6 +205,8 @@ struct tpm_chip { #ifdef CONFIG_TCG_TPM2_HMAC /* details for communication security via sessions */ =20 + /* loaded null key */ + u32 null_key; /* saved context for NULL seed */ u8 null_key_context[TPM2_MAX_CONTEXT_SIZE]; /* name of NULL seed */ --=20 2.46.0 From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 564F7194C9E; Tue, 17 Sep 2024 15:45:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587914; cv=none; b=iCwMKeoCNQgYH2+dQQ/Ib2N7hCjALQknwD1tV77n38rMdaLpcu6SK/0ppra+HWg54dG62W3zhkuLuS+Dk8vwb8xyYaCzgeZcLSl4LW3WtohudbBQslienxqtkEZbLpZ37OkV540AsMcDGcthLtdUsQHo/Rb0iPNY8QnlzCzCVx4= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587914; c=relaxed/simple; bh=Xos4dszutuJzvowvGCXdRKVwKCAAXY14rh75RX4PjAQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=KGTm2KzfVlgxD6gyM8DjIiUp/N6E/xZanars4xFYy0KeMLRSEe+Q61HDblQFsVDBnOFd/ZWo9TU/MZ9WTmIDLPE6tf2eUB+H+thYJQszJUPzz4uw/5ve93O8h8jTDpWO8XlHUqN6PDVP9vkLGU2EVbvVcXaSJHWrKHCefeBMFRg= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=hF5iDZ2L; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="hF5iDZ2L" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 6F5C8C4CEC7; Tue, 17 Sep 2024 15:45:13 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587914; bh=Xos4dszutuJzvowvGCXdRKVwKCAAXY14rh75RX4PjAQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=hF5iDZ2LAnrczia5vsYdRtBkr77GheODd4LN4uoO4A+CA0sksNy8uXenOFHFKWNCb aEu9+9Q5pzAFMfduY2erZbX2xgeuh3/vKOEAu2ILUf4+8fSfyCc5IYJdgkDLGwtXvE QE3cqD3VmiY54nezug8DguTd0qL10wsKVMxq5qnpeEOzZrX0p2Pr/lkuCYdSaU0S9p ddW4S25uT8X3PByl/VuKmR97z46PEwxEz88Ej41EDBNEwCv9G0IIQLNPCLCjnDPXiv iLvGornctpdRNv4zNRlrd7UnZVhMHJvhkgX8wSa9nHkkFEWf/v5JxBuaax0iQ9YB6o E+QrTOorhEfCg== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 5/7] tpm: Allocate chip->auth in tpm2_start_auth_session() Date: Tue, 17 Sep 2024 18:44:34 +0300 Message-ID: <20240917154444.702370-6-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Move allocation of chip->auth to tpm2_start_auth_session() so that the field can be used as flag to tell whether auth session is active or not. Signed-off-by: Jarkko Sakkinen Tested-by: Pengyu Ma --- v3: - No changes. v2: - A new patch. --- drivers/char/tpm/tpm2-sessions.c | 43 +++++++++++++++++++------------- 1 file changed, 25 insertions(+), 18 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 5227bf6097a0..43b8e3576232 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -419,7 +419,8 @@ static void tpm2_KDFe(u8 z[EC_PT_SZ], const char *str, = u8 *pt_u, u8 *pt_v, sha256_final(&sctx, out); } =20 -static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip) +static void tpm_buf_append_salt(struct tpm_buf *buf, struct tpm_chip *chip, + struct tpm2_auth *auth) { struct crypto_kpp *kpp; struct kpp_request *req; @@ -478,7 +479,7 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, st= ruct tpm_chip *chip) sg_set_buf(&s[0], chip->null_ec_key_x, EC_PT_SZ); sg_set_buf(&s[1], chip->null_ec_key_y, EC_PT_SZ); kpp_request_set_input(req, s, EC_PT_SZ*2); - sg_init_one(d, chip->auth->salt, EC_PT_SZ); + sg_init_one(d, auth->salt, EC_PT_SZ); kpp_request_set_output(req, d, EC_PT_SZ); crypto_kpp_compute_shared_secret(req); kpp_request_free(req); @@ -489,8 +490,7 @@ static void tpm_buf_append_salt(struct tpm_buf *buf, st= ruct tpm_chip *chip) * This works because KDFe fully consumes the secret before it * writes the salt */ - tpm2_KDFe(chip->auth->salt, "SECRET", x, chip->null_ec_key_x, - chip->auth->salt); + tpm2_KDFe(auth->salt, "SECRET", x, chip->null_ec_key_x, auth->salt); =20 out: crypto_free_kpp(kpp); @@ -789,6 +789,8 @@ int tpm_buf_check_hmac_response(struct tpm_chip *chip, = struct tpm_buf *buf, /* manually close the session if it wasn't consumed */ tpm2_flush_context(chip, auth->handle); memzero_explicit(auth, sizeof(*auth)); + kfree(auth); + chip->auth =3D NULL; } else { /* reset for next use */ auth->session =3D TPM_HEADER_SIZE; @@ -817,6 +819,8 @@ void tpm2_end_auth_session(struct tpm_chip *chip) =20 tpm2_flush_context(chip, auth->handle); memzero_explicit(auth, sizeof(*auth)); + kfree(auth); + chip->auth =3D NULL; } EXPORT_SYMBOL(tpm2_end_auth_session); =20 @@ -904,25 +908,29 @@ static int tpm2_load_null(struct tpm_chip *chip, u32 = *null_key) */ int tpm2_start_auth_session(struct tpm_chip *chip) { + struct tpm2_auth *auth; struct tpm_buf buf; - struct tpm2_auth *auth =3D chip->auth; - int rc; u32 null_key; + int rc; =20 - if (!auth) { - dev_warn_once(&chip->dev, "auth session is not active\n"); + if (chip->auth) { + dev_warn_once(&chip->dev, "auth session is active\n"); return 0; } =20 + auth =3D kzalloc(sizeof(*auth), GFP_KERNEL); + if (!auth) + return -ENOMEM; + rc =3D tpm2_load_null(chip, &null_key); if (rc) - goto out; + goto err; =20 auth->session =3D TPM_HEADER_SIZE; =20 rc =3D tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_START_AUTH_SESS); if (rc) - goto out; + goto err; =20 /* salt key handle */ tpm_buf_append_u32(&buf, null_key); @@ -934,7 +942,7 @@ int tpm2_start_auth_session(struct tpm_chip *chip) tpm_buf_append(&buf, auth->our_nonce, sizeof(auth->our_nonce)); =20 /* append encrypted salt and squirrel away unencrypted in auth */ - tpm_buf_append_salt(&buf, chip); + tpm_buf_append_salt(&buf, chip, auth); /* session type (HMAC, audit or policy) */ tpm_buf_append_u8(&buf, TPM2_SE_HMAC); =20 @@ -955,10 +963,13 @@ int tpm2_start_auth_session(struct tpm_chip *chip) =20 tpm_buf_destroy(&buf); =20 - if (rc) - goto out; + if (rc =3D=3D TPM2_RC_SUCCESS) { + chip->auth =3D auth; + return 0; + } =20 - out: +err: + kfree(auth); return rc; } EXPORT_SYMBOL(tpm2_start_auth_session); @@ -1310,10 +1321,6 @@ int tpm2_sessions_init(struct tpm_chip *chip) if (rc) return rc; =20 - chip->auth =3D kmalloc(sizeof(*chip->auth), GFP_KERNEL); - if (!chip->auth) - return -ENOMEM; - return rc; } EXPORT_SYMBOL(tpm2_sessions_init); --=20 2.46.0 From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 739B4188A37; Tue, 17 Sep 2024 15:45:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587919; cv=none; b=P0cdgy9nd3U4unjln69ubJKj8yBlchNs5rV2an7z3DjpFKWCqiFu62LFwDTzmmvCDHPYcKb1f9/4PA6P4R5deozYIwcXtsU5ZI0txT29J2+a0wgcF/NPg8spUS5kBcKectzriVUbpjJMJ1hGNJcks+fOHPZ2dVP7XXJhyww/MWQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587919; c=relaxed/simple; bh=ierCK7VWxvo8wK6md4TR1uHJ+m5L2VbdufMWxne1uCA=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=lGtrpvzGG2sOzQxOOZNS0/yzm/BpaoN1uUG7QNTA3QCUos+8R9zBvAa3kBE7nwtnvOQMjhQiuiixTKHZxuI7Uke7f0b46TFJSltcrZxjOTL7BwS1lrvNkuH+rpNHI6SXBlE5PLVCVrc196kbPyHPPDq/f3+yj5gtRU3Dcmf5OCo= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=PrJh4aC1; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="PrJh4aC1" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 80299C4CEC5; Tue, 17 Sep 2024 15:45:18 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587919; bh=ierCK7VWxvo8wK6md4TR1uHJ+m5L2VbdufMWxne1uCA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=PrJh4aC16spska4hn1hVdh+hmAbymnIz/1CZozeUYlaPJhL2+N+MrD4vTVvHMLtXh uYjE4X2rMq1stohIGUCCxOr0LzKNKaBcxBNil/cocBKfZIqt3wPhUn30/GC60cXC0L 0LiZg2KMWtsNrxYp3LbI36F+Z4DYXz89V53ioc+P3xm+/+busembyoWql9rIKz66fa 09CKz24YCPivPJ8iLTLnaCxgvXzGRJMdxSd7X39FiYLBt303Jem+aI2/YuLbKcoUld 35QX4/k2A5OK2zXCrxALvYa6oHkaXAdYvK1Gh6RGsW9vtgCWsYyw0viU18u3YzDtcm GqcNQWwcOzWAw== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 6/7] tpm: flush the auth session only when /dev/tpm0 is open Date: Tue, 17 Sep 2024 18:44:35 +0300 Message-ID: <20240917154444.702370-7-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" Instead of flushing and reloading the auth session for every single transaction, keep the session open unless /dev/tpm0 is used. In practice this means applying TPM2_SA_CONTINUE_SESSION to the session attributes. Flush the session always when /dev/tpm0 is written. This reduces the number of TPM2_ContextLoad and TPM2_FlushContext commands Signed-off-by: Jarkko Sakkinen Tested-by: Pengyu Ma --- v3: - Refined the commit message. - Removed the conditional for applying TPM2_SA_CONTINUE_SESSION only when /dev/tpm0 is open. It is not required as the auth session is flushed, not saved. v2: - A new patch. --- drivers/char/tpm/tpm-chip.c | 1 + drivers/char/tpm/tpm-dev-common.c | 1 + drivers/char/tpm/tpm-interface.c | 1 + drivers/char/tpm/tpm2-sessions.c | 3 +++ 4 files changed, 6 insertions(+) diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 0ea00e32f575..7a6bb30d1f32 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -680,6 +680,7 @@ void tpm_chip_unregister(struct tpm_chip *chip) rc =3D tpm_try_get_ops(chip); if (!rc) { if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_end_auth_session(chip); tpm2_flush_context(chip, chip->null_key); chip->null_key =3D 0; } diff --git a/drivers/char/tpm/tpm-dev-common.c b/drivers/char/tpm/tpm-dev-c= ommon.c index 4bc07963e260..c6fdeb4feaef 100644 --- a/drivers/char/tpm/tpm-dev-common.c +++ b/drivers/char/tpm/tpm-dev-common.c @@ -29,6 +29,7 @@ static ssize_t tpm_dev_transmit(struct tpm_chip *chip, st= ruct tpm_space *space, =20 #ifdef CONFIG_TCG_TPM2_HMAC if (chip->flags & TPM_CHIP_FLAG_TPM2) { + tpm2_end_auth_session(chip); tpm2_flush_context(chip, chip->null_key); chip->null_key =3D 0; } diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interf= ace.c index bfa47d48b0f2..2363018fa8fb 100644 --- a/drivers/char/tpm/tpm-interface.c +++ b/drivers/char/tpm/tpm-interface.c @@ -381,6 +381,7 @@ int tpm_pm_suspend(struct device *dev) if (!rc) { if (chip->flags & TPM_CHIP_FLAG_TPM2) { #ifdef CONFIG_TCG_TPM2_HMAC + tpm2_end_auth_session(chip); tpm2_flush_context(chip, chip->null_key); chip->null_key =3D 0; #endif diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index 43b8e3576232..d240039d0849 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -268,6 +268,9 @@ void tpm_buf_append_hmac_session(struct tpm_chip *chip,= struct tpm_buf *buf, } =20 #ifdef CONFIG_TCG_TPM2_HMAC + /* The first write to /dev/tpm{rm0} will flush the session. */ + attributes |=3D TPM2_SA_CONTINUE_SESSION; + /* * The Architecture Guide requires us to strip trailing zeros * before computing the HMAC --=20 2.46.0 From nobody Fri Nov 29 16:36:28 2024 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id C516217BEC3; Tue, 17 Sep 2024 15:45:24 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587924; cv=none; b=qrVJoerGuHccKNYL7RWX8wXyyCzsokRwScxYkLV7ZCCK8SuNntuIr6BpNsYG4BgjeteyqOqbUwJdMUzAzzQIv74DkD0JNQK2DkGQVs48/2h0l5ZK+S4zsP23+h3GPvq2pLpeXiyZ2yoQ8ZXWfzIoKphBZFuCyELmg1s95JERd9g= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1726587924; c=relaxed/simple; bh=cogOvavHdY+bOLWky6a19ab7QS0R/kyUy+elvwMD+8A=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=cAzFliSBlsPFC0B880QJovT18JsLoA7ZKrGrspSiIiuGt8AZR+auMnOWOPyew9RB+2fOM5cdirnIRFxResH4tUWHoBzxvgXTwidR3JqFs42nVALCimhQ/EAPasSm1zLYYqJbHHhKoVcrET/vEdBkezPU2gojdfQqXxc6dyPOW9M= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=aAE0QSA5; arc=none smtp.client-ip=10.30.226.201 Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="aAE0QSA5" Received: by smtp.kernel.org (Postfix) with ESMTPSA id 78AECC4CEC5; Tue, 17 Sep 2024 15:45:23 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1726587924; bh=cogOvavHdY+bOLWky6a19ab7QS0R/kyUy+elvwMD+8A=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aAE0QSA5Q47KqSDJ8Urj7f8ny0MWEE0E9/KopCBWe2vv2QFiu9HoZEb84kgXSrcxr XH0Ifng2shmQwEI+UCariZONqHLEb+r3iJNJXqgx9imPz0OigdJ2GytObiNl4uxsaf NoUsI/F+dYXPXGxHy42BWUQqZ5QaD1LpA9okGUEKpfXSi8IBGiXz20zC01i5+I23uM rcgPV4ncPHqHjBfIR76Oow3lA7W39VATlgpCUb+Iddt1UV/kJnmVydS0/tgddq5o47 DIdXPm3G76l53S4ldCfRGFLXC1qFg44A1PO0SEQSBaEJs1VNc+7647VAPh54bCos73 oiIxOUkEEs/Qw== From: Jarkko Sakkinen To: linux-integrity@vger.kernel.org Cc: James.Bottomley@HansenPartnership.com, roberto.sassu@huawei.com, mapengyu@gmail.com, Jarkko Sakkinen , Mimi Zohar , David Howells , Paul Moore , James Morris , "Serge E. Hallyn" , keyrings@vger.kernel.org, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v3 7/7] tpm: open code tpm2_create_null_primary() Date: Tue, 17 Sep 2024 18:44:36 +0300 Message-ID: <20240917154444.702370-8-jarkko@kernel.org> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20240917154444.702370-1-jarkko@kernel.org> References: <20240917154444.702370-1-jarkko@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" As tpm2_sessions_init() has been shrunk only as a single and only call site for tpm2_create_null_primary(), open code it to the call site. Signed-off-by: Jarkko Sakkinen Tested-by: Pengyu Ma --- v3: - A new patch. --- drivers/char/tpm/tpm2-sessions.c | 26 +++++++------------------- 1 file changed, 7 insertions(+), 19 deletions(-) diff --git a/drivers/char/tpm/tpm2-sessions.c b/drivers/char/tpm/tpm2-sessi= ons.c index d240039d0849..72c83eb3f665 100644 --- a/drivers/char/tpm/tpm2-sessions.c +++ b/drivers/char/tpm/tpm2-sessions.c @@ -1281,7 +1281,13 @@ static int tpm2_create_primary(struct tpm_chip *chip= , u32 hierarchy, return rc; } =20 -static int tpm2_create_null_primary(struct tpm_chip *chip) +/** + * tpm2_sessions_init() - Initialize the null keypair for authenticated se= ssions + * @chip: a &tpm_chip instance + * + * Return: 0 on success and -ENODEV on failure. + */ +int tpm2_sessions_init(struct tpm_chip *chip) { u32 null_key; int rc; @@ -1308,23 +1314,5 @@ static int tpm2_create_null_primary(struct tpm_chip = *chip) /* Map all errors to -ENODEV: */ return rc ? -ENODEV : rc; } - -/** - * tpm2_sessions_init() - start of day initialization for the sessions code - * @chip: TPM chip - * - * Derive and context save the null primary and allocate memory in the - * struct tpm_chip for the authorizations. - */ -int tpm2_sessions_init(struct tpm_chip *chip) -{ - int rc; - - rc =3D tpm2_create_null_primary(chip); - if (rc) - return rc; - - return rc; -} EXPORT_SYMBOL(tpm2_sessions_init); #endif /* CONFIG_TCG_TPM2_HMAC */ --=20 2.46.0