[v8] Streamline TPM2 HMAC sessions

[PATCH v8 00/12] Streamline TPM2 HMAC sessions

Jarkko Sakkinen posted 12 patches 11 hours ago

Diff against v1 v2 v3 v4 v5 v6 v7
Download series mbox

drivers/char/tpm/tpm-buf.c                | 156 ++++-----
drivers/char/tpm/tpm-interface.c          | 145 ++++++++-
drivers/char/tpm/tpm-sysfs.c              |  23 +-
drivers/char/tpm/tpm.h                    |   3 -
drivers/char/tpm/tpm1-cmd.c               | 198 ++++--------
drivers/char/tpm/tpm2-cmd.c               | 371 +++++++---------------
drivers/char/tpm/tpm2-sessions.c          | 281 +++++++---------
drivers/char/tpm/tpm2-space.c             |  44 ++-
drivers/char/tpm/tpm_vtpm_proxy.c         |  30 +-
include/linux/tpm.h                       |  77 +++--
security/keys/trusted-keys/trusted_tpm1.c |  70 ++--
security/keys/trusted-keys/trusted_tpm2.c | 329 ++++++++++---------
12 files changed, 783 insertions(+), 944 deletions(-)

Expand all Fold all

[PATCH v8 00/12] Streamline TPM2 HMAC sessions

Posted by Jarkko Sakkinen 11 hours ago

This patch set contains accumulated patches, which gradually improve 
TPM2 HMAC session management and TPM driver memory management.

RNG test
========

I run this test both TPM1 and TPM2 chips using QEMU and swtpm:

#!/bin/sh

ctrl_c() {
  set +e
  echo 0 > tracing_on
  echo nop > current_tracer
  echo BYE
  exit
}

trap ctrl_c EXIT INT
mount -t tracefs none /sys/kernel/tracing

set -e
cd /sys/kernel/tracing
echo function > current_tracer
echo p:tpm_get_random tpm_get_random > kprobe_events
echo tpm_get_random > set_ftrace_filter
echo 1 > tracing_on
cat /dev/hwrng > /dev/null &
echo > trace
cat trace_pipe &
sleep 10

Change Log
==========

v8:
- Patch was a bit out-of-sync after piling new stuff. Now it is somewhat
  sane: RNG patches first, then tpm2-sessions and finally managed
  tpm_buf allocations.
- I added inline comment on explaining why unconditional sha256_update()
  call is safe to do when managing only single authorization handle. 
v7:
- Updated cover letter to match better the current state of the patch
  set.
v6:
- OK, so I decided to send one more update with managed allocations
  moved to the tail so that it does not block reviewing more trivial
  patches.
- Trimmed some of the patches and improved commit messages.
v5:
- I decided to add the managed allocation patch to this and take it from
  the master branch for the time being, as it needs more eyes despite
  having already one reviewed-by tag (especially tested-by tags).

Jarkko Sakkinen (12):
  KEYS: trusted: Use get_random-fallback for TPM
  KEYS: trusted: Use get_random_bytes_wait() instead of tpm_get_random()
  tpm: Orchestrate TPM commands in tpm_get_random()
  tpm: Change tpm_get_random() opportunistic
  tpm2-sessions: Define TPM2_NAME_MAX_SIZE
  KEYS: trusted: Open code tpm2_buf_append()
  KEYS: trusted: Remove dead branch from tpm2_unseal_cmd
  KEYS: trusted: Re-orchestrate tpm2_read_public() calls
  tpm2-sessions: Remove the support for more than one authorization
  tpm-buf: Remove tpm_buf_append_handle
  tpm-buf: Merge TPM_BUF_BOUNDARY_ERROR and TPM_BUF_OVERFLOW
  tpm-buf: Implement managed allocations

 drivers/char/tpm/tpm-buf.c                | 156 ++++-----
 drivers/char/tpm/tpm-interface.c          | 145 ++++++++-
 drivers/char/tpm/tpm-sysfs.c              |  23 +-
 drivers/char/tpm/tpm.h                    |   3 -
 drivers/char/tpm/tpm1-cmd.c               | 198 ++++--------
 drivers/char/tpm/tpm2-cmd.c               | 371 +++++++---------------
 drivers/char/tpm/tpm2-sessions.c          | 281 +++++++---------
 drivers/char/tpm/tpm2-space.c             |  44 ++-
 drivers/char/tpm/tpm_vtpm_proxy.c         |  30 +-
 include/linux/tpm.h                       |  77 +++--
 security/keys/trusted-keys/trusted_tpm1.c |  70 ++--
 security/keys/trusted-keys/trusted_tpm2.c | 329 ++++++++++---------
 12 files changed, 783 insertions(+), 944 deletions(-)

-- 
2.39.5