'Re: [PATCH v2 01/10] tpm: Add support for in-kernel resetting of PCRs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-integrity
Subject:    Re: [PATCH v2 01/10] tpm: Add support for in-kernel resetting of PCRs
From:       Jarkko Sakkinen <jarkko () kernel ! org>
Date:       2022-08-26 2:59:49
Message-ID: Ywg3JZrWmRjvr/7f () kernel ! org
[Download RAW message or body]

On Tue, Aug 23, 2022 at 03:25:17PM -0700, Evan Green wrote:
> From: Matthew Garrett <matthewgarrett@google.com>
> 
> Add an internal command for resetting a PCR. This will be used by the
> encrypted hibernation code to set PCR23 to a known value. The
> hibernation code will seal the hibernation key with a policy specifying
> PCR23 be set to this known value as a mechanism to ensure that the
> hibernation key is genuine. But to do this repeatedly, resetting the PCR
> is necessary as well.
> 
> From: Matthew Garrett <mjg59@google.com>

This is probably here by mistake.

> Signed-off-by: Matthew Garrett <mjg59@google.com>
> 

No empty line here.

> Signed-off-by: Evan Green <evgreen@chromium.org>
> ---
> Matthew's original version of this patch was at:
> https://patchwork.kernel.org/patch/12096487/
> 
> (no changes since v1)
> 
>  drivers/char/tpm/tpm-interface.c | 28 +++++++++++++++++++++++++
>  drivers/char/tpm/tpm.h           |  2 ++
>  drivers/char/tpm/tpm1-cmd.c      | 34 ++++++++++++++++++++++++++++++
>  drivers/char/tpm/tpm2-cmd.c      | 36 ++++++++++++++++++++++++++++++++
>  include/linux/tpm.h              |  7 +++++++
>  5 files changed, 107 insertions(+)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 1621ce8187052c..17b8643ee109c2 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -342,6 +342,34 @@ int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
>  }
>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>  
> +/**
> + * tpm_pcr_reset - reset the specified PCR
> + * @chip:	a &struct tpm_chip instance, %NULL for the default chip
> + * @pcr_idx:	the PCR to be reset
> + *
> + * Return: same as with tpm_transmit_cmd()
> + */
> +int tpm_pcr_reset(struct tpm_chip *chip, u32 pcr_idx)
> +{
> +	int rc;
> +
> +	chip = tpm_find_get_ops(chip);
> +	if (!chip)
> +		return -ENODEV;
> +
> +	if (chip->flags & TPM_CHIP_FLAG_TPM2) {
> +		rc = tpm2_pcr_reset(chip, pcr_idx);
> +		goto out;
> +	}
> +
> +	rc = tpm1_pcr_reset(chip, pcr_idx, "attempting to reset a PCR");
> +
> +out:
> +	tpm_put_ops(chip);

        if (chip->flags & TPM_CHIP_FLAG_TPM2)
                rc = tpm2_pcr_reset(chip, pcr_idx);
        else
                rc = tpm1_pcr_reset(chip, pcr_idx, "attempting to reset a PCR");

Where does this asymmetry come with the parameters?

BR, Jarkko
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic