'Re: [TrouSerS-tech] [tpmdd-devel] [PATCH v8 6/8] tpm: TPM 2.0 baseline support'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       trousers-tech
Subject:    Re: [TrouSerS-tech] [tpmdd-devel] [PATCH v8 6/8] tpm: TPM 2.0 baseline support
From:       peterhuewe () gmx ! de
Date:       2014-12-08 16:18:06
Message-ID: 279e9a5e-05a9-4826-ada1-899fdcd11cea () email ! android ! com
[Download RAW message or body]

Hi 

On 8. Dezember 2014 14:56:15 MEZ, Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> \
wrote:
> On Fri, Dec 05, 2014 at 12:13:18AM +0100, Peter Hüwe wrote:
> > Am Mittwoch, 3. Dezember 2014, 03:28:35 schrieb Stefan Berger:
> > > On 12/02/2014 05:31 PM, Jarkko Sakkinen wrote:
> > > > +
> > > > +/**
> > > > + * tpm2_startup() - send startup command to the TPM chip
> > > > + * @chip:		TPM chip to use.
> > > > + * @startup_type	startup type. The value is either
> > > > + *			TPM_SU_CLEAR or TPM_SU_STATE.
> > > > + *
> > > > + * 0 is returned when the operation is successful. If a negative
> number
> > > > is + * returned it remarks a POSIX error code. If a positive
> number is
> > > > returned + * it remarks a TPM error.
> > > > + */
> > > > +int tpm2_startup(struct tpm_chip *chip, __be16 startup_type)
> > > > +{
> > > > +	struct tpm2_cmd cmd;
> > > > +
> > > > +	cmd.header.in = tpm2_startup_header;
> > > > +
> > > > +	cmd.params.startup_in.startup_type = startup_type;
> > > > +	return tpm_transmit_cmd(chip, &cmd, sizeof(cmd),
> > > > +				"attempting to start the TPM");
> > > > +}
> > > 
> > > I suppose you need to send this command because your firmware does
> not
> > > do it ?Following TPM1.2 I guess the BIOS / UEFI should send this
> instead
> > > and sending it later would actually be wrong. Hm, I don't find from
> > > where you are calling this... do you need it ? Can you remove it?
> > > 
> > > Stefan
> > 
> > Hi,
> > 
> > I think it would be good to send a TPM2_Startup if the TPM sends a 
> > TPM_RC_INITIALIZE (0x100) - so it becomes atleast usable.
> > Of course the BIOS/UEFI/Firmware should send the TPM2_Startup, but if
> there is 
> > no such thing, I would prefer Linux to do it, rather than nobody.
> > (analog: This was done for embedded platforms with TPM1.2).
> > 
> > In the current situation (v9) it is not possible to use the TPM2 on a
> machine 
> > without bios integration. :( (so I cannot test here :( )
> 
> Should the place be if sending self-test fails? I think the type should
> be TPM2_SU_CLEAR. Do you agree?
> 

Yes. If the first command returns "invalid post init" or whatever it is called in \
tpm20 speech the driver should send the startup clear.


Not sure if we should send a startup state in the resume case (like on tpm1.2)

And also it might make sense to send a tpm_shutdown? (If we aren't already) I think \
even on a machine with bios integration we have to send this?


> All other issues are now fixed except this and STS3 bit issue that I 
> look for next. In my github there is tpm2-v10 branch now with fixes
> on top. I squash the fixes right after these two remaining issues are
> fixed.
> 
> > Peter
> 
> /Jarkko

Peter
-- 
Sent from my mobile.

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
TrouSerS-tech mailing list
TrouSerS-tech@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/trousers-tech


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic