2020-06-25 02:33:51

by Jarkko Sakkinen

[permalink] [raw]
Subject: [PATCH v2] tpm_tis: Remove the HID IFX0102

Acer C720 running Linux v5.3 reports this in klog:

tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
tpm tpm0: tpm_try_transmit: send(): error -5
tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
tpm_tis tpm_tis: Could not get TPM timeouts and durations
tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
tpm tpm0: tpm_try_transmit: send(): error -5
tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
tpm_tis 00:08: Could not get TPM timeouts and durations
ima: No TPM chip found, activating TPM-bypass!
tpm_inf_pnp 00:08: Found TPM with ID IFX0102

% git --no-pager grep IFX0102 drivers/char/tpm
drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */

Obviously IFX0102 was added to the HID table for the TCG TIS driver by
mistake.

Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
Cc: Kylene Jo Hall <[email protected]>
Reported-by: Ferry Toth: <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
---
v2:
git diff -R HEAD~1 -- drivers/char/tpm/tpm2-space.c | patch -p1
git diff -R HEAD~1 -- include/linux/tpm.h | patch -p1
drivers/char/tpm/tpm_tis.c | 1 -
1 file changed, 1 deletion(-)

diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c
index e7df342a317d..c58ea10fc92f 100644
--- a/drivers/char/tpm/tpm_tis.c
+++ b/drivers/char/tpm/tpm_tis.c
@@ -238,7 +238,6 @@ static int tpm_tis_pnp_init(struct pnp_dev *pnp_dev,
static struct pnp_device_id tpm_pnp_tbl[] = {
{"PNP0C31", 0}, /* TPM */
{"ATM1200", 0}, /* Atmel */
- {"IFX0102", 0}, /* Infineon */
{"BCM0101", 0}, /* Broadcom */
{"BCM0102", 0}, /* Broadcom */
{"NSC1200", 0}, /* National */
--
2.25.1


2020-06-25 06:41:23

by Jerry Snitselaar

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Thu Jun 25 20, Jarkko Sakkinen wrote:
>Acer C720 running Linux v5.3 reports this in klog:
>
>tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
>tpm tpm0: tpm_try_transmit: send(): error -5
>tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
>tpm_tis tpm_tis: Could not get TPM timeouts and durations
>tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
>tpm tpm0: tpm_try_transmit: send(): error -5
>tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
>tpm_tis 00:08: Could not get TPM timeouts and durations
>ima: No TPM chip found, activating TPM-bypass!
>tpm_inf_pnp 00:08: Found TPM with ID IFX0102
>
>% git --no-pager grep IFX0102 drivers/char/tpm
>drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
>drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
>
>Obviously IFX0102 was added to the HID table for the TCG TIS driver by
>mistake.
>
>Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
>Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
>Cc: Kylene Jo Hall <[email protected]>
>Reported-by: Ferry Toth: <[email protected]>
>Signed-off-by: Jarkko Sakkinen <[email protected]>

Reviewed-by: Jerry Snitselaar <[email protected]>

2020-06-25 23:35:47

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
> On Thu Jun 25 20, Jarkko Sakkinen wrote:
> > Acer C720 running Linux v5.3 reports this in klog:
> >
> > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
> > tpm tpm0: tpm_try_transmit: send(): error -5
> > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
> > tpm_tis tpm_tis: Could not get TPM timeouts and durations
> > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
> > tpm tpm0: tpm_try_transmit: send(): error -5
> > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
> > tpm_tis 00:08: Could not get TPM timeouts and durations
> > ima: No TPM chip found, activating TPM-bypass!
> > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
> >
> > % git --no-pager grep IFX0102 drivers/char/tpm
> > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> >
> > Obviously IFX0102 was added to the HID table for the TCG TIS driver by
> > mistake.
> >
> > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
> > Cc: Kylene Jo Hall <[email protected]>
> > Reported-by: Ferry Toth: <[email protected]>
> > Signed-off-by: Jarkko Sakkinen <[email protected]>
>
> Reviewed-by: Jerry Snitselaar <[email protected]>

Bugzilla has an example of similar behavior with v4.15. I'll apply this
asap.

/Jarkko

2020-06-25 23:37:42

by Jerry Snitselaar

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Fri Jun 26 20, Jarkko Sakkinen wrote:
>On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
>> On Thu Jun 25 20, Jarkko Sakkinen wrote:
>> > Acer C720 running Linux v5.3 reports this in klog:
>> >
>> > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
>> > tpm tpm0: tpm_try_transmit: send(): error -5
>> > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
>> > tpm_tis tpm_tis: Could not get TPM timeouts and durations
>> > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
>> > tpm tpm0: tpm_try_transmit: send(): error -5
>> > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
>> > tpm_tis 00:08: Could not get TPM timeouts and durations
>> > ima: No TPM chip found, activating TPM-bypass!
>> > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
>> >
>> > % git --no-pager grep IFX0102 drivers/char/tpm
>> > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
>> > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
>> >
>> > Obviously IFX0102 was added to the HID table for the TCG TIS driver by
>> > mistake.
>> >
>> > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
>> > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
>> > Cc: Kylene Jo Hall <[email protected]>
>> > Reported-by: Ferry Toth: <[email protected]>
>> > Signed-off-by: Jarkko Sakkinen <[email protected]>
>>
>> Reviewed-by: Jerry Snitselaar <[email protected]>
>
>Bugzilla has an example of similar behavior with v4.15. I'll apply this
>asap.
>
>/Jarkko
>

Any idea what happened to git.infradead.org? It was offline the other day,
and at the moment not all repos from before seem to be there.

2020-06-25 23:38:35

by James Bottomley

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Thu, 2020-06-25 at 14:19 -0700, Jerry Snitselaar wrote:
> On Fri Jun 26 20, Jarkko Sakkinen wrote:
> > On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
> > > On Thu Jun 25 20, Jarkko Sakkinen wrote:
> > > > Acer C720 running Linux v5.3 reports this in klog:
> > > >
> > > > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the
> > > > timeouts
> > > > tpm_tis tpm_tis: Could not get TPM timeouts and durations
> > > > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the
> > > > timeouts
> > > > tpm_tis 00:08: Could not get TPM timeouts and durations
> > > > ima: No TPM chip found, activating TPM-bypass!
> > > > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
> > > >
> > > > % git --no-pager grep IFX0102 drivers/char/tpm
> > > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0},
> > > > /* Infineon */
> > > >
> > > > Obviously IFX0102 was added to the HID table for the TCG TIS
> > > > driver by
> > > > mistake.
> > > >
> > > > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
> > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
> > > > Cc: Kylene Jo Hall <[email protected]>
> > > > Reported-by: Ferry Toth: <[email protected]>
> > > > Signed-off-by: Jarkko Sakkinen <[email protected]
> > > > >
> > >
> > > Reviewed-by: Jerry Snitselaar <[email protected]>
> >
> > Bugzilla has an example of similar behavior with v4.15. I'll apply
> > this asap.
> >
> > /Jarkko
> >
>
> Any idea what happened to git.infradead.org? It was offline the other
> day, and at the moment not all repos from before seem to be there.

Infradead has been playing up for a while on other things (non git
services I use).

Perhaps it's time to get a kernel.org repository ...

James

2020-06-26 13:09:53

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Thu, Jun 25, 2020 at 02:19:23PM -0700, Jerry Snitselaar wrote:
> On Fri Jun 26 20, Jarkko Sakkinen wrote:
> > On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
> > > On Thu Jun 25 20, Jarkko Sakkinen wrote:
> > > > Acer C720 running Linux v5.3 reports this in klog:
> > > >
> > > > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
> > > > tpm_tis tpm_tis: Could not get TPM timeouts and durations
> > > > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
> > > > tpm_tis 00:08: Could not get TPM timeouts and durations
> > > > ima: No TPM chip found, activating TPM-bypass!
> > > > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
> > > >
> > > > % git --no-pager grep IFX0102 drivers/char/tpm
> > > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> > > >
> > > > Obviously IFX0102 was added to the HID table for the TCG TIS driver by
> > > > mistake.
> > > >
> > > > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
> > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
> > > > Cc: Kylene Jo Hall <[email protected]>
> > > > Reported-by: Ferry Toth: <[email protected]>
> > > > Signed-off-by: Jarkko Sakkinen <[email protected]>
> > >
> > > Reviewed-by: Jerry Snitselaar <[email protected]>
> >
> > Bugzilla has an example of similar behavior with v4.15. I'll apply this
> > asap.
> >
> > /Jarkko
> >
>
> Any idea what happened to git.infradead.org? It was offline the other day,
> and at the moment not all repos from before seem to be there.

Now the kernel tree is back online.

/Jarkko

2020-06-26 13:16:29

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Thu, Jun 25, 2020 at 02:23:59PM -0700, James Bottomley wrote:
> On Thu, 2020-06-25 at 14:19 -0700, Jerry Snitselaar wrote:
> > On Fri Jun 26 20, Jarkko Sakkinen wrote:
> > > On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
> > > > On Thu Jun 25 20, Jarkko Sakkinen wrote:
> > > > > Acer C720 running Linux v5.3 reports this in klog:
> > > > >
> > > > > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the
> > > > > timeouts
> > > > > tpm_tis tpm_tis: Could not get TPM timeouts and durations
> > > > > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the
> > > > > timeouts
> > > > > tpm_tis 00:08: Could not get TPM timeouts and durations
> > > > > ima: No TPM chip found, activating TPM-bypass!
> > > > > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
> > > > >
> > > > > % git --no-pager grep IFX0102 drivers/char/tpm
> > > > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > > > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0},
> > > > > /* Infineon */
> > > > >
> > > > > Obviously IFX0102 was added to the HID table for the TCG TIS
> > > > > driver by
> > > > > mistake.
> > > > >
> > > > > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
> > > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
> > > > > Cc: Kylene Jo Hall <[email protected]>
> > > > > Reported-by: Ferry Toth: <[email protected]>
> > > > > Signed-off-by: Jarkko Sakkinen <[email protected]
> > > > > >
> > > >
> > > > Reviewed-by: Jerry Snitselaar <[email protected]>
> > >
> > > Bugzilla has an example of similar behavior with v4.15. I'll apply
> > > this asap.
> > >
> > > /Jarkko
> > >
> >
> > Any idea what happened to git.infradead.org? It was offline the other
> > day, and at the moment not all repos from before seem to be there.
>
> Infradead has been playing up for a while on other things (non git
> services I use).
>
> Perhaps it's time to get a kernel.org repository ...

I have an obstacle with that.

I lost my previous PGP key a year ago and created a new one, which is
not trusted yet by anyone [*]. I've backed this up now and have it
stored inside Nitrokey Pro 2 in order to prevent this happening again.

Now the problem is that in order to get a kernel.org account, I need
to be in the web of trust of the kernel maintainers.

I can request an accunt only after I see face to face another kernel
maintainers, so that I can proof that I am I.

[*] http://keys.gnupg.net/pks/lookup?op=get&search=0x3AB05486C7752FE1

/Jarkko

2020-06-26 16:18:31

by James Bottomley

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Fri, 2020-06-26 at 16:15 +0300, Jarkko Sakkinen wrote:
> I have an obstacle with that.
>
> I lost my previous PGP key a year ago and created a new one, which is
> not trusted yet by anyone [*]. I've backed this up now and have it
> stored inside Nitrokey Pro 2 in order to prevent this happening
> again.

I wouldn't do that. If the nitro key gets lost or breaks, you'll be in
the same position. Best practice is to have your key offline somewhere
in a secure vault (like an encrypted USB key in a bank vault) so you
can restore in case of loss and then present inside a token (so I use
the TPM2 for mine).

> Now the problem is that in order to get a kernel.org account, I need
> to be in the web of trust of the kernel maintainers.
>
> I can request an accunt only after I see face to face another kernel
> maintainers, so that I can proof that I am I.
>
> [*] http://keys.gnupg.net/pks/lookup?op=get&search=0x3AB05486C7752FE1

Well, I would sign this and send it back to you, except I can't. The
verification procedures require an encrypted email and you don't have a
working encryption key:

gpg --export -a 3AB05486C7752FE1 | gpg --encrypt -r 3AB05486C7752FE1 -a --output 3AB05486C7752FE1.gpg
gpg: 3AB05486C7752FE1: skipped: Unusable public key
gpg: [stdin]: encryption failed: Unusable public key

The reason is your main key is certification only (as is should be):

pub rsa4096/3AB05486C7752FE1
created: 2019-06-24 expires: 2023-06-24 usage: C
trust: unknown validity: full

but your only encryption subkey is revoked:

sub rsa2048/3A4EC6E56FDD3158
created: 2019-06-25 revoked: 2019-10-22 usage: E

You seem to have only one unrevoked, unexpired subkey which is an
authentication one, so you wouldn't even be able to sign with that key:

sub rsa2048/962F0565523E5DC5
created: 2019-06-26 expires: 2021-06-25 usage: A

James

2020-06-30 20:57:15

by Jerry Snitselaar

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Fri Jun 26 20, Jarkko Sakkinen wrote:
>On Thu, Jun 25, 2020 at 02:19:23PM -0700, Jerry Snitselaar wrote:
>> On Fri Jun 26 20, Jarkko Sakkinen wrote:
>> > On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
>> > > On Thu Jun 25 20, Jarkko Sakkinen wrote:
>> > > > Acer C720 running Linux v5.3 reports this in klog:
>> > > >
>> > > > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
>> > > > tpm tpm0: tpm_try_transmit: send(): error -5
>> > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
>> > > > tpm_tis tpm_tis: Could not get TPM timeouts and durations
>> > > > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
>> > > > tpm tpm0: tpm_try_transmit: send(): error -5
>> > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
>> > > > tpm_tis 00:08: Could not get TPM timeouts and durations
>> > > > ima: No TPM chip found, activating TPM-bypass!
>> > > > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
>> > > >
>> > > > % git --no-pager grep IFX0102 drivers/char/tpm
>> > > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
>> > > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
>> > > >
>> > > > Obviously IFX0102 was added to the HID table for the TCG TIS driver by
>> > > > mistake.
>> > > >
>> > > > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
>> > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
>> > > > Cc: Kylene Jo Hall <[email protected]>
>> > > > Reported-by: Ferry Toth: <[email protected]>
>> > > > Signed-off-by: Jarkko Sakkinen <[email protected]>
>> > >
>> > > Reviewed-by: Jerry Snitselaar <[email protected]>
>> >
>> > Bugzilla has an example of similar behavior with v4.15. I'll apply this
>> > asap.
>> >
>> > /Jarkko
>> >
>>
>> Any idea what happened to git.infradead.org? It was offline the other day,
>> and at the moment not all repos from before seem to be there.
>
>Now the kernel tree is back online.
>
>/Jarkko
>

Hi Jarkko, I still see your linux-tpmdd repository as not being online:

git remote show tpmdd
fatal: remote error: access denied or repository not exported: /users/jjs/linux-tpmdd.git

Regards,
Jerry

2020-07-02 23:38:45

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Fri, Jun 26, 2020 at 07:36:31AM -0700, James Bottomley wrote:
> On Fri, 2020-06-26 at 16:15 +0300, Jarkko Sakkinen wrote:
> > I have an obstacle with that.
> >
> > I lost my previous PGP key a year ago and created a new one, which is
> > not trusted yet by anyone [*]. I've backed this up now and have it
> > stored inside Nitrokey Pro 2 in order to prevent this happening
> > again.
>
> I wouldn't do that. If the nitro key gets lost or breaks, you'll be in
> the same position. Best practice is to have your key offline somewhere
> in a secure vault (like an encrypted USB key in a bank vault) so you
> can restore in case of loss and then present inside a token (so I use
> the TPM2 for mine).

I have a backup too.

>
> > Now the problem is that in order to get a kernel.org account, I need
> > to be in the web of trust of the kernel maintainers.
> >
> > I can request an accunt only after I see face to face another kernel
> > maintainers, so that I can proof that I am I.
> >
> > [*] http://keys.gnupg.net/pks/lookup?op=get&search=0x3AB05486C7752FE1
>
> Well, I would sign this and send it back to you, except I can't. The
> verification procedures require an encrypted email and you don't have a
> working encryption key:
>
> gpg --export -a 3AB05486C7752FE1 | gpg --encrypt -r 3AB05486C7752FE1 -a --output 3AB05486C7752FE1.gpg
> gpg: 3AB05486C7752FE1: skipped: Unusable public key
> gpg: [stdin]: encryption failed: Unusable public key
>
> The reason is your main key is certification only (as is should be):
>
> pub rsa4096/3AB05486C7752FE1
> created: 2019-06-24 expires: 2023-06-24 usage: C
> trust: unknown validity: full
>
> but your only encryption subkey is revoked:
>
> sub rsa2048/3A4EC6E56FDD3158
> created: 2019-06-25 revoked: 2019-10-22 usage: E
>
> You seem to have only one unrevoked, unexpired subkey which is an
> authentication one, so you wouldn't even be able to sign with that key:
>
> sub rsa2048/962F0565523E5DC5
> created: 2019-06-26 expires: 2021-06-25 usage: A
>
> James
>

pub rsa4096 2019-06-24 [C] [expires: 2023-06-24]
5107E66D34788A93E3227C903AB05486C7752FE1
uid [ultimate] Jarkko Sakkinen <[email protected]>
uid [ultimate] Jarkko Sakkinen
<[email protected]>
sub ed25519 2019-06-25 [S] [expires: 2021-06-24]
sub rsa2048 2019-06-26 [A] [expires: 2021-06-25]

There's also a signing key.

/Jarkko

2020-07-02 23:41:24

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Tue, Jun 30, 2020 at 12:15:15PM -0700, Jerry Snitselaar wrote:
> On Fri Jun 26 20, Jarkko Sakkinen wrote:
> > On Thu, Jun 25, 2020 at 02:19:23PM -0700, Jerry Snitselaar wrote:
> > > On Fri Jun 26 20, Jarkko Sakkinen wrote:
> > > > On Wed, Jun 24, 2020 at 11:21:50PM -0700, Jerry Snitselaar wrote:
> > > > > On Thu Jun 25 20, Jarkko Sakkinen wrote:
> > > > > > Acer C720 running Linux v5.3 reports this in klog:
> > > > > >
> > > > > > tpm_tis: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
> > > > > > tpm_tis tpm_tis: Could not get TPM timeouts and durations
> > > > > > tpm_tis 00:08: 1.2 TPM (device-id 0xB, rev-id 16)
> > > > > > tpm tpm0: tpm_try_transmit: send(): error -5
> > > > > > tpm tpm0: A TPM error (-5) occurred attempting to determine the timeouts
> > > > > > tpm_tis 00:08: Could not get TPM timeouts and durations
> > > > > > ima: No TPM chip found, activating TPM-bypass!
> > > > > > tpm_inf_pnp 00:08: Found TPM with ID IFX0102
> > > > > >
> > > > > > % git --no-pager grep IFX0102 drivers/char/tpm
> > > > > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > > > > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> > > > > >
> > > > > > Obviously IFX0102 was added to the HID table for the TCG TIS driver by
> > > > > > mistake.
> > > > > >
> > > > > > Fixes: 93e1b7d42e1e ("[PATCH] tpm: add HID module parameter")
> > > > > > Link: https://bugzilla.kernel.org/show_bug.cgi?id=203877
> > > > > > Cc: Kylene Jo Hall <[email protected]>
> > > > > > Reported-by: Ferry Toth: <[email protected]>
> > > > > > Signed-off-by: Jarkko Sakkinen <[email protected]>
> > > > >
> > > > > Reviewed-by: Jerry Snitselaar <[email protected]>
> > > >
> > > > Bugzilla has an example of similar behavior with v4.15. I'll apply this
> > > > asap.
> > > >
> > > > /Jarkko
> > > >
> > >
> > > Any idea what happened to git.infradead.org? It was offline the other day,
> > > and at the moment not all repos from before seem to be there.
> >
> > Now the kernel tree is back online.
> >
> > /Jarkko
> >
>
> Hi Jarkko, I still see your linux-tpmdd repository as not being online:
>
> git remote show tpmdd
> fatal: remote error: access denied or repository not exported: /users/jjs/linux-tpmdd.git
>
> Regards,
> Jerry

It's now fixed and back online again.

/Jarkko

2020-07-06 11:49:49

by Peter Huewe

[permalink] [raw]
Subject: RE: [PATCH v2] tpm_tis: Remove the HID IFX0102

Hi,
NACK

> % git --no-pager grep IFX0102 drivers/char/tpm
> drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> Obviously IFX0102 was added to the HID table for the TCG TIS driver by mistake.

The HID IFX0102 was NOT added by mistake.
Let me explain the history a bit:

Old SLB 9635 / 9630 TPMs had two ways to interface them
- proprietary 'io' mapped protocol (tpm_infineon)
- tis protocol (tpm_tis)

Both match the same HID.
However with the emerging of the tis protocol, the io protocol eventually went away for newer products.
So all TPM1.2 by IFX match the HID0102 and the TCG generic ones PNP0C31

So basically you break TPM1.2 support for all (newer) Infineon chips if the platform vendor used the IFX0102 HID as they would speak via tpm_infineon driver.
The bug must be something different, especially as it only seems to happen after suspend resume.


Thanks,
Peter

2020-07-06 14:01:33

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Mon, Jul 06, 2020 at 11:46:46AM +0000, [email protected] wrote:
> Hi,
> NACK
>
> > % git --no-pager grep IFX0102 drivers/char/tpm
> > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> > Obviously IFX0102 was added to the HID table for the TCG TIS driver by mistake.
>
> The HID IFX0102 was NOT added by mistake.
> Let me explain the history a bit:
>
> Old SLB 9635 / 9630 TPMs had two ways to interface them
> - proprietary 'io' mapped protocol (tpm_infineon) - tis protocol (tpm_tis)
>
> Both match the same HID.
> However with the emerging of the tis protocol, the io protocol eventually went away for newer products.
> So all TPM1.2 by IFX match the HID0102 and the TCG generic ones PNP0C31
>
> So basically you break TPM1.2 support for all (newer) Infineon chips if the platform vendor used the IFX0102 HID as they would speak via tpm_infineon driver.
> The bug must be something different, especially as it only seems to happen after suspend resume.

Peter,

Looking at dmesg:

1. tmp_infineon initializes cleanly
2. tpm_tis fails misserably with bunch error messages

I'm cool with reverting the patch though. Please send a revert patch and
explain this in the commit message because right now what you are saying
is completely undocumented.

Also, this tpm_infineon issue needs to be fixed properly after the
revert.

The bugzilla bug is unrelated to this issue but it causes extra harm
fixing any bugs and confusion among the users as the bug discussions
proves.

How do we get the quirks for tpm_tis and tpm_infineon so that they can
separate each other?

/Jarkko

2020-07-06 14:45:29

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Mon, Jul 06, 2020 at 05:00:51PM +0300, Jarkko Sakkinen wrote:
> On Mon, Jul 06, 2020 at 11:46:46AM +0000, [email protected] wrote:
> > Hi,
> > NACK
> >
> > > % git --no-pager grep IFX0102 drivers/char/tpm
> > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> > > Obviously IFX0102 was added to the HID table for the TCG TIS driver by mistake.
> >
> > The HID IFX0102 was NOT added by mistake.
> > Let me explain the history a bit:
> >
> > Old SLB 9635 / 9630 TPMs had two ways to interface them
> > - proprietary 'io' mapped protocol (tpm_infineon) - tis protocol (tpm_tis)
> >
> > Both match the same HID.
> > However with the emerging of the tis protocol, the io protocol eventually went away for newer products.
> > So all TPM1.2 by IFX match the HID0102 and the TCG generic ones PNP0C31
> >
> > So basically you break TPM1.2 support for all (newer) Infineon chips if the platform vendor used the IFX0102 HID as they would speak via tpm_infineon driver.
> > The bug must be something different, especially as it only seems to happen after suspend resume.
>
> Peter,
>
> Looking at dmesg:
>
> 1. tmp_infineon initializes cleanly
> 2. tpm_tis fails misserably with bunch error messages
>
> I'm cool with reverting the patch though. Please send a revert patch and
> explain this in the commit message because right now what you are saying
> is completely undocumented.
>
> Also, this tpm_infineon issue needs to be fixed properly after the
> revert.
>
> The bugzilla bug is unrelated to this issue but it causes extra harm
> fixing any bugs and confusion among the users as the bug discussions
> proves.
>
> How do we get the quirks for tpm_tis and tpm_infineon so that they can
> separate each other?

Also in the revert commit, please add a comment to tpm_tis.c
about the existing conflict, e.g.

/*
* Legacy Infineon devices can emit illegit warnings as tpm_tis and
* tpm_infineon have a conflicting device ID IFX0102.
*/

I'm cool reverting it as long as I get a patch with the required
premises to do so and proper documentation, because the issue is
still real.

/Jarkko

2020-07-06 14:48:33

by Jarkko Sakkinen

[permalink] [raw]
Subject: Re: [PATCH v2] tpm_tis: Remove the HID IFX0102

On Mon, Jul 06, 2020 at 05:43:35PM +0300, Jarkko Sakkinen wrote:
> On Mon, Jul 06, 2020 at 05:00:51PM +0300, Jarkko Sakkinen wrote:
> > On Mon, Jul 06, 2020 at 11:46:46AM +0000, [email protected] wrote:
> > > Hi,
> > > NACK
> > >
> > > > % git --no-pager grep IFX0102 drivers/char/tpm
> > > > drivers/char/tpm/tpm_infineon.c: {"IFX0102", 0},
> > > > drivers/char/tpm/tpm_tis.c: {"IFX0102", 0}, /* Infineon */
> > > > Obviously IFX0102 was added to the HID table for the TCG TIS driver by mistake.
> > >
> > > The HID IFX0102 was NOT added by mistake.
> > > Let me explain the history a bit:
> > >
> > > Old SLB 9635 / 9630 TPMs had two ways to interface them
> > > - proprietary 'io' mapped protocol (tpm_infineon) - tis protocol (tpm_tis)
> > >
> > > Both match the same HID.
> > > However with the emerging of the tis protocol, the io protocol eventually went away for newer products.
> > > So all TPM1.2 by IFX match the HID0102 and the TCG generic ones PNP0C31
> > >
> > > So basically you break TPM1.2 support for all (newer) Infineon chips if the platform vendor used the IFX0102 HID as they would speak via tpm_infineon driver.
> > > The bug must be something different, especially as it only seems to happen after suspend resume.
> >
> > Peter,
> >
> > Looking at dmesg:
> >
> > 1. tmp_infineon initializes cleanly
> > 2. tpm_tis fails misserably with bunch error messages
> >
> > I'm cool with reverting the patch though. Please send a revert patch and
> > explain this in the commit message because right now what you are saying
> > is completely undocumented.
> >
> > Also, this tpm_infineon issue needs to be fixed properly after the
> > revert.
> >
> > The bugzilla bug is unrelated to this issue but it causes extra harm
> > fixing any bugs and confusion among the users as the bug discussions
> > proves.
> >
> > How do we get the quirks for tpm_tis and tpm_infineon so that they can
> > separate each other?
>
> Also in the revert commit, please add a comment to tpm_tis.c
> about the existing conflict, e.g.
>
> /*
> * Legacy Infineon devices can emit illegit warnings as tpm_tis and
> * tpm_infineon have a conflicting device ID IFX0102.
> */
>
> I'm cool reverting it as long as I get a patch with the required
> premises to do so and proper documentation, because the issue is
> still real.

We do have this kind of thing for MSFT0101 in tpm_tis.c: check_acpi_tpm2().

This is not the root cause for the bugzilla bug, but is a bug itself,
and this kind of behaviour should not exist. It makes fixing real bugs
factors harder when you have drivers putting arbirtrary warnings to
klog.


/Jarkko