The following changes since commit 45db3ab70092637967967bfd8e6144017638563c:
Merge tag '6.9-rc7-ksmbd-fixes' of git://git.samba.org/ksmbd (2024-05-08 10:39:53 -0700)
are available in the Git repository at:
git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1
for you to fetch changes up to 1d479e3cd6520085832a6b432d521eeead2691ba:
Documentation: tpm: Add TPM security docs toctree entry (2024-05-09 22:30:52 +0300)
----------------------------------------------------------------
Hi,
These are the changes for the TPM driver with a single major new
feature: TPM bus encryption and integrity protection. The key pair
on TPM side is generated from so called null random seed per power
on of the machine [1]. This supports the TPM encryption of the hard
drive by adding layer of protection against bus interposer attacks.
Other than the pull request a few minor fixes and documentation for
tpm_tis to clarify basics of TPM localities for future patch review
discussions (will be extended and refined over times, just a seed).
[1] https://lore.kernel.org/linux-integrity/[email protected]/
BR, Jarkko
----------------------------------------------------------------
Ard Biesheuvel (1):
crypto: lib - implement library version of AES in CFB mode
Bagas Sanjaya (1):
Documentation: tpm: Add TPM security docs toctree entry
Colin Ian King (1):
tpm/eventlog: remove redundant assignment to variabel ret
James Bottomley (14):
tpm: Move buffer handling from static inlines to real functions
tpm: add buffer function to point to returned parameters
tpm: export the context save and load commands
tpm: Add NULL primary creation
tpm: Add TCG mandated Key Derivation Functions (KDFs)
tpm: Add HMAC session start and end functions
tpm: Add HMAC session name/handle append
tpm: Add the rest of the session HMAC API
tpm: add hmac checks to tpm2_pcr_extend()
tpm: add session encryption protection to tpm2_get_random()
KEYS: trusted: Add session encryption protection to the seal/unseal path
tpm: add the null key name as a sysfs export
Documentation: add tpm-security.rst
tpm: disable the TPM if NULL name changes
Jarkko Sakkinen (8):
Documentation: tpm_tis
tpm: Remove unused tpm_buf_tag()
tpm: Remove tpm_send()
tpm: Update struct tpm_buf documentation comments
tpm: Store the length of the tpm_buf data separately.
tpm: TPM2B formatted buffers
tpm: Add tpm_buf_read_{u8,u16,u32}
KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers
Michael Haener (1):
dt-bindings: tpm: Add st,st33ktpm2xi2c
Niklas Schnelle (2):
char: tpm: handle HAS_IOPORT dependencies
char: tpm: Keep TPM_INF_IO_PORT define for HAS_IOPORT=n
.../devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml | 1 +
Documentation/security/tpm/index.rst | 2 +
Documentation/security/tpm/tpm-security.rst | 216 ++++
Documentation/security/tpm/tpm_tis.rst | 46 +
drivers/char/tpm/Kconfig | 17 +-
drivers/char/tpm/Makefile | 2 +
drivers/char/tpm/eventlog/acpi.c | 1 -
drivers/char/tpm/tpm-buf.c | 252 ++++
drivers/char/tpm/tpm-chip.c | 6 +
drivers/char/tpm/tpm-interface.c | 26 +-
drivers/char/tpm/tpm-sysfs.c | 18 +
drivers/char/tpm/tpm.h | 14 +
drivers/char/tpm/tpm2-cmd.c | 53 +-
drivers/char/tpm/tpm2-sessions.c | 1286 ++++++++++++++++++++
drivers/char/tpm/tpm2-space.c | 11 +-
drivers/char/tpm/tpm_infineon.c | 14 +-
drivers/char/tpm/tpm_tis_core.c | 19 +-
include/crypto/aes.h | 5 +
include/keys/trusted_tpm.h | 2 -
include/linux/tpm.h | 316 +++--
lib/crypto/Kconfig | 5 +
lib/crypto/Makefile | 3 +
lib/crypto/aescfb.c | 257 ++++
security/keys/trusted-keys/trusted_tpm1.c | 23 +-
security/keys/trusted-keys/trusted_tpm2.c | 136 ++-
25 files changed, 2519 insertions(+), 212 deletions(-)
create mode 100644 Documentation/security/tpm/tpm-security.rst
create mode 100644 Documentation/security/tpm/tpm_tis.rst
create mode 100644 drivers/char/tpm/tpm-buf.c
create mode 100644 drivers/char/tpm/tpm2-sessions.c
create mode 100644 lib/crypto/aescfb.c
On Thu May 9, 2024 at 11:04 PM EEST, Jarkko Sakkinen wrote:
> Hi,
>
> These are the changes for the TPM driver with a single major new
> feature: TPM bus encryption and integrity protection. The key pair
> on TPM side is generated from so called null random seed per power
> on of the machine [1]. This supports the TPM encryption of the hard
> drive by adding layer of protection against bus interposer attacks.
>
> Other than the pull request a few minor fixes and documentation for
> tpm_tis to clarify basics of TPM localities for future patch review
> discussions (will be extended and refined over times, just a seed).
>
> [1] https://lore.kernel.org/linux-integrity/[email protected]/
Two former PR's (keys, trusted keys) look a bit different as I realized
that my current script does not scale too well. So I do in future use
a method where the subsystem name is picked from MAINTAINERS and I have
crafted aerc templates [1] for each subsystem (also CC lists need
tuning).
This will get better and more polished as I get my scripting more
polished. If anything went wrong, it is mostly because process changes
have their glitches :-)
https://man.archlinux.org/man/aerc-templates.7.en
BR, Jarkko
The pull request you sent on Thu, 09 May 2024 23:04:04 +0300:
> git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags/tpmdd-next-6.10-rc1
has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/b19239143e393d4b52b3b9a17c7ac07138f2cfd4
Thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html