Date: Wed, 3 Jun 2015 15:23:31 +0300
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: peterhuewe@gmx.de, safford@us.ibm.com,
        Marcel Selhorst <tpmdd@selhorst.net>,
        "moderated list:TPM DEVICE DRIVER" 
	<tpmdd-devel@lists.sourceforge.net>,
        open list <linux-kernel@vger.kernel.org>,
        richard.l.maliszewski@intel.com
Subject: Re: [PATCH] tpm: introduce struct tpm_buf
Message-ID: <20150603122331.GA3542@jsakkine-mobl1>
References: <1433250262-17200-1-git-send-email-jarkko.sakkinen@linux.intel.com>
 <20150602181315.GE17776@obsidianresearch.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20150602181315.GE17776@obsidianresearch.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: Mutt/1.5.23 (2014-03-12)
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 2689
Lines: 81

On Tue, Jun 02, 2015 at 12:13:15PM -0600, Jason Gunthorpe wrote:
> On Tue, Jun 02, 2015 at 04:04:22PM +0300, Jarkko Sakkinen wrote:
> > +/* A string buffer type for constructing TPM commands. This is based on the
> > + * code in security/keys/trusted.h.
> > + */
> > +
> > +#define TPM_BUF_SIZE 512
> > +
> > +struct tpm_buf {
> > +	u8 data[TPM_BUF_SIZE];
> This should be u32 or u64 to guarentee correct alignment for the
> casting.

Good catch. The functions where this might cause trouble are *_length()
and *_tag().

In other places misalignment should not cause any regressions since data
is not directly assigned to the buffer with pointer casting.

I would prefer to fix by changing *_length() and *_tag() to copy the
value to a local variable and return that. It's a fail safe way and here
the performance is not an issue.

> > +};
> > +
> > +static inline void tpm_buf_init(struct tpm_buf *buf, u16 tag, u32 ordinal)
> > +{
> > +	struct tpm_input_header *head;
> > +
> > +	head = (struct tpm_input_header *) buf->data;
> > +
> > +	head->tag = cpu_to_be16(tag);
> > +	head->length = cpu_to_be32(sizeof(*head));
> > +	head->ordinal = cpu_to_be32(ordinal);
> > +}
> > +
> > +static inline u32 tpm_buf_length(struct tpm_buf *buf)
> > +{
> > +	struct tpm_input_header *head = (struct tpm_input_header *) buf->data;
> > +
> > +	return be32_to_cpu(head->length);
> > +}
> > +
> > +static inline u16 tpm_buf_tag(struct tpm_buf *buf)
> > +{
> > +	return be16_to_cpu(*(__be16 *) &buf->data[0]);
> 
> be16_to_cpup ?

Thanks, I'll change this.

> Any thought on someday using this for tpm1 as well?

Yes, I think this could form the baseline so that the sealing code that
currently resides is security/keys/trusted.c could be eventually moved
to drivers/char/tpm.

I will be contributing API to include/linux/tpm.h that can be then
called by trusted keys. I will also contribute the implementation for
TPM 2.0 sealing but it is up to those who implemented TPM 1.x sealing
code to do the migration. I put all the enablers in place so that doing
that transition should be relatively painless.

I have PoC for TPM 2.0 trusted keys written in Python available here:

https://github.com/jsakkine/tpm2-scripts/blob/master/tpm2.py

(In kernel version the default hash algorithm should be probably SHA-256
as SHA-1 is not considered secure by NIST anymore)

Doing also all the TPM 1.x migration on top of this would make
oversubscribed.

> Jason

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/