Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755458AbdCTWqC (ORCPT ); Mon, 20 Mar 2017 18:46:02 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:47180 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753218AbdCTWp7 (ORCPT ); Mon, 20 Mar 2017 18:45:59 -0400 Subject: Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands References: <20170303151912.14752-1-jarkko.sakkinen@linux.intel.com> <20170303151912.14752-3-jarkko.sakkinen@linux.intel.com> <22e8fa0caf8b4386a12cd93ee7170ed5@MUCSE603.infineon.com> <20170317161614.GA28082@obsidianresearch.com> <12e63cdba1e34cac9b82e4bff9621ae6@MUCSE603.infineon.com> Cc: linux-security-module@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org From: Ken Goldman Date: Mon, 20 Mar 2017 15:42:13 -0400 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <12e63cdba1e34cac9b82e4bff9621ae6@MUCSE603.infineon.com> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 x-cbid: 17032019-0004-0000-0000-000011CF9140 X-IBM-SpamModules-Scores: X-IBM-SpamModules-Versions: BY=3.00006818; HX=3.00000240; KW=3.00000007; PH=3.00000004; SC=3.00000206; SDB=6.00836484; UDB=6.00411120; IPR=6.00614253; BA=6.00005224; NDR=6.00000001; ZLA=6.00000005; ZF=6.00000009; ZB=6.00000000; ZP=6.00000000; ZH=6.00000000; ZU=6.00000002; MB=3.00014729; XFM=3.00000013; UTC=2017-03-20 19:42:12 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 17032019-0005-0000-0000-00007DF65F8C Message-Id: X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2017-03-20_14:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1702020001 definitions=main-1703200167 To: unlisted-recipients:; (no To-header on input) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 716 Lines: 15 On 3/20/2017 5:54 AM, Alexander.Steffen@infineon.com wrote: > > There are a few special cases that need some thought though. For > example, it is possible to use an upgrade to switch the TPM family > from 1.2 to 2.0 (or vice versa). In this case it seems useful to let > the kernel reinitialize the TPM driver, so it uses the correct > timeouts for communication, activates the correct features (resource > manager or not?), etc., without needing to reboot the system. In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur without a reboot? Is it an important use case? 1 - It would leave the SHA-256 PCRs in the reset state. 2 - It's possible that this upgrade would also require a BIOS upgrade.