Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1757696AbdCUPwM (ORCPT <rfc822;w@1wt.eu>);
        Tue, 21 Mar 2017 11:52:12 -0400
Received: from smtp2.infineon.com ([217.10.52.18]:20952 "EHLO
        smtp2.infineon.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1757021AbdCUPut (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 21 Mar 2017 11:50:49 -0400
X-SBRS: None
From: <Alexander.Steffen@infineon.com>
To: <kgold@linux.vnet.ibm.com>
CC: <linux-security-module@vger.kernel.org>,
        <tpmdd-devel@lists.sourceforge.net>, <linux-kernel@vger.kernel.org>
Subject: RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
Thread-Topic: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
Thread-Index: AQHSlDGsVuxv6NFxVkSful+/J4XXc6GZPWHg///9EQCAAAV6AIAEQkAAgACo0YCAAVgyMA==
Date: Tue, 21 Mar 2017 15:44:17 +0000
Message-ID: <b480890a6abe4f9092a547c0f2b7ce17@MUCSE603.infineon.com>
References: <20170303151912.14752-1-jarkko.sakkinen@linux.intel.com>
        <20170303151912.14752-3-jarkko.sakkinen@linux.intel.com>
        <22e8fa0caf8b4386a12cd93ee7170ed5@MUCSE603.infineon.com>
        <20170317161614.GA28082@obsidianresearch.com>
        <bca2bee3c1b84100ac72238425ac4791@MUCSE612.infineon.com>
        <12e63cdba1e34cac9b82e4bff9621ae6@MUCSE603.infineon.com>
 <a518f288-f084-2d11-161a-79ff884b936d@linux.vnet.ibm.com>
In-Reply-To: <a518f288-f084-2d11-161a-79ff884b936d@linux.vnet.ibm.com>
Accept-Language: de-DE, en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.23.8.247]
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Transfer-Encoding: 8bit
X-MIME-Autoconverted: from base64 to 8bit by mail.home.local id v2LFqIxM017970
Content-Length: 1338
Lines: 19

> > There are a few special cases that need some thought though. For
> > example, it is possible to use an upgrade to switch the TPM family
> > from 1.2 to 2.0 (or vice versa). In this case it seems useful to let
> > the kernel reinitialize the TPM driver, so it uses the correct
> > timeouts for communication, activates the correct features (resource
> > manager or not?), etc., without needing to reboot the system.
> 
> In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur
> without a reboot?  Is it an important use case?
> 
> 1 - It would leave the SHA-256 PCRs in the reset state.
> 
> 2 - It's possible that this upgrade would also require a BIOS upgrade.

For a traditional PC and when your goal is platform integrity, a reboot is probably the way to go. But in an embedded environment where there is no BIOS or if you use the TPM more like a smartcard just to store some keys (or generate random numbers), a reboot is unnecessary and it is more comfortable to avoid it.

We probably should inform the kernel before the upgrade anyway, so that it can shut down the TPM gracefully (and maybe switch to the upgrade mode, as Jason suggested). With that infrastructure in place, it does not seem like a lot of effort to also let it switch the TPM back to normal operation mode once the upgrade is complete.

Alexander