Received: by 10.213.65.68 with SMTP id h4csp538462imn; Fri, 16 Mar 2018 10:49:01 -0700 (PDT) X-Google-Smtp-Source: AG47ELvuuqudMj+xCulaPXCgD0aUHzsSVUz1SitjiPmhIBWDAmerwpr0cduMuAzKsjyEuC3N42Q+ X-Received: by 10.99.119.9 with SMTP id s9mr2098797pgc.276.1521222540982; Fri, 16 Mar 2018 10:49:00 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1521222540; cv=none; d=google.com; s=arc-20160816; b=ll2HiGPxw7/Cx3J17sPUdBdcFcyUO15uFeptNUfA2ul84aykuLALtNRsqnOe9eLde8 rPtT7/eiz0b2/DlOxirJYNrmNnczqswxEA90LbTsTbJVxZpMb7msjuSD8rArhXUamTIC rd3skxglNSW60ihHpLGb/ZIOc2rm7q4wi+KBMtPFe4WpJRNTRFMon2nxOu016Blu/wN2 1tx6W2bA0DjMx9SRN6eRDp9Nr10AkqC3/nhRH56HvOFS7byGHXddLqkypDnEFZ/11B0Y WRrsKfuCFHj4p451GC7oMSyi1FWwbbGX9fakwu28jueOh4U9n8E8rwBLgoI/VcXv8C5Q dBOg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :arc-authentication-results; bh=fimPiGTbFhOuouKw2qz7Jai+s+2Y4obI3x0hwRffmJc=; b=f2efSBLgcMqXay8g3kOFBPul8EMmr7Ao+6XBh7ffC62hpUdQDSKSH/Zx6AFJgUCre9 JMicDd6FYiepXViWJ3CcsByQRUTkErf5cuk1+pweKMDbUSJGj0wgmucuMELihcRRYSK0 3OY34b2yjDES5ftFlUskEqWqbhNQqfXcT5yDuR2XoV1y6e86cAXc11DioeaqScWjVd7M whyxQJnSPY8F5s+amG2XRptwHd+B3ziEfEQaTPissNksEBThwcudJIgHYuKbNLSl7djy AIKKvZWhZ6V+AfssIAOsnZxuhMAIZwPfaBA6lEdLO5AScaSZY+PsxWR/VHB8GBhWmftZ MZUg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m10si5205883pgs.236.2018.03.16.10.48.46; Fri, 16 Mar 2018 10:49:00 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752537AbeCPRrU (ORCPT + 99 others); Fri, 16 Mar 2018 13:47:20 -0400 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:46282 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752163AbeCPRrD (ORCPT ); Fri, 16 Mar 2018 13:47:03 -0400 Received: from pps.filterd (m0098399.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2GHkBnp118363 for ; Fri, 16 Mar 2018 13:47:03 -0400 Received: from e06smtp13.uk.ibm.com (e06smtp13.uk.ibm.com [195.75.94.109]) by mx0a-001b2d01.pphosted.com with ESMTP id 2grhf6jt31-1 (version=TLSv1.2 cipher=AES256-SHA256 bits=256 verify=NOT) for ; Fri, 16 Mar 2018 13:47:03 -0400 Received: from localhost by e06smtp13.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Fri, 16 Mar 2018 17:47:00 -0000 Received: from b06cxnps3075.portsmouth.uk.ibm.com (9.149.109.195) by e06smtp13.uk.ibm.com (192.168.101.143) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; Fri, 16 Mar 2018 17:46:57 -0000 Received: from d06av22.portsmouth.uk.ibm.com (d06av22.portsmouth.uk.ibm.com [9.149.105.58]) by b06cxnps3075.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id w2GHkvE360620856; Fri, 16 Mar 2018 17:46:57 GMT Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id B298C4C04A; Fri, 16 Mar 2018 17:40:09 +0000 (GMT) Received: from d06av22.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 8D82F4C040; Fri, 16 Mar 2018 17:40:07 +0000 (GMT) Received: from swastik.in.ibm.com (unknown [9.84.219.247]) by d06av22.portsmouth.uk.ibm.com (Postfix) with ESMTP; Fri, 16 Mar 2018 17:40:07 +0000 (GMT) From: Nayna Jain To: linux-integrity@vger.kernel.org Cc: zohar@linux.vnet.ibm.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, peterhuewe@gmx.de, jarkko.sakkinen@linux.intel.com, tpmdd@selhorst.net, jgunthorpe@obsidianresearch.com, Nayna Jain Subject: [PATCH] tpm: TPM 2.0 selftest performance improvement Date: Fri, 16 Mar 2018 23:15:28 +0530 X-Mailer: git-send-email 2.13.6 X-TM-AS-GCONF: 00 x-cbid: 18031617-0012-0000-0000-000005C00F93 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18031617-0013-0000-0000-0000193C1F26 Message-Id: <20180316174528.21018-1-nayna@linux.vnet.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:,, definitions=2018-03-16_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1709140000 definitions=main-1803160213 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org For selftest being run in the background, the TCG 2.0 Specification provides the command TPM2_GetTestResult to check the status of selftest completion. When the partial selftest command is sent just after TPM initialization, it is observed that it returns RC_COMMAND_CODE error, which as per TPM 2.0 Specification, indicates "the response code that is returned if the TPM is unmarshalling a value that it expects to be a TPM_CC and the input value is not in the table." This doesn't indicate the exact status of selftest command on TPM. But, it can be verified by sending the TPM2_GetTestResult. This patch implements the TPM2_GetTestResult command and uses it to check the selftest status, before sending the full selftest command after partial selftest returns RC_COMMAND_CODE. With this change, dmesg shows the TPM selftest completed at 1.243864 compared with the previous 1.939667 time. Signed-off-by: Nayna Jain Tested-by: Mimi Zohar (on Pi with TPM 2.0) Signed-off-by: Mimi Zohar --- drivers/char/tpm/tpm.h | 2 ++ drivers/char/tpm/tpm2-cmd.c | 59 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+) diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h index 82ae7b722161..d95eeb7c002a 100644 --- a/drivers/char/tpm/tpm.h +++ b/drivers/char/tpm/tpm.h @@ -107,6 +107,7 @@ enum tpm2_return_codes { TPM2_RC_FAILURE = 0x0101, TPM2_RC_DISABLED = 0x0120, TPM2_RC_COMMAND_CODE = 0x0143, + TPM2_RC_NEEDS_TEST = 0x0153, TPM2_RC_TESTING = 0x090A, /* RC_WARN */ TPM2_RC_REFERENCE_H0 = 0x0910, }; @@ -135,6 +136,7 @@ enum tpm2_command_codes { TPM2_CC_FLUSH_CONTEXT = 0x0165, TPM2_CC_GET_CAPABILITY = 0x017A, TPM2_CC_GET_RANDOM = 0x017B, + TPM2_CC_GET_TEST_RESULT = 0x017C, TPM2_CC_PCR_READ = 0x017E, TPM2_CC_PCR_EXTEND = 0x0182, TPM2_CC_LAST = 0x018F, diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c index 89a5397b18d2..494f6dfbc65d 100644 --- a/drivers/char/tpm/tpm2-cmd.c +++ b/drivers/char/tpm/tpm2-cmd.c @@ -823,6 +823,50 @@ unsigned long tpm2_calc_ordinal_duration(struct tpm_chip *chip, u32 ordinal) EXPORT_SYMBOL_GPL(tpm2_calc_ordinal_duration); /** + * tpm2_get_selftest_result() - get the status of self tests + * + * @chip: TPM chip to use + * + * Return: If error return rc, else return the result of the self tests. + * TPM_RC_NEEDS_TESTING: No self tests are done. Needs testing. + * TPM_RC_TESTING: Self tests are in progress. + * TPM_RC_SUCCESS: Self tests completed successfully. + * TPM_RC_FAILURE: Self tests completed failure. + * + * This function can be used to check the status of self tests on the TPM. + */ +static int tpm2_get_selftest_result(struct tpm_chip *chip) +{ + struct tpm_buf buf; + int rc; + int test_result; + uint16_t data_size; + int len; + const struct tpm_output_header *header; + + rc = tpm_buf_init(&buf, TPM2_ST_NO_SESSIONS, TPM2_CC_GET_TEST_RESULT); + if (rc) + return rc; + + len = tpm_transmit(chip, NULL, buf.data, PAGE_SIZE, 0); + if (len < 0) + return len; + + header = (struct tpm_output_header *)buf.data; + + rc = be32_to_cpu(header->return_code); + if (rc) + return rc; + + data_size = be16_to_cpup((__be16 *)&buf.data[TPM_HEADER_SIZE]); + + test_result = be32_to_cpup((__be32 *) + (&buf.data[TPM_HEADER_SIZE + 2 + data_size])); + + return test_result; +} + +/** * tpm2_do_selftest() - ensure that all self tests have passed * * @chip: TPM chip to use @@ -851,10 +895,25 @@ static int tpm2_do_selftest(struct tpm_chip *chip) "attempting the self test"); tpm_buf_destroy(&buf); + dev_dbg(&chip->dev, "tpm selftest command returned %04x\n", rc); if (rc == TPM2_RC_TESTING) rc = TPM2_RC_SUCCESS; if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS) return rc; + + if (rc == TPM2_RC_COMMAND_CODE) { + + dev_info(&chip->dev, "Check TPM Test Results\n"); + rc = tpm2_get_selftest_result(chip); + + dev_info(&chip->dev, "tpm self test result is %04x\n", + rc); + if (rc == TPM2_RC_TESTING) + rc = TPM2_RC_SUCCESS; + if (rc == TPM2_RC_INITIALIZE || rc == TPM2_RC_SUCCESS + || TPM2_RC_FAILURE) + return rc; + } } return rc; -- 2.13.6