Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp3757729imm;
        Mon, 17 Sep 2018 02:42:51 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdYXglO24XyQ/LhVZckkzl36jvZ0Zltw+jSvy/dyWX/Lce+UQCJdSIhqZObMndlMe5o0ns8p
X-Received: by 2002:a63:8241:: with SMTP id w62-v6mr21536087pgd.230.1537177371207;
        Mon, 17 Sep 2018 02:42:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1537177371; cv=none;
        d=google.com; s=arc-20160816;
        b=1C0BjBB/flIf2Ou8Tu9kGc6VEXEBXTkxn7PvQdalFM1oKXm9PHKSeDpYGrkC+ndVR1
         DqacL1yJGbnXz90QFfP/yFtFjpqAk0KwZDIc34SgUuG4bFbgsSarDahuHxI8y762LcaI
         u5V8DUr7ihgcG2xkTWyjFWuNXdf0jOLHzAhFVBe1+nrHeCkF4i6JN/jXm+X8YA9Rfvey
         /cygAlq2i3Z8gCpSj92TZB8yaovRjKysPmeHEOfoF+YspU+pgMWT1MxqiL4vhWkkXHTM
         mu/amaLsFb4QhFOvNLPNwjYpozKIyvObYXB1HU2RnfE0pfphQdzW/IJR7vzbSkRDDa82
         h9oA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:message-id:date:subject:cc
         :to:from;
        bh=yiT+r59ol64Of5wxhh07p516pSqW8Xl9RXObEoblgLM=;
        b=s1rmXgNqV/UllvZqQF8qKnYVcljBGHyai3HQ/lCDntt0pwX4Yn5INoilrYA2iX/f7/
         Tkvmb2FUeliA0/o09c5yROm/ykNHdREbs0vAj7WsSjXMwhF9hPWEAD66lXqUVmOiCgru
         Ki8Rxd3qMme3Q8b3I04l+141jeaZKUAqShTbL5+JxjY8k7N7ahm/HQj5kDDNXr+tZDLi
         WNX0T1ZLYIaSilQmcfOozTPr+858kDbHgWjsbhl3E3sA1qqi4zF+rZj2K4UK4UkIw4GN
         4hkzFMTKn4SuuDNIJzgpuerSHhrUL1jkzFuI3bTX9hQdT2LASF2t6qAjbltXO6u/f2aq
         7fZw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u29-v6si14487476pga.29.2018.09.17.02.42.36;
        Mon, 17 Sep 2018 02:42:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727491AbeIQPIG (ORCPT <rfc822;parkch98@gmail.com> + 99 others);
        Mon, 17 Sep 2018 11:08:06 -0400
Received: from lhrrgout.huawei.com ([185.176.76.210]:2079 "EHLO huawei.com"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1727020AbeIQPIG (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 17 Sep 2018 11:08:06 -0400
Received: from LHREML712-CAH.china.huawei.com (unknown [172.18.7.107])
        by Forcepoint Email with ESMTP id 347AA96F9EDBF;
        Mon, 17 Sep 2018 10:41:25 +0100 (IST)
Received: from roberto-HP-EliteDesk-800-G2-DM-65W.huawei.com (10.204.65.153)
 by smtpsuk.huawei.com (10.201.108.35) with Microsoft SMTP Server (TLS) id
 14.3.399.0; Mon, 17 Sep 2018 10:40:44 +0100
From:   Roberto Sassu <roberto.sassu@huawei.com>
To:     <jarkko.sakkinen@linux.intel.com>
CC:     <linux-integrity@vger.kernel.org>,
        <linux-security-module@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>,
        Roberto Sassu <roberto.sassu@huawei.com>
Subject: [PATCH v2, RESEND 0/3] tpm: retrieve digest size of unknown algorithms from TPM
Date:   Mon, 17 Sep 2018 11:38:17 +0200
Message-ID: <20180917093820.20500-1-roberto.sassu@huawei.com>
X-Mailer: git-send-email 2.14.1
MIME-Version: 1.0
Content-Type: text/plain
X-Originating-IP: [10.204.65.153]
X-CFilter-Loop: Reflected
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

Resending to maintainer with correct mailing lists in CC.

The TPM driver currently relies on the crypto subsystem to determine the
digest size of supported TPM algorithms. In the future, TPM vendors might
implement new algorithms in their chips, and those algorithms might not
be supported by the crypto subsystem.

Usually, vendors provide patches for the new hardware, and likely
the crypto subsystem will be updated before the new algorithm is
introduced. However, old kernels might be updated later, after patches
are included in the mainline kernel. This would leave the opportunity
for attackers to misuse PCRs, as PCR banks with an unknown algorithm
are not extended.

This patch set provides a long term solution for this issue. If a TPM
algorithm is not known by the crypto subsystem, the TPM driver retrieves
the digest size from the TPM with a PCR read. All the PCR banks are
extended, even if the algorithm is not yet supported by the crypto
subsystem.

Roberto Sassu (3):
  tpm: rename and export tpm2_digest and tpm2_algorithms
  tpm: modify tpm_pcr_read() definition to pass TPM hash algorithms
  tpm: retrieve digest size of unknown algorithms with PCR read

 drivers/char/tpm/tpm-interface.c    | 24 ++++++++----
 drivers/char/tpm/tpm.h              | 18 ++-------
 drivers/char/tpm/tpm2-cmd.c         | 78 +++++++++++++++++++++++++------------
 include/linux/tpm.h                 | 30 +++++++++++++-
 include/linux/tpm_eventlog.h        |  9 +----
 security/integrity/ima/ima_crypto.c | 10 ++---
 6 files changed, 109 insertions(+), 60 deletions(-)

-- 
2.14.1