Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Message-ID: <6a80d9e9-aec9-2cbd-d65b-bb1e84b77b2b@amd.com>
Date:   Tue, 1 Aug 2023 13:51:49 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:102.0) Gecko/20100101
 Thunderbird/102.13.0
Subject: Re: [PATCH 1/1] tpm: disable hwrng for fTPM on some AMD designs
Content-Language: en-US
To:     Linus Torvalds <torvalds@linux-foundation.org>,
        Jarkko Sakkinen <jarkko@kernel.org>
Cc:     Daniil Stas <daniil.stas@posteo.net>,
        James.Bottomley@hansenpartnership.com, Jason@zx2c4.com,
        linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
        regressions@leemhuis.info, stable@vger.kernel.org
References: <20230727183805.69c36d6e@g14>
 <b1dd27df-744b-3977-0a86-f5dde8e24288@amd.com> <20230727193949.55c18805@g14>
 <65a1c307-826d-4ca3-0336-07a185684e5d@amd.com> <20230727195019.41abb48d@g14>
 <67eefe98-e6df-e152-3169-44329e22478d@amd.com> <20230727200527.4080c595@g14>
 <CAHk-=whqT0PxBazwfjWwoHQQFzZt50tV6Jfgq3iYceKMJtyuUg@mail.gmail.com>
 <CUGAV1Y993FB.1O2Q691015Z2C@seitikki>
 <CAHk-=whphk8Jp=NYmnm7Qv+vZ6ScYCz+rV8a2G1nD-AQY3z+mQ@mail.gmail.com>
 <CUHF67ZOFOTN.1UFE7Q1IFRQMX@suppilovahvero>
 <CAHk-=wgK0Z-LrJGExwG=e=oxjD93LJhY3jMmi_2O2_Pkjf8Tsg@mail.gmail.com>
From:   Mario Limonciello <mario.limonciello@amd.com>
In-Reply-To: <CAHk-=wgK0Z-LrJGExwG=e=oxjD93LJhY3jMmi_2O2_Pkjf8Tsg@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?B?QkFMY0s5M3JBU2lRMnJkYzJuOFlEQ3ZIdGZlUlhEVTBFeWt3LzFrNkpCUnN6?=
 =?utf-8?B?ajVhTjU0cVlmWEZnbkdZZERzZXAzdkEraElpWm5ldmJSY2U4dFhsVDQvb2VU?=
 =?utf-8?B?M0h4bE1ZZVlnUjlKSmpldDJWNDFHYzk0TE0zK094YTl2MEVaM01SUytyVVZw?=
 =?utf-8?B?Mm5QS2RVNWtrd0M4aFlSaC8xSXhPK1BuYkt6MzZRR1lJbmFsdVJXeUtIdnRS?=
 =?utf-8?B?aFVXMktBY0ZDT3cwdjJRc0YxS3BxYnZ3SWhTbnRSTGpybFBlYVo4eTdLNTVI?=
 =?utf-8?B?WmJFcVBUckszTXEyNm04Nkd2bFZDeE5sUnplNkg4V3RqWFR6SWNlQTlHR2pR?=
 =?utf-8?B?MDZqNFA5WTh4WlJ6THZCMkx0NXJEOWNkNzd4c3E3bG9GUGd1MW0rVUU3aXhT?=
 =?utf-8?B?aXM1YzZRUE0zTUlpZmlNcTlBbDF0UXBSTlBiQWk2OWZTQUh3VXZMY1Q4ZDh3?=
 =?utf-8?B?empOUFhkUFBMQTRlNlgrK2VVQUUvR2lobmhLM1dTS1JpNWZGeGdPZDNtTFlI?=
 =?utf-8?B?bXlDZGUvbHd1TmZqdzVoemhCeWE3WDZlR2tWdEZrRXdHKzhRcFpoNWhYc2l1?=
 =?utf-8?B?L1I0UTc3VWlPUjQ0TEhIOTBiUjhWMGlPMDVaSU4zNWdYcWF5ZW9yR0d2UDRB?=
 =?utf-8?B?YmNGclcweHEvZzV6Z3o5aXJNTFJaekZSTlZidkhlUDdRUUZBcngzQ0srcEhR?=
 =?utf-8?B?T3QwUHh3c0lMQnBZNjhXR01UMUgxekd3T1BnTHh2SS9MWkZCTk8yWWJJR1Jp?=
 =?utf-8?B?REpTNFBPeVlIbUZGV0FrWjBtU2dkTUVGRjBuQ2lydzJ3aTFjdjY0cW94YzlL?=
 =?utf-8?B?azdFRnkwNG1kMnJPTmhVTU1ZMFdjc1VOb0ZuRWozeW5wWVRuSDJTaUhDL2o2?=
 =?utf-8?B?S1cyNEJPUVFUV0l3WTdQY3padndHUjErbzVmb0prRUp6V2JHcGs4WUMwOVVz?=
 =?utf-8?B?dlZlUWFGNVQxNE4zR1lybzBUQ0ZlM0cybFpsK3ZQdWR2SUNVbjF2dm13d1VX?=
 =?utf-8?B?VlNEWU5GT2F5QisxVWttNWRFZUpmSWUrcHl5TWVsZHNaRWxhekwrb3UyVEI1?=
 =?utf-8?B?OGhMN0h3b095U29yZEx5Nlh1c05WaWRoNWJSR3RmbTBrQ0JkcHp1Qk93SGZm?=
 =?utf-8?B?SlQxWHZXK1BTWkkwU0dUUDlQVW41b2s4eFZTdThPTTAxWTVQS3lHT0lzV1hL?=
 =?utf-8?B?TG1UWm4zTTdhTlF5azFuOW1iVzF4RDI0WmRDZ00yTnJqbFZ4ZXFQQ055TFhx?=
 =?utf-8?B?aUJSbjZrSy91Q0lQOVZWSll0RWdMdDVucktJQytVd2JzMzhVVVhoMlhBc2N1?=
 =?utf-8?B?RWFFQzFhdWxhajBPM2JFbS9PLy9XNStOaGlQVEtoc2Q3S0lHa1RPK2lNM0V2?=
 =?utf-8?B?OVB3OVMyZ3ROaHVQd05TQjYyT1NhY2o0T3RVRE1jRTI4UnhBQUJjdXlCVzNH?=
 =?utf-8?B?R1p0ZTBtRUdTZzRNcVJKQ3lLWFhXQ1k1QWZDdnU3VGxTajFtUU5KSlBSemFw?=
 =?utf-8?B?UnAwNGxYN2FzcDFZcGVWemwreU1YeVZOaEh1dExEUGJSTEpnaThsdmNWMDRO?=
 =?utf-8?B?bjIvbXdtRlBtQ2gzMURKMnI0U0RjdXNSTE51b2NIdDYxamkyQ2tZWTVrQ1R1?=
 =?utf-8?B?dWVabVVSdGZRcXozM3RhTW5ORE50dkg2WEY3dml1N0lXVzludEZBTUlwdTBD?=
 =?utf-8?B?QW1BeE5ERWxKYlRmUlJlckR3dDZ1OWRGMmlFWlVubTlYZXEwa0RRc0hBRzNx?=
 =?utf-8?B?RUhocjJEQUpSWkE5UlIvUVFzUGd5RXI2UEdpQXdvVFdEMWRyUFdkdk5FOVdX?=
 =?utf-8?B?d3Z4ZFgyQitvVTdvT1NwR1RyS1VvUEJFVkdWdW5HbWRLZXdIU2YyUTJ6Uit4?=
 =?utf-8?B?aGJPQzd6d1BOZWhWd0dPUEV3emdMakx5RE1nUCt0VFowdnorNUlhTWsrbkV6?=
 =?utf-8?B?OWVtcWsyTjhrV2FsbGcrTTA0WkZuTTVmbCtLSE9sMWNEaGJTT0gvTGgrblMv?=
 =?utf-8?B?ZFBJQnByVWFJdEFnczVrdUZDdmRVaGdScTEvbzgxbk5scXBpN21GRXdWbjBY?=
 =?utf-8?B?ZTRQQmF2UG9QSHB2d2dYSVNzYlRjajdlS0ZHYjI0MkFEcEJPRmM5SXpCUkhY?=
 =?utf-8?Q?HPHKJnGPRsfMGJHV/yc0+/c4I?=
X-OriginatorOrg: amd.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f6360b17-99af-4065-bb6f-08db92c05e37
X-MS-Exchange-CrossTenant-AuthSource: DS7PR12MB6095.namprd12.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 01 Aug 2023 18:51:51.6944
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 3dd8961f-e488-4e60-8e11-a82d994e183d
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: XuvmcHG5eMvs0RrPmwNF2ZR39eoPjhxYfih+vh2aObcxbcbrlNwNnCrR1j2IAWl7O1i819FryPP1nehQAgR6iA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY5PR12MB6370
X-Spam-Status: No, score=-1.2 required=5.0 tests=BAYES_00,DKIM_SIGNED,
        DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FORGED_SPF_HELO,NICE_REPLY_A,
        RCVD_IN_DNSWL_BLOCKED,RCVD_IN_MSPIKE_H2,SPF_HELO_PASS,SPF_NONE,
        T_SCC_BODY_TEXT_LINE,URIBL_BLOCKED autolearn=no autolearn_force=no
        version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On 8/1/2023 13:42, Linus Torvalds wrote:
> On Tue, 1 Aug 2023 at 11:28, Jarkko Sakkinen <jarkko@kernel.org> wrote:
>>
>> I would disable it inside tpm_crb driver, which is the driver used
>> for fTPM's: they are identified by MSFT0101 ACPI identifier.
>>
>> I think the right scope is still AMD because we don't have such
>> regressions with Intel fTPM.
> 
> I'm ok with that.
> 
>> I.e. I would move the helper I created inside tpm_crb driver, and
>> a new flag, let's say "TPM_CHIP_FLAG_HWRNG_DISABLED", which tpm_crb
>> sets before calling tpm_chip_register().
>>
>> Finally, tpm_add_hwrng() needs the following invariant:
>>
>>          if (chip->flags & TPM_CHIP_FLAG_HWRNG_DISABLED)
>>                  return 0;
>>
>> How does this sound? I can refine this quickly from my first trial.
> 
> Sounds fine.

This sounds fine by me too, thanks.

> 
> My only worry comes from my ignorance: do these fTPM devices *always*
> end up being enumerated through CRB, or do they potentially look
> "normal enough" that you can actually end up using them even without
> having that CRB driver loaded?
> 
> Put another way: is the CRB driver the _only_ way they are visible, or
> could some people hit on this through the TPM TIS interface if they
> have CRB disabled?
> 
> I see, for example, that qemu ends up emulating the TIS layer, and it
> might end up forwarding the TPM requests to something that is natively
> CRB?
> 
> But again: I don't know enough about CRB vs TIS, so the above may be a
> stupid question.
> 
>             Linus