Received: by 2002:a05:6358:700f:b0:131:369:b2a3 with SMTP id 15csp1668792rwo; Wed, 2 Aug 2023 19:25:35 -0700 (PDT) X-Google-Smtp-Source: APBJJlG16rHdFjvd+WW0BY7GYWf4QZmG0nP4UASbiP9i1lOByKNLpPPufQ0uMmu7KWLrUfx1W1VZ X-Received: by 2002:a2e:3e07:0:b0:2b8:3ac9:e201 with SMTP id l7-20020a2e3e07000000b002b83ac9e201mr6028217lja.40.1691029534758; Wed, 02 Aug 2023 19:25:34 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1691029534; cv=none; d=google.com; s=arc-20160816; b=Fm/AKlr/hkDLaYcjZi60Sg1Ut5DcnAhyKQ7y8Je7lhRY/CVWrjr9JKWHFYlf3HcaN1 lAAhlKHjjQS84RtnlChO+y4uJ1UU87eGAFNFx50itpShWaj/ody/VVZMmxCpJNjRNg27 0eGZpHjZFV/Awzp2Hn+/RMrNqYdpxPkXHGOpnrDs5dawruSLD7tXv19D3nXJnkgIIkV2 gQ0gUq5GrKZZjiKQ+DX+fSbTq0LG7EwKkVhw1VnoTkVemRk7T10jjXZTLUK7Bsxvoc7M ABeJnW/zDQRpRx+CEmg3Dmuk/yvNItuR0BdjwvdZqRuLLpDHuIEFpW9wNVAQrNkqkcMm npqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:in-reply-to:from :references:cc:to:content-language:subject:user-agent:mime-version :date:message-id:dkim-signature; bh=jmkQEw53pUWR0UBuP984zIVOfazrdtIEuNlyOUI5ZZU=; fh=8N/TPmW0UdqETMmC5Wd1A5pJDXy1/5iz+6eLn35hNMw=; b=rnKCIR62tCro9SZXFPVWKi8PGX9FhF7mNSeBo8pHxNPy6bdEuubyR7IPvsKjsUBbB2 Day0IUBhwaxSH15m8sbVChKBi8ryGfUYQUD27hvmhZi/gjI0ouc7ZoP2wiHQ1QiOP0gC Q8PclV7FUIlhqKueOqBXHB1G8L8U96oGoGXcAIHNd5e5qZE+NlA5DS6D5Etcn5ERVYIP aigPVr75xysRGzdXrbzjICVcWFb8+1heYHfuT37/Wvs/iK38q0UByvqDIwEltG+fmSq8 Gue9S4029y+V9vSGJj/g+ivAajbK+Jhlwj7gLmvCeOHHFjUjj1aV06yVfst0UflT4ntQ 03Mg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=M6cQVI0L; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id oq26-20020a170906cc9a00b009930294ae72si10623293ejb.293.2023.08.02.19.25.10; Wed, 02 Aug 2023 19:25:34 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@ibm.com header.s=pp1 header.b=M6cQVI0L; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=ibm.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232117AbjHCA5G (ORCPT + 99 others); Wed, 2 Aug 2023 20:57:06 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46022 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229875AbjHCA5F (ORCPT ); Wed, 2 Aug 2023 20:57:05 -0400 Received: from mx0a-001b2d01.pphosted.com (mx0a-001b2d01.pphosted.com [148.163.156.1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 517D226B0; Wed, 2 Aug 2023 17:57:04 -0700 (PDT) Received: from pps.filterd (m0356517.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3730fecq025844; Thu, 3 Aug 2023 00:56:45 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ibm.com; h=message-id : date : mime-version : subject : to : cc : references : from : in-reply-to : content-type : content-transfer-encoding; s=pp1; bh=jmkQEw53pUWR0UBuP984zIVOfazrdtIEuNlyOUI5ZZU=; b=M6cQVI0LWWGgB8UKC45EHTtj4HRi7gVt0z7DjFWSZ37XR6XtbmN3npebaqnEeC4ARNvx qBphfrsNrtqBqIYrzah4jfyZ4iH+eSUZX0pOix0tJNTGZ2LicrDBJVVqwxYLzyqtugWG L9gutQRnECoG8dmw4BDAaKk8hV1aqHOUp93kERPZpH9H18900F4+yf5LsE0AbAkDZeGU LR/+bKb2rve7VeyKe+shB4vI938+ZJunGlFaoI1m1Om0G9BrtU/egUunznfNjJGJCvtu 7o4TD9FA5TcLD8RIEb4yiPoAGSzdEp8aU+FsvCTia26/T498H+gNyScKiS+Txo+Cee9z cw== Received: from pps.reinject (localhost [127.0.0.1]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3s8179gww8-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 03 Aug 2023 00:56:45 +0000 Received: from m0356517.ppops.net (m0356517.ppops.net [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3730iGdS032755; Thu, 3 Aug 2023 00:56:44 GMT Received: from ppma21.wdc07v.mail.ibm.com (5b.69.3da9.ip4.static.sl-reverse.com [169.61.105.91]) by mx0a-001b2d01.pphosted.com (PPS) with ESMTPS id 3s8179gwt6-13 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 03 Aug 2023 00:56:44 +0000 Received: from pps.filterd (ppma21.wdc07v.mail.ibm.com [127.0.0.1]) by ppma21.wdc07v.mail.ibm.com (8.17.1.19/8.17.1.19) with ESMTP id 372MfdTl015578; Thu, 3 Aug 2023 00:34:35 GMT Received: from smtprelay04.wdc07v.mail.ibm.com ([172.16.1.71]) by ppma21.wdc07v.mail.ibm.com (PPS) with ESMTPS id 3s5e3n93rm-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 03 Aug 2023 00:34:35 +0000 Received: from smtpav04.wdc07v.mail.ibm.com (smtpav04.wdc07v.mail.ibm.com [10.39.53.231]) by smtprelay04.wdc07v.mail.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id 3730YZTn42140104 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Thu, 3 Aug 2023 00:34:35 GMT Received: from smtpav04.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1D73258050; Thu, 3 Aug 2023 00:34:35 +0000 (GMT) Received: from smtpav04.wdc07v.mail.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id BCE0058045; Thu, 3 Aug 2023 00:34:33 +0000 (GMT) Received: from [9.47.158.152] (unknown [9.47.158.152]) by smtpav04.wdc07v.mail.ibm.com (Postfix) with ESMTP; Thu, 3 Aug 2023 00:34:33 +0000 (GMT) Message-ID: Date: Wed, 2 Aug 2023 20:34:33 -0400 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.12.0 Subject: Re: [PATCH 1/1] tpm: disable hwrng for fTPM on some AMD designs Content-Language: en-US To: Jerry Snitselaar , Jarkko Sakkinen Cc: Linus Torvalds , Daniil Stas , Mario Limonciello , James.Bottomley@hansenpartnership.com, Jason@zx2c4.com, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org, regressions@leemhuis.info, stable@vger.kernel.org References: <65a1c307-826d-4ca3-0336-07a185684e5d@amd.com> <20230727195019.41abb48d@g14> <67eefe98-e6df-e152-3169-44329e22478d@amd.com> <20230727200527.4080c595@g14> From: Stefan Berger In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit X-TM-AS-GCONF: 00 X-Proofpoint-GUID: Odd5d8PJL65wwCtxuBEiLvglHKN7Wn02 X-Proofpoint-ORIG-GUID: X0UOYzpL91UBanjjrMqCZBDATt-De4VZ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-02_20,2023-08-01_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 mlxlogscore=999 impostorscore=0 malwarescore=0 adultscore=0 bulkscore=0 mlxscore=0 spamscore=0 lowpriorityscore=0 priorityscore=1501 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2306200000 definitions=main-2308030004 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_EF,NICE_REPLY_A,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 8/2/23 19:13, Jerry Snitselaar wrote: > On Tue, Aug 01, 2023 at 10:09:58PM +0300, Jarkko Sakkinen wrote: >> On Tue Aug 1, 2023 at 9:42 PM EEST, Linus Torvalds wrote: >>> On Tue, 1 Aug 2023 at 11:28, Jarkko Sakkinen wrote: >>>> >>>> I would disable it inside tpm_crb driver, which is the driver used >>>> for fTPM's: they are identified by MSFT0101 ACPI identifier. >>>> >>>> I think the right scope is still AMD because we don't have such >>>> regressions with Intel fTPM. >>> >>> I'm ok with that. >>> >>>> I.e. I would move the helper I created inside tpm_crb driver, and >>>> a new flag, let's say "TPM_CHIP_FLAG_HWRNG_DISABLED", which tpm_crb >>>> sets before calling tpm_chip_register(). >>>> >>>> Finally, tpm_add_hwrng() needs the following invariant: >>>> >>>> if (chip->flags & TPM_CHIP_FLAG_HWRNG_DISABLED) >>>> return 0; >>>> >>>> How does this sound? I can refine this quickly from my first trial. >>> >>> Sounds fine. >> >> Mario, it would be good if you could send a fix candidate but take my >> suggestion for a new TPM chip flag into account, while doing it. Please >> send it as a separate patch, not attachment to this thread. >> >> I can test and ack it, if it looks reasonable. >> >>> My only worry comes from my ignorance: do these fTPM devices *always* >>> end up being enumerated through CRB, or do they potentially look >>> "normal enough" that you can actually end up using them even without >>> having that CRB driver loaded? >> >> I know that QEMU has TPM passthrough but I don't know how it behaves >> exactly. >> > > I just created a passthrough tpm device with a guest which it is using > the tis driver, while the host is using crb (and apparently one of the > amd devices that has an impacted fTPM). It looks like there is a > complete separation between the frontend and backends, with the front > end providing either a tis or crb interface to the guest, and then the > backend sending commands by writing to the passthrough device that was > given, such as /dev/tpm0, or an emulator such as swtpm. Stefan can > probably explain it much better than I. You explained it well... The passthrough TPM is only good for one VM (if at all), and all other VMs on the same machine should use a vTPM. Even one VM sharing the TPM with the host creates a potential mess with the shared resources of the TPM, such as the state of the PCRs. When that guest VM using the passthrough device now identifies the underlying hardware TPM's firmware version it will also take the same action to disable the TPM as a source for randomness. But then a VM with a passthrough TPM device should be rather rare... > >>> Put another way: is the CRB driver the _only_ way they are visible, or >>> could some people hit on this through the TPM TIS interface if they >>> have CRB disabled? >> >> I'm not aware of such implementations. CRB and TIS are two distinct MMIO type of interfaces with different registers etc. AMD could theoretically build a fTPM with a CRB interface and then another one with the same firmware and the TIS, but why would they? Stefan >> >>> I see, for example, that qemu ends up emulating the TIS layer, and it >>> might end up forwarding the TPM requests to something that is natively >>> CRB? >>> >>> But again: I don't know enough about CRB vs TIS, so the above may be a >>> stupid question. >>> >>> Linus >> >> I would focus exactly what is known not to work and disable exactly >> that. >> >> If someone still wants to enable TPM on such hardware, we can later >> on add a kernel command-line flag to enforce hwrng. This ofc based >> on user feedback, not something I would add right now. >> >> BR, Jarkko >