Received: by 2002:a05:7412:798b:b0:fc:a2b0:25d7 with SMTP id fb11csp218756rdb; Thu, 22 Feb 2024 01:11:55 -0800 (PST) X-Forwarded-Encrypted: i=3; AJvYcCW81xej5awtdE/Sw12pCbr+EMOGmiJl8H0FUjc5pAEqStgNja0l9W/OVOf0lMitKBsPQuQ/nSwNFAEoUr4XmUAObdr25pUazLvhTg/1hw== X-Google-Smtp-Source: AGHT+IF9mTeowoIVMnIIERst3KoVYvHNfPhGvF8pi04S5DH3KhptsxNnGtLNN5zWyfF5y+2E1eOd X-Received: by 2002:a05:6358:d045:b0:179:28:e8a4 with SMTP id jb5-20020a056358d04500b001790028e8a4mr21466522rwb.31.1708593115680; Thu, 22 Feb 2024 01:11:55 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1708593115; cv=pass; d=google.com; s=arc-20160816; b=ColekZeF1Nnxk54yR/PwXlQ8vjly5yPqaGd1ucVd/2qLr72TfCLhD22PONPtQWUuTl trxNr/JUxfKO8AmDQWYuZEanjnBXM2ahf0PsoNwXv9zPF/CjiKc2aoPKvEdTmGmVqFfG TCrSS8rkgYmd4lSyodQiIcGDNDm7fQg2VL1dXXVTGK4be4diNAPuBsPILn5hUZc9EVcu I66UHiFyTQ6ek+2OrXsQ9tzg4nLLU80GaLYAJKVTEPMsFJFTP/Xhfh50YIw9FQ/IzPvU La1whbUCYByb+mecfstAqV7WpdbMaykzxph4U+w0mPCcy0pi8a0MlhVUcADl7IxjFtv6 otdw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:user-agent:references:in-reply-to :date:cc:to:from:subject:message-id:dkim-signature:dkim-signature; bh=QEZTaqJDPoyWg6e6TSPx4JMOZhO7f9JjiLTCJVA4U1w=; fh=8ynXCpnCru8LOvpMYmrtjS2TgJPkRgl0KLtu/N2ZJaE=; b=CXtFm4TbYy98xyQuRDsPDXQafnUc9DNXph/Xk/e/aDEkfWqDlAdMIid+8aYlO1x5Hw UMR0a1OLbdjMP0y+Axpl/MyC/3D7Bs3x4ST1j//d6V4efuLdysZ4KB66YtzUNSWLZOor ikLxzO4HQx3I0goHO23nCYVcRhsoj8HP7payXERjklUAaBj9vb1M7m4LeEUs4eDNglks rnqdhCY1Al9N2UFf0dAYnUZl1I8fjx768GYJY0qANPxJryFXRWA44JFyaJizZwuUXylK g0Ou2ZU3PE9/biqEIJOmcYWhfgfZPSrntjOxjRsGa5cs3ifIiiq9V2l2fzq0pTmtpm2W s0VA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=itN9fHp6; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=itN9fHp6; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-76181-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76181-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [147.75.48.161]) by mx.google.com with ESMTPS id l123-20020a632581000000b005dc88c4700dsi9708546pgl.31.2024.02.22.01.11.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 22 Feb 2024 01:11:55 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel+bounces-76181-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) client-ip=147.75.48.161; Authentication-Results: mx.google.com; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=itN9fHp6; dkim=pass header.i=@hansenpartnership.com header.s=20151216 header.b=itN9fHp6; arc=pass (i=1 spf=pass spfdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dkim=pass dkdomain=hansenpartnership.com dmarc=pass fromdomain=hansenpartnership.com); spf=pass (google.com: domain of linux-kernel+bounces-76181-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.48.161 as permitted sender) smtp.mailfrom="linux-kernel+bounces-76181-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=hansenpartnership.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id D9662B268CA for ; Thu, 22 Feb 2024 09:06:34 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id A80D937710; Thu, 22 Feb 2024 09:06:19 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="itN9fHp6"; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b="itN9fHp6" Received: from bedivere.hansenpartnership.com (bedivere.hansenpartnership.com [96.44.175.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 796B436B02; Thu, 22 Feb 2024 09:06:14 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=96.44.175.130 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708592778; cv=none; b=bzc+RWPk8dQsK0v7rJ6haPENlYZI5ijUg9D/qKDVSI+l010bfu0fAR2DraBblKmCIoJP6JPB6s8pWofmo2986997FtEHddVUEZcOYy7PcIZVl/7nRH/zNjCuNOr0HnMvqftOxxn8qXmJebGwu4iOM2oNo4IC8HAqqZ4LA7eryvw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1708592778; c=relaxed/simple; bh=A6qL6LYkEgzw3jQG0rBz2GpF63+UvR4JQcTowuWGOf0=; h=Message-ID:Subject:From:To:Cc:Date:In-Reply-To:References: Content-Type:MIME-Version; b=UsHTC3JQ1ZMqZxAjQt98pmDH8sN41glfSbDdORdPRvIhl5Ky9uqxxh7oUwMxnaaSbcEoFBOUHtGEwzLjs+JNroauMCo8BCtFKluk6uIf6/XMsDn6dWTA2QpFs08OMNEKcil6hArKYPyNrBXbkNj4t5C1uPAVYXujLBwYeX25kjM= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com; spf=pass smtp.mailfrom=HansenPartnership.com; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=itN9fHp6; dkim=pass (1024-bit key) header.d=hansenpartnership.com header.i=@hansenpartnership.com header.b=itN9fHp6; arc=none smtp.client-ip=96.44.175.130 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=HansenPartnership.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=HansenPartnership.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1708592772; bh=A6qL6LYkEgzw3jQG0rBz2GpF63+UvR4JQcTowuWGOf0=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=itN9fHp6Ii5Ewe0zC5vLvsC64OtBvfUAs8QWc2f8E7xIWfbWjoEZkSjpHcFPGso75 llwFR7iHXgEdS127Bd3osGqbyPelaAlc7COS5wxMHRGDqnwwtDyRkgnYMYkOeUJoSL XXgsG19oOEUOcfKk2VXaVMP+nH6v3OxvbTDDEfsI= Received: from localhost (localhost [127.0.0.1]) by bedivere.hansenpartnership.com (Postfix) with ESMTP id AED4B1286587; Thu, 22 Feb 2024 04:06:12 -0500 (EST) Received: from bedivere.hansenpartnership.com ([127.0.0.1]) by localhost (bedivere.hansenpartnership.com [127.0.0.1]) (amavis, port 10024) with ESMTP id irqCIaH1qFpv; Thu, 22 Feb 2024 04:06:12 -0500 (EST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=hansenpartnership.com; s=20151216; t=1708592772; bh=A6qL6LYkEgzw3jQG0rBz2GpF63+UvR4JQcTowuWGOf0=; h=Message-ID:Subject:From:To:Date:In-Reply-To:References:From; b=itN9fHp6Ii5Ewe0zC5vLvsC64OtBvfUAs8QWc2f8E7xIWfbWjoEZkSjpHcFPGso75 llwFR7iHXgEdS127Bd3osGqbyPelaAlc7COS5wxMHRGDqnwwtDyRkgnYMYkOeUJoSL XXgsG19oOEUOcfKk2VXaVMP+nH6v3OxvbTDDEfsI= Received: from [10.236.41.91] (unknown [88.128.88.10]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by bedivere.hansenpartnership.com (Postfix) with ESMTPSA id 73B0B1286557; Thu, 22 Feb 2024 04:06:09 -0500 (EST) Message-ID: <354bf802d27ea995858e41dd90d9a83ffc6739aa.camel@HansenPartnership.com> Subject: Re: [PATCH 1/3] tpm: protect against locality counter underflow From: James Bottomley To: Jarkko Sakkinen , Lino Sanfilippo , Alexander Steffen , "Daniel P. Smith" , Jason Gunthorpe , Sasha Levin , linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Ross Philipson , Kanth Ghatraju , Peter Huewe Date: Thu, 22 Feb 2024 10:06:05 +0100 In-Reply-To: References: <20240131170824.6183-1-dpsmith@apertussolutions.com> <20240131170824.6183-2-dpsmith@apertussolutions.com> <2ba9a96e-f93b-48e2-9ca0-48318af7f9b1@kunbus.com> <91f600ef-867b-4523-89be-1c0ba34f8a4c@kunbus.com> <7a7f8f0c1b9d124bfc01b66082abf2d8445564ce.camel@HansenPartnership.com> Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.42.4 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit On Wed, 2024-02-21 at 19:43 +0000, Jarkko Sakkinen wrote: > On Wed Feb 21, 2024 at 12:37 PM UTC, James Bottomley wrote: > > On Tue, 2024-02-20 at 22:31 +0000, Jarkko Sakkinen wrote: [...] > > >  I cannot recall out of top of my head can > > >    you have two localities open at same time. > > > > I think there's a misunderstanding about what localities are: > > they're effectively an additional platform supplied tag to a > > command.  Each command can therefore have one and only one > > locality.  The TPM doesn't > > Actually this was not unclear at all. I even read the chapters from > Ariel Segall's yesterday as a refresher. > > I was merely asking that if TPM_ACCESS_X is not properly cleared and > you se TPM_ACCESS_Y where Y < X how does the hardware react as the > bug report is pretty open ended and not very clear of the steps > leading to unwanted results. So TPM_ACCESS_X is *not* a generic TPM thing, it's a TIS interface specific thing. Now the TIS interface seems to be dominating, so perhaps it is the correct programming model for us to follow, but not all current TPMs adhere to it. > With a quick check from [1] could not spot the conflict reaction but > it is probably there. The way platforms should handle localities is now detailed in the TCG library code snippets (part 4 Supporting Routines - Code): https://trustedcomputinggroup.org/resource/tpm-library-specification/ It's the _plat__LocalityGet/Set in Appendix C The implementation documented there is what the TPM reference implementation follows. James