Received: by 10.223.164.202 with SMTP id h10csp5608510wrb;
        Tue, 21 Nov 2017 12:29:57 -0800 (PST)
X-Google-Smtp-Source: AGs4zMZOFD2wkCYKLuA1QS9yWxLA3oBKgO3iEro3ro+zPehWFFtFyuBaSSuCx8rynu32BwuXiCDc
X-Received: by 10.98.133.155 with SMTP id m27mr16619939pfk.69.1511296197594;
        Tue, 21 Nov 2017 12:29:57 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1511296197; cv=none;
        d=google.com; s=arc-20160816;
        b=qdFXZ9LntRQYlavVXpHdstvhUSQuQRZrv2nwVsfa35EhbT1afrVtBVx+k4etfIr42G
         4vENwEdYoTUU7xV6de6IMiyrCZlvd42z5ml1ejzifcu7swbP8sY8xZn5e/sXa8VGrxpK
         HqO0om0f6/K0J5qH2lBEXMhj/4RlUPD1UBPViI7q4+NpJwDTP9vmyUcfSEXMzfq1pHPQ
         qYykEj1YHK1e86ZCvXxJaUDYvHloZBKmOblRrtmYaiOVGYMpObA8SHmP2E7kHPWBlJC4
         q1/TEPm7ThQDlU1b++IFLb8cjiUtdGqvcKTbzsnaZc5o5nIeIlV3kZIDk3eqKOCaost9
         f2GQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:content-transfer-encoding
         :dlp-reaction:dlp-version:dlp-product:content-language
         :accept-language:in-reply-to:references:message-id:date:thread-index
         :thread-topic:subject:cc:to:from:arc-authentication-results;
        bh=zpTWn1T2L2JQWiixEIcKS5THmEwCX0T8wfYCw6ucJoY=;
        b=eekEEKS6KvZ7231uSu6JzP5XkQ7gfvNcLLisvfzhIdZ8aWDrYM0+vz3UsmZ6zUYGHc
         pUJSGZssdCFHzvHcfrybxbiV62h9p6jULf8A0HqFlxdgGHgWkSqRRFvrYjshsyopowyZ
         vNnd0WULs5S5LCFFkC9J5h8vU8fe7NZT8zoBxA85bpyNFTOG3ibLTt7a9sd5yPoiVo4M
         /eCTNvRctSq6cKzAMBEG5IVpyKHC/vyvMf+XiRfmcZGUwtkrU2sPef7lv4iYmuist6y9
         kwD1fh4dPRYI0s3TR94K4PYDEGWzUb3fzRByudi3mOk4f7lNoGSG4agwZ8kQ5dZIqERN
         Viag==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 63si12014649pla.782.2017.11.21.12.29.46;
        Tue, 21 Nov 2017 12:29:57 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751351AbdKUU3L convert rfc822-to-8bit (ORCPT
        <rfc822;yuankui.zhao@gmail.com> + 76 others);
        Tue, 21 Nov 2017 15:29:11 -0500
Received: from mga05.intel.com ([192.55.52.43]:17724 "EHLO mga05.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1751067AbdKUU3J (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 21 Nov 2017 15:29:09 -0500
Received: from fmsmga003.fm.intel.com ([10.253.24.29])
  by fmsmga105.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 21 Nov 2017 12:29:09 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,432,1505804400"; 
   d="scan'208";a="4390482"
Received: from orsmsx105.amr.corp.intel.com ([10.22.225.132])
  by FMSMGA003.fm.intel.com with ESMTP; 21 Nov 2017 12:29:08 -0800
Received: from orsmsx152.amr.corp.intel.com (10.22.226.39) by
 ORSMSX105.amr.corp.intel.com (10.22.225.132) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Tue, 21 Nov 2017 12:29:08 -0800
Received: from orsmsx115.amr.corp.intel.com ([169.254.4.2]) by
 ORSMSX152.amr.corp.intel.com ([169.254.8.218]) with mapi id 14.03.0319.002;
 Tue, 21 Nov 2017 12:29:08 -0800
From:   "Roberts, William C" <william.c.roberts@intel.com>
To:     Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
        "Javier Martinez Canillas" <javierm@redhat.com>
CC:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Peter Huewe <peterhuewe@gmx.de>,
        "Tricca, Philip B" <philip.b.tricca@intel.com>,
        "Jason Gunthorpe" <jgunthorpe@obsidianresearch.com>,
        "linux-integrity@vger.kernel.org" <linux-integrity@vger.kernel.org>
Subject: RE: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation
 fails
Thread-Topic: [RFC PATCH] tpm: don't return -EINVAL if TPM command
 validation fails
Thread-Index: AQHTYlVqROlhZqkm0Emeelhv4C2306MfEccAgAA4lgD///6+oA==
Date:   Tue, 21 Nov 2017 20:29:07 +0000
Message-ID: <476DC76E7D1DF2438D32BFADF679FC563F4BFC0B@ORSMSX115.amr.corp.intel.com>
References: <20171117100724.19257-1-javierm@redhat.com>
 <20171120231512.6wpqgcggfta3am7m@linux.intel.com>
 <7c148cf0-2403-55cf-1633-ff326d5c6f7b@redhat.com>
 <20171121123006.esr7yxs5lvorlfjf@linux.intel.com>
In-Reply-To: <20171121123006.esr7yxs5lvorlfjf@linux.intel.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [10.22.254.139]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 8BIT
MIME-Version: 1.0
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org



> -----Original Message-----
> From: Jarkko Sakkinen [mailto:jarkko.sakkinen@linux.intel.com]
> Sent: Tuesday, November 21, 2017 4:30 AM
> To: Javier Martinez Canillas <javierm@redhat.com>
> Cc: linux-kernel@vger.kernel.org; Peter Huewe <peterhuewe@gmx.de>; Tricca,
> Philip B <philip.b.tricca@intel.com>; Jason Gunthorpe
> <jgunthorpe@obsidianresearch.com>; linux-integrity@vger.kernel.org; Roberts,
> William C <william.c.roberts@intel.com>
> Subject: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation
> fails
> 
> On Tue, Nov 21, 2017 at 10:07:34AM +0100, Javier Martinez Canillas wrote:
> > As mentioned, I think this should be documented. I guess most people
> > would see the in-kernel resource manager as a virtualized TPM, since
> > the "TSS TAB and Resource Manager Specification" [0] explains the RM
> > making an analogy with a virtual memory manager:
> >
> > "The Resource Manager (RM) manages the TPM context in a manner similar
> > to a virtual memory manager. It swaps objects, sessions, and sequences
> > in and out of the limited TPM memory as needed."
> 
> A process in virtual memory has a different environment than code running on
> bare metal without page table, doesn't it?
> 
> > And even your latest LPC presentation mention that the handles in the
> > in-kernel resource manager are virtualized [1].
> >
> > And I disagree that it does not matter, since the same spec says:
> >
> > "This layer is mostly transparent to the upper layers of the TSS and
> > is not required."
> >
> > But returning -EINVAL instead of a proper TPM command response with a
> > TPM_RC_COMMAND_CODE code makes it not transparent to the upper layer.
> 
> *mostly*
> 
> > If the TPM spaces infrastructure is not compliant with the spec, then
> > I think that should also be documented.
> 
> TPM specification is not a formal specification AFAIK.

The published parts are, granted many things are changing.

> 
> > > matters less than breaking the sandbox.
> > >
> >
> > Yes, sorry for that. It wasn't clear to me that there was a sandbox
> > and my lack of familiarity with the code was the reason why I posted
> > as a RFC in the first place.
> >
> > Do you agree with Jason's suggestion to send a synthesized TPM command
> > in the that the command isn't supported?
> 
> Nope.

We should update the elf loader to make sure that ELF files don't contain
Incorrect instructions. We shouldn't have this type of policy in the driver
considering that the tpm is designed to handle it. Obviously you disagree,
just understand you're wrong :-P

> 
> /Jarkko

From 1584679999619214139@xxx Tue Nov 21 12:50:15 +0000 2017
X-GM-THRID: 1584335329705661541
X-Gmail-Labels: Inbox,Category Forums,HistoricalUnread