Received: by 2002:ab2:6a05:0:b0:1f8:1780:a4ed with SMTP id w5csp88594lqo; Thu, 9 May 2024 13:32:47 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCVxIOR7rbDjxl526zZoio39GRx+FYcm9FbA8Djb/neHsTe6E2I9oMvFcf0Tjbwv9ujpsMKZ37Hx8wTAmvul74PluDuXhCP8TZAY3Ha2DA== X-Google-Smtp-Source: AGHT+IF0ehSStUCr1qZ4qzvDHdIrXnKaHhGDtpJX4mcdWsJthV8pdV777a8HaioSSZDSeALmTe1J X-Received: by 2002:a17:90a:aa87:b0:2b4:abc7:d642 with SMTP id 98e67ed59e1d1-2b6cc5641e3mr589222a91.6.1715286767297; Thu, 09 May 2024 13:32:47 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1715286767; cv=pass; d=google.com; s=arc-20160816; b=jjuNYuRB8fHk6kzOkYgD9L9GX7i+Md0RsWrT9a8m9DvfSOXsRh6mr84fLLGaoqXZMF GJPhAPxy8PiA8EYaqfMVRQmS+iesXDeqHY6DKC41cXJQguSxgwKOIQdRnHghsvt0s1RE p+wLnrtbVPndwg7NZ7tBvTOSuzoupKo7Fm5at7PIzgzQQ7p6dz1pZn654DO3DYoGShQw OKCqA42O0PE2lD/StpidcL6fJoiTREGDTjbfGutr0nBzsApsnT5j3afrHjcGtaNu0I0A ysSKEA/ShnEMgu2eU2eo0D99JYaeu7SIPgZKkIPalU8AlCsrktUbK9INjVrH+kn2AKi6 bvuw== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=to:from:subject:cc:message-id:date:content-transfer-encoding :mime-version:list-unsubscribe:list-subscribe:list-id:precedence :dkim-signature; bh=j2gE7BB7c6f4Z5C88GkWAFWHPgbx9jXZcpbKnDPzpiE=; fh=2weMewrA7Ss5pNhKYOcdP49X4jxaTMh1bjDA0tJlB1Q=; b=lyToR3PAULvwli9/3nmTTjbWgHVBYpPZHFmWaD6+iKJliFgeQ8uPcGIXG7gEUiNNg4 hIRtcX5YKbClXjoER4y09BdIco5i1khbrrGD/7+91XU/GOPWzPSZHTdqsWjdw/pb3xSx fQWZ1ckPdGLgUTrwOCVuV/3MwkVJsieoJWlGCdofyLpQqDSwO6xJXjAGRV4IqNDcWw80 7XHfOCu2e0auQlHlrnspglKr5rQ6fbOEKDY1VtLMG5WB4oMsDyfN17gGJOdOkvp4YJj1 gOGRswzuZ+N2Z0UJRGgdJ71BN1CYvG46SWTEXg2s+SMY/sVO+aLm6MTa0QVRZOVYIJns otVQ==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DZGSXJzU; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-174915-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-174915-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sv.mirrors.kernel.org (sv.mirrors.kernel.org. [2604:1380:45e3:2400::1]) by mx.google.com with ESMTPS id 98e67ed59e1d1-2b628eac8easi4241319a91.91.2024.05.09.13.32.47 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 09 May 2024 13:32:47 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-174915-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) client-ip=2604:1380:45e3:2400::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=DZGSXJzU; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-174915-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:45e3:2400::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-174915-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sv.mirrors.kernel.org (Postfix) with ESMTPS id 89AD7282135 for ; Thu, 9 May 2024 20:26:03 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 0FA3E14C5A0; Thu, 9 May 2024 20:04:09 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="DZGSXJzU" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 01463129A68; Thu, 9 May 2024 20:04:07 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715285048; cv=none; b=uSGKwvn6S9imxKizH773tmgI7wspkriEzWTdJM8zG8ZLIKTjgT+GY0zCJrshOyMe+8wj2jUkVFkAn6+YU8bTYK45Ap/eO8v1dvslJs/1hSLqlpTRuQPf4FZ6WpP3EGl2h4wxORzuAggNrxrm6t2I1PQGnJb0FSOddJNMXUfWDBA= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1715285048; c=relaxed/simple; bh=LTGAalsVHpHpS5kUBwPeinahoR1Fg29UOnSYLyQsWm8=; h=Mime-Version:Content-Type:Date:Message-Id:Cc:Subject:From:To; b=SOULK/eL/ey/A0KnWeYanYLp78y7mSQnpUhWbEwNFoPdiY+LrbWXhOcbw0cmlSicCtblYB+I1U/3bK0Tt3tswFfosMXtAa2UbUgaclEJTy1FQxR1eV7ELD1AShrZmyOFXXqxjoguHQDPpfMPIlEOc0V4AD/iEAemcN5RiTH1tRI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=DZGSXJzU; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id 1A8D2C3277B; Thu, 9 May 2024 20:04:05 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1715285047; bh=LTGAalsVHpHpS5kUBwPeinahoR1Fg29UOnSYLyQsWm8=; h=Date:Cc:Subject:From:To:From; b=DZGSXJzUlXWtqZ08KEc16seehl3da9D7WSUTOFxgddVb2emt334emFMc546tW77KV oF8RBgTkJ4wDQHiLvoIYMUBFuhnew1BjTqNRWDNlzBj18vT5uQxAi+WQfEavMz1DBz jXO68LqxOx5IsKZ8qlru4xzcpEt4hsquDZtutRm3gXJaO+RocvzARPyAchuzqR/4FB eWfGYdwMeW3v99Fs5JAoIGUsbZlg3eaG8UJX8c6+mpT1jtrdHhfAr9zml4QM6UJyoo oAo2VfHOqATgmLRn2xL76lSK1GP5ELBmx/NefeWWeWzenXaOnTAXYXDMUaU2ZU7BHf 6WBc1vNaVjkuw== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Thu, 09 May 2024 23:04:04 +0300 Message-Id: Cc: "Peter Huewe" , "Jason Gunthorpe" , "David Howells" , , , Subject: [GIT PULL] TPM DEVICE DRIVER: tpmdd-next-6.10-rc1 From: "Jarkko Sakkinen" To: "Linus Torvalds" X-Mailer: aerc 0.17.0 The following changes since commit 45db3ab70092637967967bfd8e6144017638563c= : Merge tag '6.9-rc7-ksmbd-fixes' of git://git.samba.org/ksmbd (2024-05-08 = 10:39:53 -0700) are available in the Git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd.git tags= /tpmdd-next-6.10-rc1 for you to fetch changes up to 1d479e3cd6520085832a6b432d521eeead2691ba: Documentation: tpm: Add TPM security docs toctree entry (2024-05-09 22:30= :52 +0300) ---------------------------------------------------------------- Hi, These are the changes for the TPM driver with a single major new feature: TPM bus encryption and integrity protection. The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. Other than the pull request a few minor fixes and documentation for tpm_tis to clarify basics of TPM localities for future patch review discussions (will be extended and refined over times, just a seed). [1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bo= ttomley@HansenPartnership.com/ BR, Jarkko ---------------------------------------------------------------- Ard Biesheuvel (1): crypto: lib - implement library version of AES in CFB mode Bagas Sanjaya (1): Documentation: tpm: Add TPM security docs toctree entry Colin Ian King (1): tpm/eventlog: remove redundant assignment to variabel ret James Bottomley (14): tpm: Move buffer handling from static inlines to real functions tpm: add buffer function to point to returned parameters tpm: export the context save and load commands tpm: Add NULL primary creation tpm: Add TCG mandated Key Derivation Functions (KDFs) tpm: Add HMAC session start and end functions tpm: Add HMAC session name/handle append tpm: Add the rest of the session HMAC API tpm: add hmac checks to tpm2_pcr_extend() tpm: add session encryption protection to tpm2_get_random() KEYS: trusted: Add session encryption protection to the seal/unseal p= ath tpm: add the null key name as a sysfs export Documentation: add tpm-security.rst tpm: disable the TPM if NULL name changes Jarkko Sakkinen (8): Documentation: tpm_tis tpm: Remove unused tpm_buf_tag() tpm: Remove tpm_send() tpm: Update struct tpm_buf documentation comments tpm: Store the length of the tpm_buf data separately. tpm: TPM2B formatted buffers tpm: Add tpm_buf_read_{u8,u16,u32} KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers Michael Haener (1): dt-bindings: tpm: Add st,st33ktpm2xi2c Niklas Schnelle (2): char: tpm: handle HAS_IOPORT dependencies char: tpm: Keep TPM_INF_IO_PORT define for HAS_IOPORT=3Dn .../devicetree/bindings/tpm/tcg,tpm-tis-i2c.yaml | 1 + Documentation/security/tpm/index.rst | 2 + Documentation/security/tpm/tpm-security.rst | 216 ++++ Documentation/security/tpm/tpm_tis.rst | 46 + drivers/char/tpm/Kconfig | 17 +- drivers/char/tpm/Makefile | 2 + drivers/char/tpm/eventlog/acpi.c | 1 - drivers/char/tpm/tpm-buf.c | 252 ++++ drivers/char/tpm/tpm-chip.c | 6 + drivers/char/tpm/tpm-interface.c | 26 +- drivers/char/tpm/tpm-sysfs.c | 18 + drivers/char/tpm/tpm.h | 14 + drivers/char/tpm/tpm2-cmd.c | 53 +- drivers/char/tpm/tpm2-sessions.c | 1286 ++++++++++++++++= ++++ drivers/char/tpm/tpm2-space.c | 11 +- drivers/char/tpm/tpm_infineon.c | 14 +- drivers/char/tpm/tpm_tis_core.c | 19 +- include/crypto/aes.h | 5 + include/keys/trusted_tpm.h | 2 - include/linux/tpm.h | 316 +++-- lib/crypto/Kconfig | 5 + lib/crypto/Makefile | 3 + lib/crypto/aescfb.c | 257 ++++ security/keys/trusted-keys/trusted_tpm1.c | 23 +- security/keys/trusted-keys/trusted_tpm2.c | 136 ++- 25 files changed, 2519 insertions(+), 212 deletions(-) create mode 100644 Documentation/security/tpm/tpm-security.rst create mode 100644 Documentation/security/tpm/tpm_tis.rst create mode 100644 drivers/char/tpm/tpm-buf.c create mode 100644 drivers/char/tpm/tpm2-sessions.c create mode 100644 lib/crypto/aescfb.c