Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp1461307lqo; Sat, 18 May 2024 04:25:40 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW9VhY5NOa/1L7vGU58qF+CH2O9tMay11bPCxs8Hq+gcg9SydzjCbmgWZQTe+ialDfHJ3N0v90Vn1AgzgwnXA7oRHL1es53JHdD1/mMyg== X-Google-Smtp-Source: AGHT+IEmFMqWD9WkikAhhiMf/f883gIvcEPCYw1uXTcD+1w3c89tg6kSqtrZMZXuLHlDG14PYaQC X-Received: by 2002:a05:6a20:f38f:b0:1aa:a6cc:39c5 with SMTP id adf61e73a8af0-1afde0824f6mr29833545637.7.1716031540087; Sat, 18 May 2024 04:25:40 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1716031540; cv=pass; d=google.com; s=arc-20160816; b=TJyREt26os0QF032laNLXoDx2OcXNwx+QoJFrb7a8yj3fJEL1cGc4S2n0SfH2ab/E0 HNrJ3dB6Od4HdEyi/I0oWjQ7YNYwYqOxiSzVP1XEpAHSdPlOJzwoJJgzE36niCZWr4JT Ck5pF5RMu9IESIgwYw7Z8zKEwbdsIWNyZUMos406lqr31vK1nj6ct/ZLJuue8Gd4U/JX CkcpWr7iZSSOf5CjSDBPaKa1y82pTvzK3nwFmaCGSzwmrmcE9pyqlqA5uinJz0/TaOW3 IOPo1jPXNXGor+59RU6LWhM80Kkf0KinHYky8Ummeon1c5kou4nlXtpNM72bpgt3C47r cjRA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=in-reply-to:references:cc:to:from:subject:message-id:date :content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:dkim-signature; bh=3+l4VCcZQFdUSkFptrUL3kaWc7ozmEN55K5SIu+PS4g=; fh=62DZrx1MmKXugIKaojrFHrlCGjgJQ72aOpmufTmuZHY=; b=fBtQzo7aV2nb1lUi7Tj8e1hOeoSMvog333/A8xammaWN/hlVcpfRpCkCFQBFy/nNk8 20q8tIbOHrjlXaPUTwdxuY2TnRHoxK+ix86yjs/g6bE9pX6L5UvX718qgVLpBlf6Rieq OGOFS4zGTa9GWgiInArIl6KHHvvLfIR3+bFuOpG1W6pEzQpMrt1aXcoxZ2vkNkBjcpAq HatF3+Ah2I3/+OPBmYLFhdQ/eUSxv0+9TSwcUWWVhSFfkTLQa4j8PRQTSpJHUzNICSXI PxcYw+ijeGmp0O7l3HDvmN9SPjHbrvcI3kG3EPkrKxhaa6vKVlG20paCB7s1fA0bgZfC 46FA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k9XAntuF; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-182828-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182828-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from sy.mirrors.kernel.org (sy.mirrors.kernel.org. [2604:1380:40f1:3f00::1]) by mx.google.com with ESMTPS id 41be03b00d2f7-66597da1493si829971a12.695.2024.05.18.04.25.39 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 18 May 2024 04:25:40 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-182828-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) client-ip=2604:1380:40f1:3f00::1; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=k20201202 header.b=k9XAntuF; arc=pass (i=1 dkim=pass dkdomain=kernel.org); spf=pass (google.com: domain of linux-kernel+bounces-182828-linux.lists.archive=gmail.com@vger.kernel.org designates 2604:1380:40f1:3f00::1 as permitted sender) smtp.mailfrom="linux-kernel+bounces-182828-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by sy.mirrors.kernel.org (Postfix) with ESMTPS id 11156B2158F for ; Sat, 18 May 2024 11:25:35 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 74DDB28387; Sat, 18 May 2024 11:25:28 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="k9XAntuF" Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 99D30208A8; Sat, 18 May 2024 11:25:27 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716031527; cv=none; b=dfl5Y6gNa4t1EHps7rgjOtSIQ3zCJJ2GNhMDHB9ffg98tySBcW6hhQcSjEd6EJ014OD1TUaLkdwQpovPCsQUcod2Ko1hU3QktpeFSg7ocYlS35Kyt32Iaj/aL3rjB5AvSCfocXb2U6KRfXgVh91J31w94xdNw8etc952UZV33Lw= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1716031527; c=relaxed/simple; bh=5FqV7Cj2SOxaN5+kcEyKDYHvv+SB1LEIMZasSmT2cHo=; h=Mime-Version:Content-Type:Date:Message-Id:Subject:From:To:Cc: References:In-Reply-To; b=aDwhWNsFqIE75oypL+rpZMc0Z/biOu15+BEd+gUpMdAMD5Z/yGuL4m4X1gu10E8K6ma0WsPHYEWlikmdYRS8L4i9vB5P+HiOSlqicyk78E2x4gAYN2tp6rHVtOcmFN51PWwwIMisP7YC+jL7mSpVR+L8udcGXwIuu+kBWaj3NzI= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=k9XAntuF; arc=none smtp.client-ip=10.30.226.201 Received: by smtp.kernel.org (Postfix) with ESMTPSA id CCED9C113CC; Sat, 18 May 2024 11:25:25 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1716031527; bh=5FqV7Cj2SOxaN5+kcEyKDYHvv+SB1LEIMZasSmT2cHo=; h=Date:Subject:From:To:Cc:References:In-Reply-To:From; b=k9XAntuFqR//FvKAziOJHKT0riUxnVEN6nquFzWsv2Ir+JmITjV6htNabMhPrdb0r xHcXsIGm9vM+uBh3aedee0w213x6LIzy0DJNUEpqwIg4Z+f75nxrK5LiSX2EGJkgEk 64cvmVrwk2YksCCskfsYL4t5bfaDt4yvfbOcERGH5gS3FYhWxz0UpwVt9dkqmEYu7T eVjpoaH1ZctsxN+1+TByuLfGUpyp4syBp6haiuv8YPaKbtiSuJTX4uNv1lZbhHsLVj +B6vanavwnA3AGVFkSWR9VRSj6dbvAr/fOGEgZR0W+CkyP54Z3hRqXIF8WpwcPXjGr 4FhKEmfeP6NmA== Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=UTF-8 Date: Sat, 18 May 2024 14:25:24 +0300 Message-Id: Subject: Re: SLB9670 TPM module crash From: "Jarkko Sakkinen" To: "Parthiban" , Cc: , , , X-Mailer: aerc 0.17.0 References: <7955419c-ccc2-4a20-8ff5-07b119258415@linumiz.com> In-Reply-To: <7955419c-ccc2-4a20-8ff5-07b119258415@linumiz.com> On Sat May 18, 2024 at 2:21 PM EEST, Parthiban wrote: > Dear James Bottomley, > > The following crash is observed in the current mainline kernel and I have= tried the > git bisect to narrow it down. Bisect points to the below commit, which go= t merged as > part of [1]. I tried reverting the below commit and the TPM loads fine. > > commit 1b6d7f9eb150305dcb0da4f7101a8d30dcdf0497 > Author: James Bottomley > Date: Mon Apr 29 16:28:07 2024 -0400 > > tpm: add session encryption protection to tpm2_get_random() > =20 > If some entity is snooping the TPM bus, they can see the random > numbers we're extracting from the TPM and do prediction attacks > against their consumers. Foil this attack by using response > encryption to prevent the attacker from seeing the random sequence. > =20 > Signed-off-by: James Bottomley > Reviewed-by: Jarkko Sakkinen > Tested-by: Jarkko Sakkinen > Signed-off-by: Jarkko Sakkinen > > drivers/char/tpm/tpm2-cmd.c | 21 +++++++++++++++++---- > 1 file changed, 17 insertions(+), 4 deletions(-) > > [ 11.551988] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22) > [ 11.563036] spi_master spi0: will run message pump with realtime prior= ity Explanation and workaround: https://lore.kernel.org/linux-integrity/D1C1KL7= Q27P9.39BH0Z4EMBBUG@kernel.org/ James, this must be fixed by: diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 7c0486e3199c..2d9e2c860ad9 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -34,7 +34,7 @@ if TCG_TPM config TCG_TPM2_HMAC bool "Use HMAC and encrypted transactions on the TPM bus" - default y + default n select CRYPTO_ECDH select CRYPTO_LIB_AESCFB select CRYPTO_LIB_SHA256 Distributors know how to enable this but given the high volumes of small devices still with TPM, this trend needs to be cutted. BR, Jarkko BR, Jarkko