Received: by 2002:ab2:6816:0:b0:1f9:5764:f03e with SMTP id t22csp3069027lqo;
        Tue, 21 May 2024 06:09:45 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCU32gBs59nfSoxEUD0+Xw3GwAl7Plt95mv4Oj/3JKLB+ez+9hYsISFfhbx6PxcUS5AsdCY8rm+iatGPd5Zp2fYID9f0IR9Hmf1v0GSV3w==
X-Google-Smtp-Source: AGHT+IG14Nl14WBAbUosE8UFjPA0RZSxKHRQzI+Ke+91plZ5giDUmUcveDEd8jh4d17nc1oH/FCv
X-Received: by 2002:a05:6808:1794:b0:3c9:6510:5908 with SMTP id 5614622812f47-3c99707221cmr42172287b6e.28.1716296985664;
        Tue, 21 May 2024 06:09:45 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1716296985; cv=pass;
        d=google.com; s=arc-20160816;
        b=aBHZOTRG6HFhgkNv7PlcMTYtO9TV39i+OvbKFUY4WnlqvQKPkdxNtRh0MH5m3EMoFb
         UbvI1dZ2rz1aS2QR8NV5/kivkoeqK7X0Kx39lZxCFiSwa0PRJHOOj8tBFLiUuyctYeyI
         sWNf9dE7JRBr/ILjgqSJI9BlTtj6BJOcKx/fmx95xt+5HP/u+eQtphWVnPW/8MbaG9PG
         z9SlQnCto6nmm+RqPx1n27JJKh7cTh0f2Z0MeZWXsM51iRF9D0sV8r4AXahcZUgrcTx7
         2kWNY2TGGi1hSkvc+nx+/cN2H8vzfkqraI41GguY1SR9KqPklRHTPXHYU8jZ+TjIGRQq
         DujQ==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=mChMu9nB5pEcsYCtzn5HO79z+rIUebdT/j8X/KBM1Qo=;
        fh=Ds29Y30ZkZoqNf3APAfVINJtwADQylddwk0VUPyKz0o=;
        b=axnj5J2htUPlQ8I49X4NEfMoCEqdLsK3aqPSVkcbwM9c2wt9bud/PrE8/4ppNokZMB
         LlJqeoLnzO5OsKehCf+2584bnRnw2YKkY1vTY+6j1P1u8akjNevhNjUtp0XURMJTtdbK
         nTOREwns42dl1Wn88/339sUVeaoJUhjUP1Lo2GYhdaaGHkKuRtkal9QFUM1KXz5VcsI1
         qKMz0ceOC9bqnggjajbN/LuZEcZFYfwf+6+AfbrOvtAkwSb9BIDKxovY+A5dczB0uBGh
         V23VdD+UA3HUXQJaQ7PF+yZwbrS/Zjbf/ozycRMdWoG4os6FqsqU9zGXBv0LJkhhQs0d
         QctQ==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bH5xBKK+;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-184996-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184996-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel+bounces-184996-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223])
        by mx.google.com with ESMTPS id d75a77b69052e-43e3a655fd3si7528151cf.807.2024.05.21.06.09.45
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 21 May 2024 06:09:45 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel+bounces-184996-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=k20201202 header.b=bH5xBKK+;
       arc=pass (i=1 dkim=pass dkdomain=kernel.org);
       spf=pass (google.com: domain of linux-kernel+bounces-184996-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-184996-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by ny.mirrors.kernel.org (Postfix) with ESMTPS id 5EC481C20844
	for <linux.lists.archive@gmail.com>; Tue, 21 May 2024 13:09:45 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 0D5D177F08;
	Tue, 21 May 2024 13:09:35 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b="bH5xBKK+"
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 2428E757F7;
	Tue, 21 May 2024 13:09:33 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1716296974; cv=none; b=DXBBopf29htgHSq4cgU0kUD1mlhBSBt8qKJrgwiIzuIKEO+ZofHJn6dMdaOVY1RaVO6aHZoeVy2kfGhn5hxFCGdelm7RdWk0tnHewR0YZ7yLjPftnIe4YFOg5K/sTkbO4ThiwUmfX+Twzdl0zwY1cWnBqvOUWAa/fOYN0gqWZk4=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1716296974; c=relaxed/simple;
	bh=pX4lnz4Ho0YAIupiqTKt1T4eoxbg1bfM27YVtkVjMfk=;
	h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=bbWmV400W2na8sg9MzNvMLE2RL8DCb3h8LlnukyTmoDCuGRIu9X6TyzYxu99/9OzUVsP821kdQyx06+pSF3AZ2RjKMF+NOYUdMqquI8uaIFCGkc1q5qjm3zqaPqiMXZNrvob7RkAGA1Z3qF/qCRIQBcYY9LNGHDRea1gG9E8aC4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=kernel.org header.i=@kernel.org header.b=bH5xBKK+; arc=none smtp.client-ip=10.30.226.201
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 2D545C2BD11;
	Tue, 21 May 2024 13:09:32 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1716296973;
	bh=pX4lnz4Ho0YAIupiqTKt1T4eoxbg1bfM27YVtkVjMfk=;
	h=From:To:Cc:Subject:Date:From;
	b=bH5xBKK+bAt0U0/m36L2l1OKfYOn/f5e5wTrhnBON8A4mJwpfMWh9Vf08p//Yd0Ib
	 Y1o/1+6u5Xif1+KmFK0QWaw/M3yW9aGUa/syO5FaqUfVSgRotQdmVkTtOFFrqLgJ0F
	 1XR6CdfAnT7cMXJ0vVsa1/6rUogZFh8DBsIhytDplCrAGT5mAHZcr9B/wu5DVzm3o1
	 6oekdRx4087LJXVl8xSZ6pb/0+j2zKWL6/C4GNmgex0bzl6oXrzlbxtiX29lWiPLT1
	 KeDA2AOSWloFqgZauV10MDp3qiBl4E+bf3W6DUDYJNwr3BLXu6w468IA12gc55D1CG
	 k4xtRvi058r9w==
From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-integrity@vger.kernel.org
Cc: keyrings@vger.kernel.org,
	James.Bottomley@HansenPartnership.com,
	Jarkko Sakkinen <jarkko@kernel.org>,
	Peter Huewe <peterhuewe@gmx.de>,
	Jason Gunthorpe <jgg@ziepe.ca>,
	Mimi Zohar <zohar@linux.ibm.com>,
	David Howells <dhowells@redhat.com>,
	Paul Moore <paul@paul-moore.com>,
	James Morris <jmorris@namei.org>,
	"Serge E. Hallyn" <serge@hallyn.com>,
	linux-kernel@vger.kernel.org,
	linux-security-module@vger.kernel.org
Subject: [PATCH] tpm: enable HMAC encryption for only x86-64 and aarch64
Date: Tue, 21 May 2024 16:09:20 +0300
Message-ID: <20240521130921.15028-1-jarkko@kernel.org>
X-Mailer: git-send-email 2.45.1
Precedence: bulk
X-Mailing-List: linux-kernel@vger.kernel.org
List-Id: <linux-kernel.vger.kernel.org>
List-Subscribe: <mailto:linux-kernel+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-kernel+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Let's be more conservative and enable HMAC by default only for the
platforms where it immediately makes sense, i.e. x86-64 and aarch64.
This can be relaxed later on, and obviously the kconfig option can be
set even if not default on a particular arch.

Cc: James Bottomley <James.Bottomley@HansenPartnership.com>
Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation")
Closes: https://lore.kernel.org/linux-integrity/D1FCAPJSYLTS.R9VC1CXDCIHH@kernel.org/
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
---
 drivers/char/tpm/Kconfig | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index e63a6a17793c..19e61dcfcbbe 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -29,7 +29,7 @@ if TCG_TPM
 
 config TCG_TPM2_HMAC
 	bool "Use HMAC and encrypted transactions on the TPM bus"
-	default y
+	default X86_64 || ARM64
 	select CRYPTO_ECDH
 	select CRYPTO_LIB_AESCFB
 	select CRYPTO_LIB_SHA256
-- 
2.45.1