Dear James Bottomley,
The following crash is observed in the current mainline kernel and I have tried the
git bisect to narrow it down. Bisect points to the below commit, which got merged as
part of [1]. I tried reverting the below commit and the TPM loads fine.
commit 1b6d7f9eb150305dcb0da4f7101a8d30dcdf0497
Author: James Bottomley <[email protected]>
Date: Mon Apr 29 16:28:07 2024 -0400
tpm: add session encryption protection to tpm2_get_random()
If some entity is snooping the TPM bus, they can see the random
numbers we're extracting from the TPM and do prediction attacks
against their consumers. Foil this attack by using response
encryption to prevent the attacker from seeing the random sequence.
Signed-off-by: James Bottomley <[email protected]>
Reviewed-by: Jarkko Sakkinen <[email protected]>
Tested-by: Jarkko Sakkinen <[email protected]>
Signed-off-by: Jarkko Sakkinen <[email protected]>
drivers/char/tpm/tpm2-cmd.c | 21 +++++++++++++++++----
1 file changed, 17 insertions(+), 4 deletions(-)
[ 11.551988] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
[ 11.563036] spi_master spi0: will run message pump with realtime priority
[ 11.564345] tpm tpm0: A TPM error (256) occurred attempting the self test
[ 11.576709] tpm tpm0: starting up the TPM manually
[ 11.576825] mcp251xfd spi0.0 can0: MCP2518FD rev0.0 (-RX_INT -PLL -MAB_NO_WARN +CRC_REG +CRC_RX +CRC_TX +ECC -HD o:40.00MHz c:40.00MHz m:10.00MHz rs:10.00MHz es:10.00MHz rf:10.00MHz ef:10.00MHz) successfully i
nitialized.
[ 12.418989] ------------[ cut here ]------------
[ 12.423626] WARNING: CPU: 3 PID: 173 at kernel/module/kmod.c:144 __request_module+0x1b0/0x298
[ 12.432169] Modules linked in: mcp251xfd tpm_tis_spi tpm_tis_core hantro_vpu can_dev v4l2_vp9 v4l2_h264 videobuf2_dma_contig etnaviv videobuf2_memops v4l2_mem2mem videobuf2_v4l2 gpu_sched videobuf2_common drm
videodev crct10dif_ce mc onboard_usb_hub imx8m_ddrc backlight fsl_imx8_ddr_perf tmp102 rtc_rv3028 caam spi_imx at24 rtc_snvs error imx8mm_thermal pwm_imx27 imx_sdma
[ 12.465135] CPU: 3 PID: 173 Comm: kworker/u16:7 Not tainted 6.9.0-gde8a0c1b43a5 #1
[ 12.472709] Hardware name: PHYTEC phyGATE-Tauri-L-iMX8MM (DT)
[ 12.478458] Workqueue: async async_run_entry_fn
[ 12.482996] pstate: 00000005 (nzcv daif -PAN -UAO -TCO -DIT -SSBS BTYPE=--)
[ 12.489964] pc : __request_module+0x1b0/0x298
[ 12.494326] lr : __request_module+0x1a8/0x298
[ 12.498694] sp : ffff800082a0b520
[ 12.502007] x29: ffff800082a0b520 x28: 00000000001b15d1 x27: ffff800081fef212
[ 12.509155] x26: 0000000000000000 x25: 0000000000000000 x24: 0000000000000000
[ 12.516303] x23: 000000000000200f x22: 0000000000000001 x21: ffff800080601d7c
[ 12.523449] x20: 0000000000000000 x19: ffff80008153a260 x18: 0000000000000014
[ 12.530593] x17: 00000000935207a2 x16: 00000000a4f4335b x15: 0000000098476eec
[ 12.537739] x14: 0000000000000001 x13: 0000000000000000 x12: 0000000000000000
[ 12.544885] x11: 000000006516c2bb x10: ffffffffff2949fe x9 : ffff8000800e3594
[ 12.552031] x8 : ffff800082a0b5c8 x7 : 0000000000000000 x6 : 0c0406065b07370f
[ 12.559175] x5 : 0f37075b0606040c x4 : 0000000000000000 x3 : 0000000000000030
[ 12.566322] x2 : 0000000000000008 x1 : ffff8000800e3468 x0 : 0000000000000001
[ 12.573473] Call trace:
[ 12.575921] __request_module+0x1b0/0x298
[ 12.579941] crypto_alg_mod_lookup+0x184/0x230
[ 12.584389] crypto_alloc_tfm_node+0x5c/0x110
[ 12.588751] crypto_alloc_shash+0x2c/0x40
[ 12.592768] drbg_init_hash_kernel+0x30/0xf0
[ 12.597046] drbg_kcapi_seed+0x218/0x3b0
[ 12.600975] crypto_rng_reset+0x8c/0xc8
[ 12.604821] crypto_get_default_rng+0xac/0xe8
[ 12.609186] ecc_gen_privkey+0x60/0xe0
[ 12.612938] ecdh_set_secret+0x98/0x1a0
[ 12.616779] tpm_buf_append_salt+0x198/0x308
[ 12.621055] tpm2_start_auth_session+0x11c/0x2d0
[ 12.625677] tpm2_get_random+0x58/0x230
[ 12.629521] tpm_get_random+0x7c/0xa0
[ 12.633193] tpm_hwrng_read+0x2c/0x40
[ 12.636862] add_early_randomness+0x70/0x128
[ 12.641137] hwrng_register+0x16c/0x220
[ 12.644978] tpm_chip_register+0x110/0x238
[ 12.649079] tpm_tis_core_init+0x494/0xf18 [tpm_tis_core]
[ 12.654488] tpm_tis_spi_probe+0xac/0xe8 [tpm_tis_spi]
[ 12.659639] tpm_tis_spi_driver_probe+0x3c/0x78 [tpm_tis_spi]
[ 12.665396] spi_probe+0x8c/0xf8
[ 12.668633] really_probe+0xc4/0x2a8
[ 12.672219] __driver_probe_device+0x80/0x140
[ 12.676582] driver_probe_device+0xe0/0x170
[ 12.680776] __driver_attach_async_helper+0x54/0xc8
[ 12.685663] async_run_entry_fn+0x3c/0xf0
[ 12.689677] process_one_work+0x160/0x3f0
[ 12.693695] worker_thread+0x304/0x420
[ 12.697449] kthread+0x11c/0x128
[ 12.700682] ret_from_fork+0x10/0x20
[ 12.704267] ---[ end trace 0000000000000000 ]---
[1]: https://patchwork.kernel.org/project/linux-integrity/list/?series=804628&state=*
--
Thanks,
Parthiban N
https://www.linumiz.com
On Sat May 18, 2024 at 2:21 PM EEST, Parthiban wrote:
> Dear James Bottomley,
>
> The following crash is observed in the current mainline kernel and I have tried the
> git bisect to narrow it down. Bisect points to the below commit, which got merged as
> part of [1]. I tried reverting the below commit and the TPM loads fine.
>
> commit 1b6d7f9eb150305dcb0da4f7101a8d30dcdf0497
> Author: James Bottomley <[email protected]>
> Date: Mon Apr 29 16:28:07 2024 -0400
>
> tpm: add session encryption protection to tpm2_get_random()
>
> If some entity is snooping the TPM bus, they can see the random
> numbers we're extracting from the TPM and do prediction attacks
> against their consumers. Foil this attack by using response
> encryption to prevent the attacker from seeing the random sequence.
>
> Signed-off-by: James Bottomley <[email protected]>
> Reviewed-by: Jarkko Sakkinen <[email protected]>
> Tested-by: Jarkko Sakkinen <[email protected]>
> Signed-off-by: Jarkko Sakkinen <[email protected]>
>
> drivers/char/tpm/tpm2-cmd.c | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> [ 11.551988] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
> [ 11.563036] spi_master spi0: will run message pump with realtime priority
Explanation and workaround: https://lore.kernel.org/linux-integrity/[email protected]/
James, this must be fixed by:
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index 7c0486e3199c..2d9e2c860ad9 100644
--- a/drivers/char/tpm/Kconfig
+++ b/drivers/char/tpm/Kconfig
@@ -34,7 +34,7 @@ if TCG_TPM
config TCG_TPM2_HMAC
bool "Use HMAC and encrypted transactions on the TPM bus"
- default y
+ default n
select CRYPTO_ECDH
select CRYPTO_LIB_AESCFB
select CRYPTO_LIB_SHA256
Distributors know how to enable this but given the high volumes of small
devices still with TPM, this trend needs to be cutted.
BR, Jarkko
BR, Jarkko
On Sat May 18, 2024 at 2:25 PM EEST, Jarkko Sakkinen wrote:
> On Sat May 18, 2024 at 2:21 PM EEST, Parthiban wrote:
> > Dear James Bottomley,
> >
> > The following crash is observed in the current mainline kernel and I have tried the
> > git bisect to narrow it down. Bisect points to the below commit, which got merged as
> > part of [1]. I tried reverting the below commit and the TPM loads fine.
> >
> > commit 1b6d7f9eb150305dcb0da4f7101a8d30dcdf0497
> > Author: James Bottomley <[email protected]>
> > Date: Mon Apr 29 16:28:07 2024 -0400
> >
> > tpm: add session encryption protection to tpm2_get_random()
> >
> > If some entity is snooping the TPM bus, they can see the random
> > numbers we're extracting from the TPM and do prediction attacks
> > against their consumers. Foil this attack by using response
> > encryption to prevent the attacker from seeing the random sequence.
> >
> > Signed-off-by: James Bottomley <[email protected]>
> > Reviewed-by: Jarkko Sakkinen <[email protected]>
> > Tested-by: Jarkko Sakkinen <[email protected]>
> > Signed-off-by: Jarkko Sakkinen <[email protected]>
> >
> > drivers/char/tpm/tpm2-cmd.c | 21 +++++++++++++++++----
> > 1 file changed, 17 insertions(+), 4 deletions(-)
> >
> > [ 11.551988] tpm_tis_spi spi0.1: 2.0 TPM (device-id 0x1B, rev-id 22)
> > [ 11.563036] spi_master spi0: will run message pump with realtime priority
>
>
> Explanation and workaround: https://lore.kernel.org/linux-integrity/[email protected]/
Oops completely wrong for this issue! Sorry I overlooked.
So fix is in progress for __request_module() issue. See this
discussion for reference:
https://lore.kernel.org/linux-integrity/119dc5ed-f159-41be-9dda-1a056f29888d@notapiano/
BR, Jarkko