Received-SPF: pass (google.com: domain of linux-crypto-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
From:   Ross Philipson <ross.philipson@oracle.com>
To:     linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
        linux-crypto@vger.kernel.org, kexec@lists.infradead.org
Cc:     iommu@lists.linux-foundation.org, ross.philipson@oracle.com,
        dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com,
        bp@alien8.de, hpa@zytor.com, luto@amacapital.net,
        nivedita@alum.mit.edu, kanth.ghatraju@oracle.com,
        trenchboot-devel@googlegroups.com
Subject: [PATCH v5 12/12] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch
Date:   Wed, 16 Feb 2022 22:54:45 -0500
Message-Id: <1645070085-14255-13-git-send-email-ross.philipson@oracle.com>
In-Reply-To: <1645070085-14255-1-git-send-email-ross.philipson@oracle.com>
References: <1645070085-14255-1-git-send-email-ross.philipson@oracle.com>
Content-Type: text/plain
MIME-Version: 1.0
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: =?us-ascii?Q?76VNjF6L/3b+PAxdmnC6YuEyE+MeHY3bAp5H18nRzyp5R4XqqpSvPHaaZHSP?=
 =?us-ascii?Q?r+xwHnDFWKiJKZbtOI3zu1u5DQwMKGeU9wYQtRC6m6oa4bbuhxEPRISnj+E1?=
 =?us-ascii?Q?nmRAGDtdEFlMbL8OQHNIetpCsbdCqQnSgNQfmzK2JvuCrx4/Aa248ZCtuxeX?=
 =?us-ascii?Q?/oFos9Ywcy4/p09oSRZTiqw9p+t0JrD9vb/ZvQydKuCHEhWjrHjo1O+QwS4q?=
 =?us-ascii?Q?NJERrTNHFGtueo7ppOfELApy9VbNV/NnFumkhRcN9ST79mWctvtYQzPYoYCW?=
 =?us-ascii?Q?6ozR4ciJ4Vk2XCx9wBsUrmqaLYsvl65zHWKwqf6AtbhOxtxTMxY3EhmXrnKC?=
 =?us-ascii?Q?yUgaSmb1bmeK3o/8oJ4tREgj/RKYRlTkFYmW4Amw8leqj1vo1hAt0Xrb5pBU?=
 =?us-ascii?Q?13zFLoHPDVj4cNaq0GTAQVTp3rz1hYKohsfJRsdykt4n+4wpsoKFBE7H1YBJ?=
 =?us-ascii?Q?5NOXMK+U4CzRKa/7RmCd9UHlXN0CTitqdlncpEfgpzShvfBddfvQTSRoSYcy?=
 =?us-ascii?Q?kniaV8LDrIQyVhoUE8UCAy9klqEgnGKwrNmciBfv6zC9m05Y3bVL0gJmY163?=
 =?us-ascii?Q?cwUfi9nJohg7tvnHFjcmDaJ4Z3Ul4CWD//BpV7ZkurZrMwup9GCn1SSM0jES?=
 =?us-ascii?Q?4OWG3WuDbNGuo1ENLJgPQ/udXiJCgCa+RZzuvDsdjhOHE9JH9Qw149kU/C9A?=
 =?us-ascii?Q?M6+UU7onQvQMN1lFPPpn6US53iWyGcsPnrEUP2NhIS3xKsH66JwnLGdiaJRx?=
 =?us-ascii?Q?ll/hpkT06uHQsrN39XUhenD54STIc2g0Gc3Nld3IHzYfOPX3nAqKnJ5WhR4s?=
 =?us-ascii?Q?hzBb5B1WKTpatfzXDJ0UF4sdVj1ibOp5Fel2Rpv+tgcsCPsMWtPAKqufOVQN?=
 =?us-ascii?Q?xlrZv2iuHa/QJkLtEiCf4fUgJXyqrqs8gAU8aeqMsTaMF8bKjgk2Er4RzGBE?=
 =?us-ascii?Q?0lgMsFHNgrI8TfLlqRt24ZV74BM9CFpXco+bKgAHtEXHBBT1IDr4vlk29SSn?=
 =?us-ascii?Q?2bLiuktpjTwwSrrrjKIaikRTH5hKxTt7vIiTo6Q3h8zOgFOJ5MAqJ3RbdkIH?=
 =?us-ascii?Q?RMxAdu5oHu7evUp1JXKVQMuERVpbin3B3eojo1OBjFDGY/gLmu/9HIblYMoj?=
 =?us-ascii?Q?CgeinfpToOYoTVaWXS9BR8LI+9VWOToAPhm482YJO6P5rvev5aRuxcA6zM56?=
 =?us-ascii?Q?rKRxJCitVe5GkE92pePpdoDuxR6fAzZvxj25A26I7j3SXrItUeZg+0394cqA?=
 =?us-ascii?Q?F4Dh66FrI3RZqHv2omh8rB92gKtxQmutsnbKLj7IvGMXla3+uZ2K66K3qne7?=
 =?us-ascii?Q?q1rMSUzv+fQkWh+yk+KGU8QOjnQjqO9gON/z6k33mstMJRPP2fJ59BqwwUTe?=
 =?us-ascii?Q?6b+MrJ+k0RjYVxpZ2KkIiMxCNHTgxvnn3WGmuNa7LoHJxdJYRlgLrxkkytqP?=
 =?us-ascii?Q?hr0t9jtEpM6Lg6NgvUCZvnQ7a3tL9JMHXbwXKF3ODTiU3jcY6PGPwPA/b5XR?=
 =?us-ascii?Q?atoVBuBWN6sWEdsXndH+2zRWAKZqi/KpiC8+e1ITDpv9NxdqoVnJMGTFSXq1?=
 =?us-ascii?Q?9HfcuYqKRkPb3Q+NbF2Z2x2u5jg+7qaYsKX3Az1OOJ5GzPeHvuuZsQfUPSAT?=
 =?us-ascii?Q?vho45RwJ66zGFg3GLFC6YIQLv5zUIwbiR77z9i0xAI21Ys7016Z+wOWwFm4o?=
 =?us-ascii?Q?37AuzIZsn2e4Npf7EW+K6BPY71s=3D?=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 3e388292-268e-4f22-dda7-08d9f2f78173
X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB3793.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Feb 2022 15:58:29.4833
 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: eQtLTn2tLPxo3S8cuucfEa4UxvfUbczj+NDjYHdMfj/7o7QOMDLmelXeUBXrZhkHaDFm8UHXHfUVCGTNRmMefQ7TmMg9R6blmRuoVgq9p8Q=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR10MB4226
X-Proofpoint-Virus-Version: vendor=nai engine=6300 definitions=10261 signatures=677564
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0 phishscore=0 adultscore=0
 mlxlogscore=999 mlxscore=0 suspectscore=0 spamscore=0 malwarescore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2201110000
 definitions=main-2202180103
X-Proofpoint-ORIG-GUID: zjnLAhKLtd6kD73OB8VjyPoZhpLyuqPG
X-Proofpoint-GUID: zjnLAhKLtd6kD73OB8VjyPoZhpLyuqPG
X-Spam-Status: No, score=-1.5 required=5.0 tests=BAYES_00,DATE_IN_PAST_24_48,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
        RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE,
        T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-crypto.vger.kernel.org>
X-Mailing-List: linux-crypto@vger.kernel.org

The Secure Launch MLE environment uses PCRs that are only accessible from
the DRTM locality 2. By default the TPM drivers always initialize the
locality to 0. When a Secure Launch is in progress, initialize the
locality to 2.

Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
 drivers/char/tpm/tpm-chip.c | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c
index b009e74..7b8d4bb 100644
--- a/drivers/char/tpm/tpm-chip.c
+++ b/drivers/char/tpm/tpm-chip.c
@@ -23,6 +23,7 @@
 #include <linux/major.h>
 #include <linux/tpm_eventlog.h>
 #include <linux/hw_random.h>
+#include <linux/slaunch.h>
 #include "tpm.h"
 
 DEFINE_IDR(dev_nums_idr);
@@ -34,12 +35,18 @@
 
 static int tpm_request_locality(struct tpm_chip *chip)
 {
+	int locality;
 	int rc;
 
 	if (!chip->ops->request_locality)
 		return 0;
 
-	rc = chip->ops->request_locality(chip, 0);
+	if (slaunch_get_flags() & SL_FLAG_ACTIVE)
+		locality = 2;
+	else
+		locality = 0;
+
+	rc = chip->ops->request_locality(chip, locality);
 	if (rc < 0)
 		return rc;
 
-- 
1.8.3.1