Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp163835lqh;
        Thu, 30 May 2024 18:36:55 -0700 (PDT)
X-Forwarded-Encrypted: i=3; AJvYcCW3YcvrCZKyS9BQQ22ASODPwgqxJ+jPbOIvKn5wRpQ/W6HKDvJD386FYs57JSxcNCMBH/2m7fAvSIxrmtHoki17jcJT5rp4WbDY5Y5H1w==
X-Google-Smtp-Source: AGHT+IGJIkp9JqZ0fjE8I2CTbGHt3yBaGed4YPdH2I/FsiKRG5IDRIpe9pIMOMLgQz/MZ6vRRTUA
X-Received: by 2002:a19:c514:0:b0:52b:81de:111a with SMTP id 2adb3069b0e04-52b896e0c6emr120649e87.67.1717119415805;
        Thu, 30 May 2024 18:36:55 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1717119415; cv=pass;
        d=google.com; s=arc-20160816;
        b=kZiKtwf4dK4uS1Bt7fGMG0RbbTqH4DnhUtRiiM1Rry4bQ081XGBOD/35o18M9ESHm7
         PzqqfJhXXtNoCQ5C8pA8C5dGjUuxhMslgx1Px4j794tarAZCNhp4L1rF16x2ZVG4cL1t
         GEHKRYLbKybgbTvG01d58qUr1pctlE36rUs3yM7xUI0xYrOlODBBQW5eZQs/iX7YndO+
         tZ5npfbPik4GVxWbAMN5iBii3mzs7Bc9mFf+O8c6DwzwesU6eU/oXFKSHzYNl4eOwyNQ
         DA5BqEU21dEwW3pbnQRkUkwKmmkyhRSncrBQdjtvVElb8F6FNJJtvlnTmUuWFDpN4tcA
         q/Xg==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=content-transfer-encoding:mime-version:list-unsubscribe
         :list-subscribe:list-id:precedence:references:in-reply-to:message-id
         :date:subject:cc:to:from:dkim-signature;
        bh=6N4qQQrM8z8SHauW+PZ5K3kuBZffzbTKxPhp698XFwE=;
        fh=ksrYNUbdo9+K4DYOCXVji8cRdTI1C1SaRA8HdvQyCiA=;
        b=uWYgBYH8kBDe2UxYsLsMU0vSwfdaOy3ftKEZC6Oqq2s3SHAblGn906n/hdZoQJq0iD
         zXtzA2u7sY0rKwYoesLBC26hSLb0pKsjZMnvUTrvMosuuv5G6O9Tf695gvmMCouw9hId
         E3VkQ285wA8I0PjTVHCKD9+KpSvZVaLtWhnlnjx47JS7Djf5SBI5jqcUvymQ+4Kgb46Y
         2vl5jtNncV/Z7NgKJRydWlhczhdPGWBuos7DqT5+6Sxxj6MryY4vosaR76vjFjUNyLko
         megYip1kEGY0+J78RJxpPKRzjzdNx/CDc9EzmPDIDKPMvD9tWjNuZlyNi8tQz4YnlOje
         sZOA==;
        dara=google.com
ARC-Authentication-Results: i=2; mx.google.com;
       dkim=neutral (bad format) header.i=@oracle.com;
       arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com);
       spf=pass (google.com: domain of linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com
Return-Path: <linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org>
Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249])
        by mx.google.com with ESMTPS id a640c23a62f3a-a67e6f02950si34550966b.178.2024.05.30.18.36.55
        for <linux.lists.archive@gmail.com>
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 30 May 2024 18:36:55 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249;
Authentication-Results: mx.google.com;
       dkim=neutral (bad format) header.i=@oracle.com;
       arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com);
       spf=pass (google.com: domain of linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org";
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com
Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by am.mirrors.kernel.org (Postfix) with ESMTPS id 831681F25477
	for <linux.lists.archive@gmail.com>; Fri, 31 May 2024 01:36:55 +0000 (UTC)
Received: from localhost.localdomain (localhost.localdomain [127.0.0.1])
	by smtp.subspace.kernel.org (Postfix) with ESMTP id 5A1D17B3E5;
	Fri, 31 May 2024 01:33:07 +0000 (UTC)
X-Original-To: linux-crypto@vger.kernel.org
Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id A732474E3D;
	Fri, 31 May 2024 01:33:04 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1717119187; cv=none; b=f1Xm3iuUUzrKlWUNPCPsl3OpyYSqz0/oe1xFtFaiSzsROJYt34RPX2SHWDt5kjKjtmtaz/6b1V1SXJeScVsHBXf3WehoH1QgNvm6wmjpMp+Mg+Kkq7Nv1zmkQOBuD4gk1kvfzB0V2pWxWbBIamcuZnA1CUEo7BjSElYmYsWePcY=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1717119187; c=relaxed/simple;
	bh=3L96u0YINL/lZYh+ApfhJWt20fUZmuR5yChPKmCF2Gk=;
	h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References:
	 MIME-Version; b=fNCCGMpssiNE99/7IaFiJcEImdqxydFQDjNdpBxUQUWuO0mQMlKIkdU+ajGcx3+49idILaPXxiRbbfkI72Ook437qe7Krdd8E2SQG33DOQuK3G2v0bkez72DEofP1SapOgF7DfL0phdWNo3zXQpRQzzELmwKCgCE2hhV6EPNsr4=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; arc=none smtp.client-ip=205.220.177.32
Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com
Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com
Received: from pps.filterd (m0246630.ppops.net [127.0.0.1])
	by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44UFYmrl018596;
	Fri, 31 May 2024 01:31:23 GMT
DKIM-Signature: =?UTF-8?Q?v=3D1;_a=3Drsa-sha256;_c=3Drelaxed/relaxed;_d=3Doracle.com;_h?=
 =?UTF-8?Q?=3Dcc:content-transfer-encoding:date:from:in-reply-to:message-i?=
 =?UTF-8?Q?d:mime-version:references:subject:to;_s=3Dcorp-2023-11-20;_bh?=
 =?UTF-8?Q?=3D6N4qQQrM8z8SHauW+PZ5K3kuBZffzbTKxPhp698XFwE=3D;_b=3DLefFjjHJ?=
 =?UTF-8?Q?q2G+9tOxIyYEIG1+Ltd4hNAjXfNoCCjYijKAsy4XQsReKXzv/8p7iCHxgPGi_t+?=
 =?UTF-8?Q?hFu+SAZd3KWRDknRvDQ3IUGEyLhOr5KqoBorPhFuVPMqb4ySpOpcmnzBHtSWWzP?=
 =?UTF-8?Q?xNo_lP1n8hj7ieOl1Eoxjcx1gHhoy+8bQ9tI/lRwW469plxj6T1kyWW8looTHYf?=
 =?UTF-8?Q?dCkS0i4eJ_sbthiT2uHyRUhpUXa5t8BqQwYaUahH2sgF2xT4r8Jcwq9iBasG3YE?=
 =?UTF-8?Q?zbh93PrLUvZE8AW_xlNRJ36icYAaS3KComEsfTnp/jKN/1ElShuOIkwuGhTQJdP?=
 =?UTF-8?Q?XErVVb2nKoGProqraK6Ot_QQ=3D=3D_?=
Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232])
	by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3yb8j8a3eg-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK);
	Fri, 31 May 2024 01:31:23 +0000
Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
	by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 44UMoRAT016364;
	Fri, 31 May 2024 01:31:22 GMT
Received: from pps.reinject (localhost [127.0.0.1])
	by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t981m-1
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
	Fri, 31 May 2024 01:31:22 +0000
Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
	by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 44V1SKNg027418;
	Fri, 31 May 2024 01:31:21 GMT
Received: from bur-virt-x6-2-100.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40])
	by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t96yw-15
	(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
	Fri, 31 May 2024 01:31:21 +0000
From: Ross Philipson <ross.philipson@oracle.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
        linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
        linux-crypto@vger.kernel.org, kexec@lists.infradead.org,
        linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org
Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com,
        tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
        dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org,
        James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de,
        jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net,
        nivedita@alum.mit.edu, herbert@gondor.apana.org.au,
        davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com,
        dwmw2@infradead.org, baolu.lu@linux.intel.com,
        kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com,
        trenchboot-devel@googlegroups.com
Subject: [PATCH v9 14/19] tpm: Ensure tpm is in known state at startup
Date: Thu, 30 May 2024 18:03:26 -0700
Message-Id: <20240531010331.134441-15-ross.philipson@oracle.com>
X-Mailer: git-send-email 2.39.3
In-Reply-To: <20240531010331.134441-1-ross.philipson@oracle.com>
References: <20240531010331.134441-1-ross.philipson@oracle.com>
Precedence: bulk
X-Mailing-List: linux-crypto@vger.kernel.org
List-Id: <linux-crypto.vger.kernel.org>
List-Subscribe: <mailto:linux-crypto+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:linux-crypto+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Proofpoint-Virus-Version: vendor=baseguard
 engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16
 definitions=2024-05-30_21,2024-05-30_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=0
 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0
 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000
 definitions=main-2405310010
X-Proofpoint-ORIG-GUID: yneutNHgvFRMYyzThQzJpk-4OSnQW4h3
X-Proofpoint-GUID: yneutNHgvFRMYyzThQzJpk-4OSnQW4h3

From: "Daniel P. Smith" <dpsmith@apertussolutions.com>

When tis core initializes, it assumes all localities are closed. There
are cases when this may not be the case. This commit addresses this by
ensuring all localities are closed before initializing begins.

Signed-off-by: Daniel P. Smith <dpsmith@apertussolutions.com>
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
 drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++-
 include/linux/tpm.h             |  6 ++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c
index 7c1761bd6000..9fb53bb3e73f 100644
--- a/drivers/char/tpm/tpm_tis_core.c
+++ b/drivers/char/tpm/tpm_tis_core.c
@@ -1104,7 +1104,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
 	u32 intmask;
 	u32 clkrun_val;
 	u8 rid;
-	int rc, probe;
+	int rc, probe, i;
 	struct tpm_chip *chip;
 
 	chip = tpmm_chip_alloc(dev, &tpm_tis);
@@ -1166,6 +1166,15 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq,
 		goto out_err;
 	}
 
+	/*
+	 * There are environments, like Intel TXT, that may leave a TPM
+	 * locality open. Close all localities to start from a known state.
+	 */
+	for (i = 0; i <= TPM_MAX_LOCALITY; i++) {
+		if (check_locality(chip, i))
+			tpm_tis_relinquish_locality(chip, i);
+	}
+
 	/* Take control of the TPM's interrupt hardware and shut it off */
 	rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask);
 	if (rc < 0)
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index c17e4efbb2e5..363f7078c3a9 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -147,6 +147,12 @@ struct tpm_chip_seqops {
  */
 #define TPM2_MAX_CONTEXT_SIZE 4096
 
+/*
+ * The maximum locality (0 - 4) for a TPM, as defined in section 3.2 of the
+ * Client Platform Profile Specification.
+ */
+#define TPM_MAX_LOCALITY		4
+
 struct tpm_chip {
 	struct device dev;
 	struct device devs;
-- 
2.39.3