Received: by 2002:a05:6500:2018:b0:1fb:9675:f89d with SMTP id t24csp163835lqh; Thu, 30 May 2024 18:36:55 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCW3YcvrCZKyS9BQQ22ASODPwgqxJ+jPbOIvKn5wRpQ/W6HKDvJD386FYs57JSxcNCMBH/2m7fAvSIxrmtHoki17jcJT5rp4WbDY5Y5H1w== X-Google-Smtp-Source: AGHT+IGJIkp9JqZ0fjE8I2CTbGHt3yBaGed4YPdH2I/FsiKRG5IDRIpe9pIMOMLgQz/MZ6vRRTUA X-Received: by 2002:a19:c514:0:b0:52b:81de:111a with SMTP id 2adb3069b0e04-52b896e0c6emr120649e87.67.1717119415805; Thu, 30 May 2024 18:36:55 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717119415; cv=pass; d=google.com; s=arc-20160816; b=kZiKtwf4dK4uS1Bt7fGMG0RbbTqH4DnhUtRiiM1Rry4bQ081XGBOD/35o18M9ESHm7 PzqqfJhXXtNoCQ5C8pA8C5dGjUuxhMslgx1Px4j794tarAZCNhp4L1rF16x2ZVG4cL1t GEHKRYLbKybgbTvG01d58qUr1pctlE36rUs3yM7xUI0xYrOlODBBQW5eZQs/iX7YndO+ tZ5npfbPik4GVxWbAMN5iBii3mzs7Bc9mFf+O8c6DwzwesU6eU/oXFKSHzYNl4eOwyNQ DA5BqEU21dEwW3pbnQRkUkwKmmkyhRSncrBQdjtvVElb8F6FNJJtvlnTmUuWFDpN4tcA q/Xg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:references:in-reply-to:message-id :date:subject:cc:to:from:dkim-signature; bh=6N4qQQrM8z8SHauW+PZ5K3kuBZffzbTKxPhp698XFwE=; fh=ksrYNUbdo9+K4DYOCXVji8cRdTI1C1SaRA8HdvQyCiA=; b=uWYgBYH8kBDe2UxYsLsMU0vSwfdaOy3ftKEZC6Oqq2s3SHAblGn906n/hdZoQJq0iD zXtzA2u7sY0rKwYoesLBC26hSLb0pKsjZMnvUTrvMosuuv5G6O9Tf695gvmMCouw9hId E3VkQ285wA8I0PjTVHCKD9+KpSvZVaLtWhnlnjx47JS7Djf5SBI5jqcUvymQ+4Kgb46Y 2vl5jtNncV/Z7NgKJRydWlhczhdPGWBuos7DqT5+6Sxxj6MryY4vosaR76vjFjUNyLko megYip1kEGY0+J78RJxpPKRzjzdNx/CDc9EzmPDIDKPMvD9tWjNuZlyNi8tQz4YnlOje sZOA==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=neutral (bad format) header.i=@oracle.com; arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com Return-Path: Received: from am.mirrors.kernel.org (am.mirrors.kernel.org. [147.75.80.249]) by mx.google.com with ESMTPS id a640c23a62f3a-a67e6f02950si34550966b.178.2024.05.30.18.36.55 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 30 May 2024 18:36:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) client-ip=147.75.80.249; Authentication-Results: mx.google.com; dkim=neutral (bad format) header.i=@oracle.com; arc=pass (i=1 spf=pass spfdomain=oracle.com dmarc=pass fromdomain=oracle.com); spf=pass (google.com: domain of linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.80.249 as permitted sender) smtp.mailfrom="linux-crypto+bounces-4561-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=oracle.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by am.mirrors.kernel.org (Postfix) with ESMTPS id 831681F25477 for ; Fri, 31 May 2024 01:36:55 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 5A1D17B3E5; Fri, 31 May 2024 01:33:07 +0000 (UTC) X-Original-To: linux-crypto@vger.kernel.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id A732474E3D; Fri, 31 May 2024 01:33:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119187; cv=none; b=f1Xm3iuUUzrKlWUNPCPsl3OpyYSqz0/oe1xFtFaiSzsROJYt34RPX2SHWDt5kjKjtmtaz/6b1V1SXJeScVsHBXf3WehoH1QgNvm6wmjpMp+Mg+Kkq7Nv1zmkQOBuD4gk1kvfzB0V2pWxWbBIamcuZnA1CUEo7BjSElYmYsWePcY= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717119187; c=relaxed/simple; bh=3L96u0YINL/lZYh+ApfhJWt20fUZmuR5yChPKmCF2Gk=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=fNCCGMpssiNE99/7IaFiJcEImdqxydFQDjNdpBxUQUWuO0mQMlKIkdU+ajGcx3+49idILaPXxiRbbfkI72Ook437qe7Krdd8E2SQG33DOQuK3G2v0bkez72DEofP1SapOgF7DfL0phdWNo3zXQpRQzzELmwKCgCE2hhV6EPNsr4= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=quarantine dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 44UFYmrl018596; Fri, 31 May 2024 01:31:23 GMT DKIM-Signature: =?UTF-8?Q?v=3D1;_a=3Drsa-sha256;_c=3Drelaxed/relaxed;_d=3Doracle.com;_h?= =?UTF-8?Q?=3Dcc:content-transfer-encoding:date:from:in-reply-to:message-i?= =?UTF-8?Q?d:mime-version:references:subject:to;_s=3Dcorp-2023-11-20;_bh?= =?UTF-8?Q?=3D6N4qQQrM8z8SHauW+PZ5K3kuBZffzbTKxPhp698XFwE=3D;_b=3DLefFjjHJ?= =?UTF-8?Q?q2G+9tOxIyYEIG1+Ltd4hNAjXfNoCCjYijKAsy4XQsReKXzv/8p7iCHxgPGi_t+?= =?UTF-8?Q?hFu+SAZd3KWRDknRvDQ3IUGEyLhOr5KqoBorPhFuVPMqb4ySpOpcmnzBHtSWWzP?= =?UTF-8?Q?xNo_lP1n8hj7ieOl1Eoxjcx1gHhoy+8bQ9tI/lRwW469plxj6T1kyWW8looTHYf?= =?UTF-8?Q?dCkS0i4eJ_sbthiT2uHyRUhpUXa5t8BqQwYaUahH2sgF2xT4r8Jcwq9iBasG3YE?= =?UTF-8?Q?zbh93PrLUvZE8AW_xlNRJ36icYAaS3KComEsfTnp/jKN/1ElShuOIkwuGhTQJdP?= =?UTF-8?Q?XErVVb2nKoGProqraK6Ot_QQ=3D=3D_?= Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.appoci.oracle.com [147.154.114.232]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3yb8j8a3eg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 31 May 2024 01:31:23 +0000 Received: from pps.filterd (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 44UMoRAT016364; Fri, 31 May 2024 01:31:22 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t981m-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:31:22 +0000 Received: from phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 44V1SKNg027418; Fri, 31 May 2024 01:31:21 GMT Received: from bur-virt-x6-2-100.us.oracle.com (bur-virt-x6-2-100.us.oracle.com [10.153.92.40]) by phxpaimrmta02.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 3yc50t96yw-15 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 31 May 2024 01:31:21 +0000 From: Ross Philipson To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org, iommu@lists.linux-foundation.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, dave.hansen@linux.intel.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, peterhuewe@gmx.de, jarkko@kernel.org, jgg@ziepe.ca, luto@amacapital.net, nivedita@alum.mit.edu, herbert@gondor.apana.org.au, davem@davemloft.net, corbet@lwn.net, ebiederm@xmission.com, dwmw2@infradead.org, baolu.lu@linux.intel.com, kanth.ghatraju@oracle.com, andrew.cooper3@citrix.com, trenchboot-devel@googlegroups.com Subject: [PATCH v9 14/19] tpm: Ensure tpm is in known state at startup Date: Thu, 30 May 2024 18:03:26 -0700 Message-Id: <20240531010331.134441-15-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20240531010331.134441-1-ross.philipson@oracle.com> References: <20240531010331.134441-1-ross.philipson@oracle.com> Precedence: bulk X-Mailing-List: linux-crypto@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.650,FMLib:17.12.28.16 definitions=2024-05-30_21,2024-05-30_01,2024-05-17_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 suspectscore=0 adultscore=0 phishscore=0 malwarescore=0 mlxlogscore=999 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2405010000 definitions=main-2405310010 X-Proofpoint-ORIG-GUID: yneutNHgvFRMYyzThQzJpk-4OSnQW4h3 X-Proofpoint-GUID: yneutNHgvFRMYyzThQzJpk-4OSnQW4h3 From: "Daniel P. Smith" When tis core initializes, it assumes all localities are closed. There are cases when this may not be the case. This commit addresses this by ensuring all localities are closed before initializing begins. Signed-off-by: Daniel P. Smith Signed-off-by: Ross Philipson --- drivers/char/tpm/tpm_tis_core.c | 11 ++++++++++- include/linux/tpm.h | 6 ++++++ 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/drivers/char/tpm/tpm_tis_core.c b/drivers/char/tpm/tpm_tis_core.c index 7c1761bd6000..9fb53bb3e73f 100644 --- a/drivers/char/tpm/tpm_tis_core.c +++ b/drivers/char/tpm/tpm_tis_core.c @@ -1104,7 +1104,7 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, u32 intmask; u32 clkrun_val; u8 rid; - int rc, probe; + int rc, probe, i; struct tpm_chip *chip; chip = tpmm_chip_alloc(dev, &tpm_tis); @@ -1166,6 +1166,15 @@ int tpm_tis_core_init(struct device *dev, struct tpm_tis_data *priv, int irq, goto out_err; } + /* + * There are environments, like Intel TXT, that may leave a TPM + * locality open. Close all localities to start from a known state. + */ + for (i = 0; i <= TPM_MAX_LOCALITY; i++) { + if (check_locality(chip, i)) + tpm_tis_relinquish_locality(chip, i); + } + /* Take control of the TPM's interrupt hardware and shut it off */ rc = tpm_tis_read32(priv, TPM_INT_ENABLE(priv->locality), &intmask); if (rc < 0) diff --git a/include/linux/tpm.h b/include/linux/tpm.h index c17e4efbb2e5..363f7078c3a9 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -147,6 +147,12 @@ struct tpm_chip_seqops { */ #define TPM2_MAX_CONTEXT_SIZE 4096 +/* + * The maximum locality (0 - 4) for a TPM, as defined in section 3.2 of the + * Client Platform Profile Specification. + */ +#define TPM_MAX_LOCALITY 4 + struct tpm_chip { struct device dev; struct device devs; -- 2.39.3