[v6,13/14] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch
| Message ID | 20230504145023.835096-14-ross.philipson@oracle.com |
|---|---|
| State | New |
| Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org>
Delivered-To: ouuuleilei@gmail.com
Received: by 2002:a59:b0ea:0:b0:3b6:4342:cba0 with SMTP id b10csp384834vqo;
Thu, 4 May 2023 08:01:44 -0700 (PDT)
X-Google-Smtp-Source:
ACHHUZ5TRcLhJ1qAh4jmzRZj/ykz8xkpE7oXrQDhVb7QGdXmLdlDht3/FjGfHuMl1q2ZTFld5uxe
X-Received: by 2002:a17:902:db08:b0:1a6:7b71:e64b with SMTP id
m8-20020a170902db0800b001a67b71e64bmr4833377plx.15.1683212504316;
Thu, 04 May 2023 08:01:44 -0700 (PDT)
ARC-Seal: i=2; a=rsa-sha256; t=1683212504; cv=pass;
d=google.com; s=arc-20160816;
b=IpH2pPBGaEu+6aA/L9UxK3H9eYoDS79DEG/ho/TAZFwb5WauXzAU+LI9PDMI6zwVRY
SqNjLZpw6SM/tdtDi8Gk6ctH9lPySrrvgjCo6C+PTR+DccFL3nnLpM20aYo6fR7MBnfn
q/wXOoki5PkkLYW1YuArB8AdXUpG7ofRF2ciTbUETVkZDme+1tqJjj2sKx8xQTc7BeDA
Gu4f3tKn9BFL0/IkfJ0qS+tYUfyVIOtOFCrXC6Bvs/EBtExiCZh6OrPOx06zud0eRRa2
HSuixH7Oqmqdwtd58hTX5iqSSeM6Y9i7w1DWRqsa9kt+uuh1AVoT+Mp4tVcEsLY2bPbQ
ozcw==
ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20160816;
h=list-id:precedence:mime-version:content-transfer-encoding
:references:in-reply-to:message-id:date:subject:cc:to:from
:dkim-signature:dkim-signature;
bh=cimFUmMXPPdRRb9RVxT9QLutcTS3EKkjDzebxiqmfcg=;
b=qeJ8nBcOR/HTrf6QdTezFA8VIAG/Mmn/hYLYev2RO9KArDg4hyddGK0w56+ZCB+nYZ
BCgrN2Wf5JaFVWrtKl60Ql8ngnRYgt+kFnUarfJLM8stzpERLmFp5FdEYW1D33+I9zBr
ysBnopHYdEjs/XWCPH6hjlW5usWPsYWOxfD71mFeG6Gr8JUO1rD44VSGtH+PWwhhJe1j
5RGP4gKTwluzvWUI3VGmsdNElhJFzTo15Z/rnWzpoKXB2Fq4MxU1ytaZjQU3eW6V0sBH
U5RaWJvshkZkZwTBQeZq16rEgGdqwyrMNeaFyLT9vmMhlwdtn6fRLRMAsVq30HQDzGiB
+NRQ==
ARC-Authentication-Results: i=2; mx.google.com;
dkim=pass header.i=@oracle.com header.s=corp-2023-03-30
header.b=McXJRkEj;
dkim=pass header.i=@oracle.onmicrosoft.com
header.s=selector2-oracle-onmicrosoft-com header.b=Cuv+KeDp;
arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass
dkdomain=oracle.com dmarc=pass fromdomain=oracle.com);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
by mx.google.com with ESMTP id
jm2-20020a17090304c200b001aaccc51d45si13626465plb.398.2023.05.04.08.01.30;
Thu, 04 May 2023 08:01:44 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
dkim=pass header.i=@oracle.com header.s=corp-2023-03-30
header.b=McXJRkEj;
dkim=pass header.i=@oracle.onmicrosoft.com
header.s=selector2-oracle-onmicrosoft-com header.b=Cuv+KeDp;
arc=pass (i=1 spf=pass spfdomain=oracle.com dkim=pass
dkdomain=oracle.com dmarc=pass fromdomain=oracle.com);
spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org
designates 2620:137:e000::1:20 as permitted sender)
smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
id S231371AbjEDOxZ (ORCPT <rfc822;b08248@gmail.com> + 99 others);
Thu, 4 May 2023 10:53:25 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:46022 "EHLO
lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
with ESMTP id S230458AbjEDOwm (ORCPT
<rfc822;linux-kernel@vger.kernel.org>);
Thu, 4 May 2023 10:52:42 -0400
Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com
[205.220.165.32])
by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B64846A67;
Thu, 4 May 2023 07:51:43 -0700 (PDT)
Received: from pps.filterd (m0246627.ppops.net [127.0.0.1])
by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id
344DiRQ2003750;
Thu, 4 May 2023 14:51:24 GMT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com;
h=from : to : cc :
subject : date : message-id : in-reply-to : references :
content-transfer-encoding : content-type : mime-version;
s=corp-2023-03-30; bh=cimFUmMXPPdRRb9RVxT9QLutcTS3EKkjDzebxiqmfcg=;
b=McXJRkEjlvnsxv+2DJJjxd0MjqZSFf7qnPGd8KYOtxwtDFmvt9HItGNVnBpr8xrc8DRs
rwMHF65NA0ECKdHQ1nXae51TEKaG00eZ3svPpR7meC6q6NrSQmTnS5feRzfUT5XtDlqE
kngJeqmaGckDNb/cF0oswfGrAk6EkAOZjM1vIAwSdq1j08Jm6sOxXjkppgaVKtNJ5D2Z
WRc2EP0fBOSKriuMTOullKvWZjTOXTMoeUG0DRrz0yrJOEiiBAj6/bDpElIrYWAFgwhh
3HjcwD5aFux3FIzjZO5RVqZuPJ7HXMKFdEoj4k3vSPvLHPzoVtMI7Duh6FqjDJTjV+lF uQ==
Received: from phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com
(phxpaimrmta01.appoci.oracle.com [138.1.114.2])
by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3q8su1t1ys-1
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Thu, 04 May 2023 14:51:24 +0000
Received: from pps.filterd
(phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1])
by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com
(8.17.1.19/8.17.1.19) with ESMTP id 344EPTTn020744;
Thu, 4 May 2023 14:51:23 GMT
Received: from nam11-bn8-obe.outbound.protection.outlook.com
(mail-bn8nam11lp2168.outbound.protection.outlook.com [104.47.58.168])
by phxpaimrmta01.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with
ESMTPS id 3q8sp8kes1-3
(version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256
verify=OK);
Thu, 04 May 2023 14:51:23 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=VwFWz6tH9mLetnvgb6dbam4wBmM4NdZkw2maHcrwWL0uW7FVzCfam9y7DoXxmjunh2ephzqWal29Z0RTGzIcRVEAWhLeBy/vS1XAERHySfjVjnno1JjXbE7uVwxG1613H/LXlDGVNy1Moyg0kSjF5GwyOt6/U3j/xkTsCM3f3gcK5OsS/QbBzJ+d53nSUvQo0yJaZSf8CcdGk0MRibGYtMGwDKtLbe6iPt1twgFAy2x5i+HXfKvLXROYS2sY1h2EIRH0U+8hUUX9KcO/AyBMCHmUyRnW2ezjLkJa8QM84du8i9jmQH8iG6zDe3Ngum1cVlj9ESlTHFRX65+CpyMqFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
bh=cimFUmMXPPdRRb9RVxT9QLutcTS3EKkjDzebxiqmfcg=;
b=BFnSFIurzZ3LOvSlQ8ua0hn9Xu5ovZUoth53cgDnI+tOrwQq69HJSJFS7LD72WwqjRHaTPhfsqsEHywmxwUKkxZhqelbOV44Ar/ySFRRnN7LdKAKbzitUmby6rSFUKnkHmahTU/6MI95U9xtJANSC3iJUfXPyY8q/MY5KXBDt8PH7UEzUcHzQxdIs0RIaBbBTcjS3GJI9lpTnmfzNfOyiJtQcjrUtO3n2OMjcKuQ+eolVhHeChKJZhM/CUzyuRZ17rDI/V9wtgo+zxKcNxEu8dKQtdlUB3q74q5UxL78LWT6NBofRV18VbY/B97p7zQ7RTmSVTEOa+wAw6fGXQHxew==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=oracle.com; dmarc=pass action=none header.from=oracle.com;
dkim=pass header.d=oracle.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=oracle.onmicrosoft.com; s=selector2-oracle-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=cimFUmMXPPdRRb9RVxT9QLutcTS3EKkjDzebxiqmfcg=;
b=Cuv+KeDpl296OxGbWhaqqRA4UF50vtq4H0xjIRGIDmMQH2Pb8bFIh4G6Go6BmjpGAujaNhE72c+2hJRwQTue8/dej3oBnGFJS9LQ7T9crXVwDOmdx6Emx1QCMek8IAlpny/aRqi+boY1/6ZMWU13x7HukVZIe9NILhRcMImN6Cw=
Received: from BY5PR10MB3793.namprd10.prod.outlook.com (2603:10b6:a03:1f6::14)
by PH0PR10MB6982.namprd10.prod.outlook.com (2603:10b6:510:287::8) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6363.26; Thu, 4 May
2023 14:51:20 +0000
Received: from BY5PR10MB3793.namprd10.prod.outlook.com
([fe80::a007:b0c1:5cb:329a]) by BY5PR10MB3793.namprd10.prod.outlook.com
([fe80::a007:b0c1:5cb:329a%5]) with mapi id 15.20.6363.026; Thu, 4 May 2023
14:51:20 +0000
From: Ross Philipson <ross.philipson@oracle.com>
To: linux-kernel@vger.kernel.org, x86@kernel.org,
linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org,
linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org,
kexec@lists.infradead.org, linux-efi@vger.kernel.org
Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com,
tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com,
ardb@kernel.org, mjg59@srcf.ucam.org,
James.Bottomley@hansenpartnership.com, luto@amacapital.net,
nivedita@alum.mit.edu, kanth.ghatraju@oracle.com,
trenchboot-devel@googlegroups.com
Subject: [PATCH v6 13/14] tpm: Allow locality 2 to be set when initializing
the TPM for Secure Launch
Date: Thu, 4 May 2023 14:50:22 +0000
Message-Id: <20230504145023.835096-14-ross.philipson@oracle.com>
X-Mailer: git-send-email 2.31.1
In-Reply-To: <20230504145023.835096-1-ross.philipson@oracle.com>
References: <20230504145023.835096-1-ross.philipson@oracle.com>
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-ClientProxiedBy: DM6PR08CA0049.namprd08.prod.outlook.com
(2603:10b6:5:1e0::23) To BY5PR10MB3793.namprd10.prod.outlook.com
(2603:10b6:a03:1f6::14)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: BY5PR10MB3793:EE_|PH0PR10MB6982:EE_
X-MS-Office365-Filtering-Correlation-Id: d623d4af-d2c3-4ab9-3649-08db4caf05fd
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info:
3srn+YdUB3vA8jGNairQzob1WjUaUW0RYWCQLWLOpkv76bwqkOShkHOn2Fs8uFSgeSD6gEVFSFCoYwh4GgfUvAgUu6QSbcPJaXBdjiwSilA1/y4qL9aXPoONTTid3Y7j41NsnglS5tiQQBHc2O6B42fKQ4rXMevu5kKxyfTM+1g4luo9yIPoQNnVshHS0HmoogDW2+B1DROVvcvz08iU+o6xRabAAFYxUaJlLH4Za+oM9yQgB7HjlQRO2lkW7QYjWxP7EePejsR+AdsnRQEvpcQ6MTAH4QwIi6725ncENVdSjryDLrOH+FcBif8SQLCHVQ2aUEcLgASqLidG1joAdkQG3fBPTI8OsvUuMhx6J4MhSG/U5HlCR6kx+5yNRL3GI3dAi/ofTYZWzDcn/g8NHUUhsB9m+zx/y7gc+i0RG4uzPmGTDGgdcXcfH5UCvwdSv8Rw4Fdju+4K7VsWKGHoR8Teawv1qCaK3g72WkhGYFuCT8DmhuUe2Fz2Afkik9E+KSfJQcCl4zwfz5vea3+wbqLjvvcDSkI1l+4xPd1iaI1bVHnj4W1poh+coCi9pzF7
X-Forefront-Antispam-Report:
CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:BY5PR10MB3793.namprd10.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230028)(39860400002)(396003)(346002)(136003)(376002)(366004)(451199021)(36756003)(38100700002)(5660300002)(7416002)(2906002)(44832011)(8936002)(316002)(86362001)(4326008)(66556008)(66476007)(66946007)(8676002)(41300700001)(83380400001)(186003)(6512007)(6506007)(1076003)(26005)(6486002)(478600001)(2616005);DIR:OUT;SFP:1101;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0:
BdK+R1kg4tTRJdf2KQLjGtIbUEPGWtNz/p+RSKxNiO/ZpjfOADNPBJw6KlRKG4kKQaph7hHngx9NztGEeTAbtAImU6KpEcTfo0dUDxCvzsUCokLfeZ1CMdjWSKfjtwe/NxcqOje3dJyBI92v7CkoJlKkitmMx0nWHn5F8hh2k1PUzZAjowb3qdIxKspxRKp9MoTABkefO7d4PODxB1MwhhB6iUnsyIDZeknZrUsiCFpQdV/SwbJ6Y4FQlOjUcWMJYGLAqx7UlyEQyKLIerpgViFfEmXhBQw211Ml+kAXEpyeWmspeSSNzdPrLnRKXGdm4ZpZhZtPwz1ZC0MFGLz/1T4nQUgDsM+aVVVDRZ+axOPBg1AI0Szzky/5Ef96ne01l1bXdm63CkFMCTENOeyMuKpbl/NKlxEgDCkGqoCI0GhSNCvkXEq7fNJ0wVlsaelxZ/XBdtoNeZsWxy4RZNbabv36b4p8dfUp/t9Sb/GWEvrNRcCvRI5WquwKg1ctxoPgLv1Di66uZOp8MB3nTh+z314OzMn7G3sMR+EdoaR9qsMX97FtUzUIeYZBLPcFV+V+Ye6A7jDPiTn/ZYRU9LpCTUSKE8gih1HvdjLK4QfaXr22FKGIg16lgTy713Y7WnOOpG7atBwN8Olhn95ctkzdiM5sZsskv7yvG1Fo6mtxkFmNH9Ah58ljfoj6nuZAk2OxrtHG5kH25ImjPrIHSn9wo9TpUXNnPw3kl2tYXB1uZh0GwKp4oJyKtgUp3YjuOhJ8xK5allYYEm/H741N8Z2Owrk/S37QDrLUZ6XdsqJkBFvi8kNMdn18wp9UN3WBUQiipFbyT5NSGn2oLDA3y6YEDEVPxcxot0ISArspXpbfgAz9RMiqJys7ozp5Y9knnYsssNMpDQURKRlvvjunAEfz+SGxj5LnlT5hvNAoyeBSjuIusQrUZIJ+ILudjs3pcN0y7xLLuAyvaXjCBW+73hQVLf1NgxyixYGB5TshbY5tt/zO7H47aWmAIkpDyCOj+MHYfgnVsBkfrQ0I9M+J8uTGiP3HjSxZnefnmy6q5+1+5zA0qOTxnXXz+J9KqEjZis7jlJuCFUszk1bVy0QeUOz9MMzz+gBphnbIH+vzMSmGk5uNFJZoKdykKzZLB96JhAhsHRu3b0ho7Pz9jm/Fev6Q4ckXHGISsvVpo3I3wlSV3fK25tl+gcd/fV+bvR2Aie5fW36jAfbLAF7Cfcj3iADH1+5cZcE++SC6nnWe1Hc2Eq5QWuwuDhqG9rhQn2DoPjpeCIk8Ju4+VJXaLB0AwefABp1WKlXHB6I6VPp4w7yhTOotgbwuJJRxEuCtrdC6aESyTtu2ujIUFtKsHTL/2MUTu1cIYiqvc/YOuwVYwE9oZ0E6tOZ8fB3eTXWK+E+srKnKT9sdYsgecdZybxmwCH0OTsHl0uyto9MoetvbjeDgL5dv9XreOioicWkU4wURPFbyUucC9NHCqYFaonHuzUlGUEWxs3y1AkN/al+KPKCN26mpA6TWRN2Ugu/NXY4NzMNGBCf9X3pUMYNwfMnlkBlpbrWVswwTBHdrzTg+ql3P3KzduqxLTsKz8pBtgx5ToF4TaCy7u9zDsZXcZgY2mL19ZA==
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-ExternalHop-MessageData-0:
QP/auNSJ3WMt+OAHWuNFm49rsOBqfd6Uc0MH0YLK1BymBaJ0Uv1rJKWewfYDzv4tYjNfjVHIzNGXC4XWWleIFF839hCfuoajAI1jfuEfCYoqD8k3GfdNUXUNit9L8JXenFg8B0ZasV542jRa2MJRaJJhFc/5EOb8qM7M0kJ05u1mFLENd3YeXzDP5wBkzB+AIVhOUpglBHucIfS66FUrGvDJwld1YoqL9XDV0OqBYLnqEYnG8u3UXHTvo8X7Fe/iVPf0p74bIw/wpPt5jzlczW+hFscUL/LT1LEpNl1I564/oqLNmfAeWeo7fj6fRaKi5o49Yo+d+x17bZc7qxkJJTK7lUVEqMnsC8WGJGtKKOKspMPdrWPp5mqMz6aCJJcGekh6F6K97WkdFqRB+JMRj1NiF7BZ2DoIEzd7M2n8YZEmSEavneVmdMGjEufji++0I+irn4cdKWqYf0Rro1OBacY5Vwt9ObUHvkRe8PtcbSg0BE5T5cStenDI7yMuKcQIjcfNKH8v6HXupL4/+/4Iz3B4RkRncTC2TLO/MtkV8v3pHRxbLSqavnB9SRx9WShdmIGP7fCeEJi4/vsNlVCnhjpdDF9cFuqRWZkYmEfrZV4Y/zlcGDCrFKGeNRqhLNgJl89bmGKbIuKvPgIrQLqvVLei7KWyT06FAZ48XDkplORZVGiLB+Wf4se+i/WfM2GLKIhcmG8c9rP8063ZoFOETNvo/9qEAM7uB75MJR/XjUIoSZTFfou2mmCcbPYjBtm/oi4ZBPiGYMxt2gZXlKzUNZbmv8vGscpsqlnZwG9+JH3k0Cyvah5rIvo+k5btEPjbNBV8G2yyjFD+1nXu3/5NSkhcce2b6hZVI0GJJMHa1VLI2zotRM18IOA84l5Oc2kXU4HOrLhNMM+ciJAS38ubUKtEZr3t1b3+Dr8G22TndfBICGUXn3U4AeqXR8aJ79RXEoTp8kg2oPEN2oyZKngVMyniV/XBM42SPMetnOwLLipQ160BXUFhXeIRgIk9f/lZuNVHPFab9IaSO5adAZHEP9uc2mtFs4qqBSK6bOkmtjO42SbvtE04MtIzX3tqnz1mf+UUtzEueFxxado+4oEuBjnosqE0MDLtHXJ37LLZBErQyH1uwHWuq0js0k9Oqp3D1RIh8mh1pXpfPpytncF9aezgCgye92Az7BatVn6YK1EtsdXbDbN2t1TVOqXGb94e/WKn4dLqw1W4a5crzpUM4jikMiL3kBTuw4zwzfYwLVJOXD8XBZk5ccRsbVtl3G7nDzXnVErsXGyzPVryvhq1U6f6n62z/Ooy5FdAVx+t+Mk=
X-OriginatorOrg: oracle.com
X-MS-Exchange-CrossTenant-Network-Message-Id:
d623d4af-d2c3-4ab9-3649-08db4caf05fd
X-MS-Exchange-CrossTenant-AuthSource: BY5PR10MB3793.namprd10.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 04 May 2023 14:51:20.7734
(UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: 4e2c6054-71cb-48f1-bd6c-3a9705aca71b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName:
6vrkSM7gJqyIlATbG+YsUcYajnfEA+NHk1lYGLkAYfAEP/f/mO4xspwaxyZNbjDKcK1ruN77P1xr1ZklRQ1me33qGiBTcL5MMnFM+siGcfw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR10MB6982
X-Proofpoint-Virus-Version: vendor=baseguard
engine=ICAP:2.0.254,Aquarius:18.0.942,Hydra:6.0.573,FMLib:17.11.170.22
definitions=2023-05-04_10,2023-05-04_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 bulkscore=0
mlxscore=0 spamscore=0
mlxlogscore=999 phishscore=0 malwarescore=0 adultscore=0 suspectscore=0
classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2303200000
definitions=main-2305040122
X-Proofpoint-GUID: TrJtrQHeL_WVFPcka0zpWrC_VBMY6cAg
X-Proofpoint-ORIG-GUID: TrJtrQHeL_WVFPcka0zpWrC_VBMY6cAg
X-Spam-Status: No, score=-2.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_LOW,
RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE
autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?=
X-GMAIL-THRID: =?utf-8?q?1764976235061938429?=
X-GMAIL-MSGID: =?utf-8?q?1764976235061938429?=
|
| Series |
x86: Trenchboot secure dynamic launch Linux kernel support
|
|
Commit Message
Ross Philipson
May 4, 2023, 2:50 p.m. UTC
The Secure Launch MLE environment uses PCRs that are only accessible from
the DRTM locality 2. By default the TPM drivers always initialize the
locality to 0. When a Secure Launch is in progress, initialize the
locality to 2.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
drivers/char/tpm/tpm-chip.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
Comments
On Thu, May 04, 2023 at 02:50:22PM +0000, Ross Philipson wrote: > The Secure Launch MLE environment uses PCRs that are only accessible from > the DRTM locality 2. By default the TPM drivers always initialize the > locality to 0. When a Secure Launch is in progress, initialize the > locality to 2. This looks correct in itself, but looking at the CRB driver code I don't think locality support is actually implemented. Are there any SL systems using CRB?
On 5/12/23 07:43, Matthew Garrett wrote: > On Thu, May 04, 2023 at 02:50:22PM +0000, Ross Philipson wrote: >> The Secure Launch MLE environment uses PCRs that are only accessible from >> the DRTM locality 2. By default the TPM drivers always initialize the >> locality to 0. When a Secure Launch is in progress, initialize the >> locality to 2. > > This looks correct in itself, but looking at the CRB driver code I don't > think locality support is actually implemented. Are there any SL systems > using CRB? We have never seen a system that supports CRB other than some firmware TPMs that don't work with TXT in the first place. CRB is unexplored territory at this point. Thanks Ross
On 5/12/23 12:22, Ross Philipson wrote: > On 5/12/23 07:43, Matthew Garrett wrote: >> On Thu, May 04, 2023 at 02:50:22PM +0000, Ross Philipson wrote: >>> The Secure Launch MLE environment uses PCRs that are only accessible >>> from >>> the DRTM locality 2. By default the TPM drivers always initialize the >>> locality to 0. When a Secure Launch is in progress, initialize the >>> locality to 2. >> >> This looks correct in itself, but looking at the CRB driver code I don't >> think locality support is actually implemented. Are there any SL systems >> using CRB? > > We have never seen a system that supports CRB other than some firmware > TPMs that don't work with TXT in the first place. CRB is unexplored > territory at this point. So there is often confusion over the CRB interface. If you ask an ARM person, they will describe a door-bell, general purpose memory interface that has no support for locality. That interface is described in the TCG's Mobile TPM interface. Though there is work in progress to address this. Now if you speak with an x86 person, they will describe a state-based command-response mechanism using MMIO registers which has locality support. That interface is described in the TCG PC Client specification. As to whether there are devices with CRB and TXT. I have seen talk on the tboot mailing list that there exist an Intel client devices that has an Intel-PTT fTPM using the PC Client CRB interface and Intel-TXT. I myself have never seen one, so I could not point you at a SKU/Part No. for such a device. If someone has such a device and willing to help, drop me a line and I would be glad to work with them to get this tested. v/r, dps
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 80aaa10..5dd2eed 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -23,6 +23,7 @@ #include <linux/major.h> #include <linux/tpm_eventlog.h> #include <linux/hw_random.h> +#include <linux/slaunch.h> #include "tpm.h" DEFINE_IDR(dev_nums_idr); @@ -34,12 +35,18 @@ static int tpm_request_locality(struct tpm_chip *chip) { + int locality; int rc; if (!chip->ops->request_locality) return 0; - rc = chip->ops->request_locality(chip, 0); + if (slaunch_get_flags() & SL_FLAG_ACTIVE) + locality = 2; + else + locality = 0; + + rc = chip->ops->request_locality(chip, locality); if (rc < 0) return rc;