[v7,13/13] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch
Message ID | 20231110222751.219836-14-ross.philipson@oracle.com |
---|---|
State | New |
Headers |
Return-Path: <linux-kernel-owner@vger.kernel.org> Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:b129:0:b0:403:3b70:6f57 with SMTP id q9csp1420899vqs; Fri, 10 Nov 2023 14:29:44 -0800 (PST) X-Google-Smtp-Source: AGHT+IFYb4/u4RF2bd+1sL0FbJnHDRz0XMYROE2gC+M91J5ByvKEi2yaLulOjGp2Sr+hGfKP0CeC X-Received: by 2002:a05:6a00:1c8f:b0:6c4:d78d:498e with SMTP id y15-20020a056a001c8f00b006c4d78d498emr5998863pfw.2.1699655383729; Fri, 10 Nov 2023 14:29:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1699655383; cv=none; d=google.com; s=arc-20160816; b=Vyct+R1/oi1CGTta4Dchus8ofCCBRWmK4leH3wHhTm5Sblx/s8iH3q4/7FnWk2FFYD GnxRemUcE9AdQ6aa3Rwu3KsgsHJtlOrp4ioZLvr1tvfocGKHBMJHdPVcDWgq6XsDBfcf ynB1gqs4lqhJ1K1jnrsSya8wG5hM7bSxlgDrYVnYqIJFMqRrQxn3haozHfcU0IzbiK5F vxxl47CX3nPaaM5azYRs7rukhpIzspv2GnpufH8iUA6rm+TCHQ8Nb/PzpfiyIteIA7yf THvhG4ZGUU1w5vBin0geNGAf13dpRkC4OHCv1ShaFjx50s1gpZ7fgqMbmHwkMr219HjO F6aw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=GKauPTtNdSk3fkzWv10kdNJl8kVDWJLiFM0GZ5EYFVs=; fh=3RswKj8aEXyBJ6DCbqm+xF4dpuJnrF7Rjf3Zdj/lhD8=; b=i7VaAl0Z7/AqjsY4xY4hhIVHWfP08biU8zg5L92O/dxpd+dzhAnRQBxiNLxLUAqutg yUji2O734rHxAG9hM/x59jnC9U1QUMF8ahQ9g8ap3bzDwqSupeXeNFGQ77n+26nrgwOR whzBKrCt434V76jwZ0MZFB6pqSnjtYbK5Fe1YKZq75Q7FUbuWD2VZnh92AexKp93KPqT 2CPzqw0TYfYqNqQI0J+ng18/BZxPHJ+wjw6wegpvKDQi+ylokK3Bs+n1/BrhmiTZ3s+/ wtqSb+9ftHTFO41WOpgItcQldJbX0N1tepmPbe+EYP+J+HkihfXMt1wCaojkfi2Ubqan 1zSg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-03-30 header.b=ccsZ1Zwd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from agentk.vger.email (agentk.vger.email. [23.128.96.32]) by mx.google.com with ESMTPS id fh31-20020a056a00391f00b006902507d409si445694pfb.174.2023.11.10.14.29.43 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 10 Nov 2023 14:29:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) client-ip=23.128.96.32; Authentication-Results: mx.google.com; dkim=pass header.i=@oracle.com header.s=corp-2023-03-30 header.b=ccsZ1Zwd; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.32 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=oracle.com Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by agentk.vger.email (Postfix) with ESMTP id D2EAE82F4B5E; Fri, 10 Nov 2023 14:29:32 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at agentk.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230120AbjKJW25 (ORCPT <rfc822;heyuhang3455@gmail.com> + 29 others); Fri, 10 Nov 2023 17:28:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:60710 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229821AbjKJW2p (ORCPT <rfc822;linux-kernel@vger.kernel.org>); Fri, 10 Nov 2023 17:28:45 -0500 Received: from mx0a-00069f02.pphosted.com (mx0a-00069f02.pphosted.com [205.220.165.32]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55FF444B6; Fri, 10 Nov 2023 14:28:38 -0800 (PST) Received: from pps.filterd (m0333521.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAHiIst020588; Fri, 10 Nov 2023 22:28:09 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : cc : subject : date : message-id : in-reply-to : references : mime-version : content-transfer-encoding; s=corp-2023-03-30; bh=GKauPTtNdSk3fkzWv10kdNJl8kVDWJLiFM0GZ5EYFVs=; b=ccsZ1ZwdERjPOTms27WSUyLPwC3u2weuulczZ9YCnwNnhjeslyOAFjGJ6a2QGDFccWqy kb4Qedsf7Z7uvw7avVNdgXQ/R1bsvwmhYF2pllLMaA5nI7M95OCIUicdpforwMMeErIZ hXZNTlk0d+lBB//sgnQT5sq1uwMwccOcrWcMFGTmEpCuVInhSBtOCANTJRn2eQZt699H irj2EVTR2EVII+5gcde9sQGeW+julk8fjmVPYfjnOjafW7Y9NSDIa13ik1bN3r8QQUAm Na2nc1Ofjm+qwc7UD8p8VVfqxglIHE+XPPUbdwwPBmc8gXPF0FV2S3IrbTmq95Vu9UiD Jg== Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.appoci.oracle.com [130.35.100.223]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 3u7w23pysd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Fri, 10 Nov 2023 22:28:09 +0000 Received: from pps.filterd (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (8.17.1.19/8.17.1.19) with ESMTP id 3AAK53Y6023844; Fri, 10 Nov 2023 22:28:07 GMT Received: from pps.reinject (localhost [127.0.0.1]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3u7w28nb42-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Nov 2023 22:28:07 +0000 Received: from iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 3AAMRsaO039112; Fri, 10 Nov 2023 22:28:07 GMT Received: from ovs113.us.oracle.com (ovs113.us.oracle.com [10.149.224.213]) by iadpaimrmta01.imrmtpd1.prodappiadaev1.oraclevcn.com (PPS) with ESMTPS id 3u7w28nayh-14 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Fri, 10 Nov 2023 22:28:06 +0000 From: Ross Philipson <ross.philipson@oracle.com> To: linux-kernel@vger.kernel.org, x86@kernel.org, linux-integrity@vger.kernel.org, linux-doc@vger.kernel.org, linux-crypto@vger.kernel.org, iommu@lists.linux-foundation.org, kexec@lists.infradead.org, linux-efi@vger.kernel.org Cc: ross.philipson@oracle.com, dpsmith@apertussolutions.com, tglx@linutronix.de, mingo@redhat.com, bp@alien8.de, hpa@zytor.com, ardb@kernel.org, mjg59@srcf.ucam.org, James.Bottomley@hansenpartnership.com, luto@amacapital.net, nivedita@alum.mit.edu, kanth.ghatraju@oracle.com, trenchboot-devel@googlegroups.com Subject: [PATCH v7 13/13] tpm: Allow locality 2 to be set when initializing the TPM for Secure Launch Date: Fri, 10 Nov 2023 17:27:51 -0500 Message-Id: <20231110222751.219836-14-ross.philipson@oracle.com> X-Mailer: git-send-email 2.39.3 In-Reply-To: <20231110222751.219836-1-ross.philipson@oracle.com> References: <20231110222751.219836-1-ross.philipson@oracle.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-11-10_20,2023-11-09_01,2023-05-22_02 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxlogscore=999 phishscore=0 spamscore=0 mlxscore=0 adultscore=0 malwarescore=0 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2311060000 definitions=main-2311100187 X-Proofpoint-GUID: EU4eaKX42DB7eE9dHiylfHKU3qY5XorR X-Proofpoint-ORIG-GUID: EU4eaKX42DB7eE9dHiylfHKU3qY5XorR X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on agentk.vger.email Precedence: bulk List-ID: <linux-kernel.vger.kernel.org> X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (agentk.vger.email [0.0.0.0]); Fri, 10 Nov 2023 14:29:32 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1782217843799085943 X-GMAIL-MSGID: 1782217843799085943 |
Series |
x86: Trenchboot secure dynamic launch Linux kernel support
|
|
Commit Message
Ross Philipson
Nov. 10, 2023, 10:27 p.m. UTC
The Secure Launch MLE environment uses PCRs that are only accessible from
the DRTM locality 2. By default the TPM drivers always initialize the
locality to 0. When a Secure Launch is in progress, initialize the
locality to 2.
Signed-off-by: Ross Philipson <ross.philipson@oracle.com>
---
drivers/char/tpm/tpm-chip.c | 9 ++++++++-
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/drivers/char/tpm/tpm-chip.c b/drivers/char/tpm/tpm-chip.c index 42b1062e33cd..0217ceb96c42 100644 --- a/drivers/char/tpm/tpm-chip.c +++ b/drivers/char/tpm/tpm-chip.c @@ -23,6 +23,7 @@ #include <linux/major.h> #include <linux/tpm_eventlog.h> #include <linux/hw_random.h> +#include <linux/slaunch.h> #include "tpm.h" DEFINE_IDR(dev_nums_idr); @@ -39,12 +40,18 @@ dev_t tpm_devt; static int tpm_request_locality(struct tpm_chip *chip) { + int locality; int rc; if (!chip->ops->request_locality) return 0; - rc = chip->ops->request_locality(chip, 0); + if (slaunch_get_flags() & SL_FLAG_ACTIVE) + locality = 2; + else + locality = 0; + + rc = chip->ops->request_locality(chip, locality); if (rc < 0) return rc;