From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-integrity@vger.kernel.org
Cc: dpsmith@apertussolutions.com, ross.philipson@oracle.com,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
"open list:KEYS/KEYRINGS" <keyrings@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH v4 0/9] tpm: Decouple Trenchboot dependencies
Date: Wed, 1 Oct 2025 01:31:23 +0300 [thread overview]
Message-ID: <aNxaO6HGSDzyUIBI@kernel.org> (raw)
In-Reply-To: <20250930221707.1373912-1-jarkko@kernel.org>
On Wed, Oct 01, 2025 at 01:16:58AM +0300, Jarkko Sakkinen wrote:
> Overview
> ========
>
> Decouple TPM driver features relevant for Trenchboot and make tpm-buf
> robust and decoupled entity from the rest of driver. By doing this, code
> can be easily linked to the early boot code.
>
> Goals and scope
> ===============
>
> This patch set contains only changes, which are acceptable to mainline
> driver without existence Trenchboot feature.
>
> At the same the primary goal of the included is to make driver code
> robust enough to meet Trenchboot's requirements.
>
> These constraints should define a meaningful DoD for this patch set.
>
> v4:
> - PCR patch has been removed because it does not fly without Trenchboot
> context.
> v3:
> - I think 6.19 is a better goal for this and thus expanded the series to
> be a generic Trenchboot enablers series. This version also consolidates my two separate ongoing series.
> v2:
> - While including fixes from v1, this patch set has a refocus in order to
> do minimal changes to make code base more compatible Trenchboot.
>
> Jarkko Sakkinen (9):
> tpm: Cap the number of PCR banks
> tpm: Use -EPERM as fallback error code in tpm_ret_to_err
> KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2
> tpm2-sessions: Remove 'attributes' from tpm_buf_append_auth
> tpm2-sessions: Unmask tpm_buf_append_hmac_session()
> KEYS: trusted: Open code tpm2_buf_append()
> tpm-buf: check for corruption in tpm_buf_append_handle()
> tpm-buf: Remove chip parameter from tpm_buf_append_handle
> tpm-buf: Enable managed and stack allocations.
>
> drivers/char/tpm/tpm-buf.c | 141 ++++++----
> drivers/char/tpm/tpm-chip.c | 13 +-
> drivers/char/tpm/tpm-sysfs.c | 21 +-
> drivers/char/tpm/tpm.h | 2 -
> drivers/char/tpm/tpm1-cmd.c | 185 +++++--------
> drivers/char/tpm/tpm2-cmd.c | 313 ++++++++++------------
> drivers/char/tpm/tpm2-sessions.c | 129 +++++----
> drivers/char/tpm/tpm2-space.c | 44 ++-
> drivers/char/tpm/tpm_vtpm_proxy.c | 30 +--
> include/linux/tpm.h | 65 ++---
> security/keys/trusted-keys/trusted_tpm1.c | 34 ++-
> security/keys/trusted-keys/trusted_tpm2.c | 237 +++++++---------
> 12 files changed, 542 insertions(+), 672 deletions(-)
>
> --
> 2.39.5
>
I've done testing in sequence of the patch set for every patch by
running:
1. https://codeberg.org/jarkko/linux-tpmdd-test/src/branch/main/board/pc_x86_64/test_tpm2_kselftest.exp.in
2. https://codeberg.org/jarkko/linux-tpmdd-test/src/branch/main/board/pc_x86_64/test_tpm2_trusted.exp.in
I also separately booted for the managed allocations patch with
swtpm in TPM 1.2 mode and did some manual testing.
Changes have been tested with HMAC encryption on to make sure that
tpm2-sessions changes have beeen applied correctly.
BR, Jarkko
prev parent reply other threads:[~2025-09-30 22:31 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-30 22:16 [PATCH v4 0/9] tpm: Decouple Trenchboot dependencies Jarkko Sakkinen
2025-09-30 22:16 ` [PATCH v4 1/9] tpm: Cap the number of PCR banks Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 2/9] tpm: Use -EPERM as fallback error code in tpm_ret_to_err Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 3/9] KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2 Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 4/9] tpm2-sessions: Remove 'attributes' from tpm_buf_append_auth Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 5/9] tpm2-sessions: Unmask tpm_buf_append_hmac_session() Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 6/9] KEYS: trusted: Open code tpm2_buf_append() Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 7/9] tpm-buf: check for corruption in tpm_buf_append_handle() Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 8/9] tpm-buf: Remove chip parameter from tpm_buf_append_handle Jarkko Sakkinen
2025-09-30 22:17 ` [PATCH v4 9/9] tpm-buf: Enable managed and stack allocations Jarkko Sakkinen
2025-09-30 22:31 ` Jarkko Sakkinen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNxaO6HGSDzyUIBI@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=dpsmith@apertussolutions.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=ross.philipson@oracle.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).