Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull tpm updates from James Morris:
- reduce polling delays in tpm_tis
- support retrieving TPM 2.0 Event Log through EFI before
ExitBootServices
- replace tpm-rng.c with a hwrng device managed by the driver for each
TPM device
- TPM resource manager synthesizes TPM_RC_COMMAND_CODE response instead
of returning -EINVAL for unknown TPM commands. This makes user space
more sound.
- CLKRUN fixes:
* Keep #CLKRUN disable through the entier TPM command/response flow
* Check whether #CLKRUN is enabled before disabling and enabling it
again because enabling it breaks PS/2 devices on a system where it
is disabled
* 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
tpm: remove unused variables
tpm: remove unused data fields from I2C and OF device ID tables
tpm: only attempt to disable the LPC CLKRUN if is already enabled
tpm: follow coding style for variable declaration in tpm_tis_core_init()
tpm: delete the TPM_TIS_CLK_ENABLE flag
tpm: Update MAINTAINERS for Jason Gunthorpe
tpm: Keep CLKRUN enabled throughout the duration of transmit_cmd()
tpm_tis: Move ilb_base_addr to tpm_tis_data
tpm2-cmd: allow more attempts for selftest execution
tpm: return a TPM_RC_COMMAND_CODE response if command is not implemented
tpm: Move Linux RNG connection to hwrng
tpm: use struct tpm_chip for tpm_chip_find_get()
tpm: parse TPM event logs based on EFI table
efi: call get_event_log before ExitBootServices
tpm: add event log format version
tpm: rename event log provider files
tpm: move tpm_eventlog.h outside of drivers folder
tpm: use tpm_msleep() value as max delay
tpm: reduce tpm polling delay in tpm_tis_core
tpm: move wait_for_tpm_stat() to respective driver files
This commit is contained in:
Linus Torvalds
@@ -355,13 +355,12 @@ out:
|
||||
* For key specific tpm requests, we will generate and send our
|
||||
* own TPM command packets using the drivers send function.
|
||||
*/
|
||||
static int trusted_tpm_send(const u32 chip_num, unsigned char *cmd,
|
||||
size_t buflen)
|
||||
static int trusted_tpm_send(unsigned char *cmd, size_t buflen)
|
||||
{
|
||||
int rc;
|
||||
|
||||
dump_tpm_buf(cmd);
|
||||
rc = tpm_send(chip_num, cmd, buflen);
|
||||
rc = tpm_send(NULL, cmd, buflen);
|
||||
dump_tpm_buf(cmd);
|
||||
if (rc > 0)
|
||||
/* Can't return positive return codes values to keyctl */
|
||||
@@ -382,10 +381,10 @@ static int pcrlock(const int pcrnum)
|
||||
|
||||
if (!capable(CAP_SYS_ADMIN))
|
||||
return -EPERM;
|
||||
ret = tpm_get_random(TPM_ANY_NUM, hash, SHA1_DIGEST_SIZE);
|
||||
ret = tpm_get_random(NULL, hash, SHA1_DIGEST_SIZE);
|
||||
if (ret != SHA1_DIGEST_SIZE)
|
||||
return ret;
|
||||
return tpm_pcr_extend(TPM_ANY_NUM, pcrnum, hash) ? -EINVAL : 0;
|
||||
return tpm_pcr_extend(NULL, pcrnum, hash) ? -EINVAL : 0;
|
||||
}
|
||||
|
||||
/*
|
||||
@@ -398,7 +397,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
|
||||
unsigned char ononce[TPM_NONCE_SIZE];
|
||||
int ret;
|
||||
|
||||
ret = tpm_get_random(TPM_ANY_NUM, ononce, TPM_NONCE_SIZE);
|
||||
ret = tpm_get_random(NULL, ononce, TPM_NONCE_SIZE);
|
||||
if (ret != TPM_NONCE_SIZE)
|
||||
return ret;
|
||||
|
||||
@@ -410,7 +409,7 @@ static int osap(struct tpm_buf *tb, struct osapsess *s,
|
||||
store32(tb, handle);
|
||||
storebytes(tb, ononce, TPM_NONCE_SIZE);
|
||||
|
||||
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
|
||||
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
@@ -434,7 +433,7 @@ static int oiap(struct tpm_buf *tb, uint32_t *handle, unsigned char *nonce)
|
||||
store16(tb, TPM_TAG_RQU_COMMAND);
|
||||
store32(tb, TPM_OIAP_SIZE);
|
||||
store32(tb, TPM_ORD_OIAP);
|
||||
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
|
||||
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
|
||||
if (ret < 0)
|
||||
return ret;
|
||||
|
||||
@@ -493,7 +492,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
|
||||
ret = tpm_get_random(TPM_ANY_NUM, td->nonceodd, TPM_NONCE_SIZE);
|
||||
ret = tpm_get_random(NULL, td->nonceodd, TPM_NONCE_SIZE);
|
||||
if (ret != TPM_NONCE_SIZE)
|
||||
goto out;
|
||||
ordinal = htonl(TPM_ORD_SEAL);
|
||||
@@ -542,7 +541,7 @@ static int tpm_seal(struct tpm_buf *tb, uint16_t keytype,
|
||||
store8(tb, cont);
|
||||
storebytes(tb, td->pubauth, SHA1_DIGEST_SIZE);
|
||||
|
||||
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
|
||||
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
|
||||
if (ret < 0)
|
||||
goto out;
|
||||
|
||||
@@ -603,7 +602,7 @@ static int tpm_unseal(struct tpm_buf *tb,
|
||||
|
||||
ordinal = htonl(TPM_ORD_UNSEAL);
|
||||
keyhndl = htonl(SRKHANDLE);
|
||||
ret = tpm_get_random(TPM_ANY_NUM, nonceodd, TPM_NONCE_SIZE);
|
||||
ret = tpm_get_random(NULL, nonceodd, TPM_NONCE_SIZE);
|
||||
if (ret != TPM_NONCE_SIZE) {
|
||||
pr_info("trusted_key: tpm_get_random failed (%d)\n", ret);
|
||||
return ret;
|
||||
@@ -635,7 +634,7 @@ static int tpm_unseal(struct tpm_buf *tb,
|
||||
store8(tb, cont);
|
||||
storebytes(tb, authdata2, SHA1_DIGEST_SIZE);
|
||||
|
||||
ret = trusted_tpm_send(TPM_ANY_NUM, tb->data, MAX_BUF_SIZE);
|
||||
ret = trusted_tpm_send(tb->data, MAX_BUF_SIZE);
|
||||
if (ret < 0) {
|
||||
pr_info("trusted_key: authhmac failed (%d)\n", ret);
|
||||
return ret;
|
||||
@@ -748,7 +747,7 @@ static int getoptions(char *c, struct trusted_key_payload *pay,
|
||||
int i;
|
||||
int tpm2;
|
||||
|
||||
tpm2 = tpm_is_tpm2(TPM_ANY_NUM);
|
||||
tpm2 = tpm_is_tpm2(NULL);
|
||||
if (tpm2 < 0)
|
||||
return tpm2;
|
||||
|
||||
@@ -917,7 +916,7 @@ static struct trusted_key_options *trusted_options_alloc(void)
|
||||
struct trusted_key_options *options;
|
||||
int tpm2;
|
||||
|
||||
tpm2 = tpm_is_tpm2(TPM_ANY_NUM);
|
||||
tpm2 = tpm_is_tpm2(NULL);
|
||||
if (tpm2 < 0)
|
||||
return NULL;
|
||||
|
||||
@@ -967,7 +966,7 @@ static int trusted_instantiate(struct key *key,
|
||||
size_t key_len;
|
||||
int tpm2;
|
||||
|
||||
tpm2 = tpm_is_tpm2(TPM_ANY_NUM);
|
||||
tpm2 = tpm_is_tpm2(NULL);
|
||||
if (tpm2 < 0)
|
||||
return tpm2;
|
||||
|
||||
@@ -1008,7 +1007,7 @@ static int trusted_instantiate(struct key *key,
|
||||
switch (key_cmd) {
|
||||
case Opt_load:
|
||||
if (tpm2)
|
||||
ret = tpm_unseal_trusted(TPM_ANY_NUM, payload, options);
|
||||
ret = tpm_unseal_trusted(NULL, payload, options);
|
||||
else
|
||||
ret = key_unseal(payload, options);
|
||||
dump_payload(payload);
|
||||
@@ -1018,13 +1017,13 @@ static int trusted_instantiate(struct key *key,
|
||||
break;
|
||||
case Opt_new:
|
||||
key_len = payload->key_len;
|
||||
ret = tpm_get_random(TPM_ANY_NUM, payload->key, key_len);
|
||||
ret = tpm_get_random(NULL, payload->key, key_len);
|
||||
if (ret != key_len) {
|
||||
pr_info("trusted_key: key_create failed (%d)\n", ret);
|
||||
goto out;
|
||||
}
|
||||
if (tpm2)
|
||||
ret = tpm_seal_trusted(TPM_ANY_NUM, payload, options);
|
||||
ret = tpm_seal_trusted(NULL, payload, options);
|
||||
else
|
||||
ret = key_seal(payload, options);
|
||||
if (ret < 0)
|
||||
|
||||
Reference in New Issue
Block a user