[tpmdd-devel,3/4] tpm: introduce tpm_pcr_algorithms()

Submitted by Roberto Sassu on March 29, 2017, 10:24 a.m.

Details

Message ID 20170329102452.32212-4-roberto.sassu@huawei.com
State New
Headers show

Commit Message

Roberto Sassu March 29, 2017, 10:24 a.m.
Return the algorithms supported by the TPM. The limit
(TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.

Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
---
 drivers/char/tpm/tpm-interface.c | 39 +++++++++++++++++++++++++++++++++++++++
 drivers/char/tpm/tpm.h           |  2 +-
 include/linux/tpm.h              |  8 ++++++++
 3 files changed, 48 insertions(+), 1 deletion(-)

Comments

Jarkko Sakkinen April 5, 2017, 12:13 p.m.
On Wed, Mar 29, 2017 at 12:24:51PM +0200, Roberto Sassu wrote:
> Return the algorithms supported by the TPM. The limit
> (TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.
> 
> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>

Why is this needed?

/Jarkko

> ---
>  drivers/char/tpm/tpm-interface.c | 39 +++++++++++++++++++++++++++++++++++++++
>  drivers/char/tpm/tpm.h           |  2 +-
>  include/linux/tpm.h              |  8 ++++++++
>  3 files changed, 48 insertions(+), 1 deletion(-)
> 
> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
> index 0b6cb87..44e7c99 100644
> --- a/drivers/char/tpm/tpm-interface.c
> +++ b/drivers/char/tpm/tpm-interface.c
> @@ -876,6 +876,45 @@ int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>  EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>  
>  /**
> + * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
> + * @chip_num:	tpm idx # or ANY
> + * @algorithms: array of TPM IDs
> + * @algo_num: size of array
> + *
> + * Returns < 0 on error, and the number of active PCR banks on success.
> + */
> +int tpm_pcr_algorithms(u32 chip_num, u32 count,
> +		       enum tpm2_algorithms *algorithms)
> +{
> +	struct tpm_chip *chip;
> +	int rc = -ENODEV;
> +	int i;
> +
> +	chip = tpm_chip_find_get(chip_num);
> +	if (chip == NULL)
> +		return rc;
> +
> +	if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
> +		goto out;
> +
> +	for (i = 0; i < ARRAY_SIZE(chip->active_banks) &&
> +	     chip->active_banks[i] != TPM2_ALG_ERROR; i++) {
> +		if (i >= count) {
> +			rc = -EINVAL;
> +			goto out;
> +		}
> +
> +		algorithms[i] = chip->active_banks[i];
> +	}
> +
> +	rc = i;
> +out:
> +	tpm_put_ops(chip);
> +	return rc;
> +}
> +EXPORT_SYMBOL_GPL(tpm_pcr_algorithms);
> +
> +/**
>   * tpm_do_selftest - have the TPM continue its selftest and wait until it
>   *                   can receive further commands
>   * @chip: TPM chip to use
> diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
> index e20f3ae..f15279b 100644
> --- a/drivers/char/tpm/tpm.h
> +++ b/drivers/char/tpm/tpm.h
> @@ -183,7 +183,7 @@ struct tpm_chip {
>  	const struct attribute_group *groups[3];
>  	unsigned int groups_cnt;
>  
> -	u16 active_banks[7];
> +	u16 active_banks[TPM_ACTIVE_BANKS_MAX];
>  #ifdef CONFIG_ACPI
>  	acpi_handle acpi_dev_handle;
>  	char ppi_version[TPM_PPI_VERSION_LEN + 1];
> diff --git a/include/linux/tpm.h b/include/linux/tpm.h
> index 14b4a42..6552e43 100644
> --- a/include/linux/tpm.h
> +++ b/include/linux/tpm.h
> @@ -23,6 +23,7 @@
>  #define __LINUX_TPM_H__
>  
>  #define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
> +#define TPM_ACTIVE_BANKS_MAX 7	/* Max num of active banks for TPM 2.0 */
>  
>  /*
>   * Chip num is this value or a valid tpm idx
> @@ -69,6 +70,8 @@ extern enum tpm2_algorithms tpm2_pcr_algo_from_crypto(enum hash_algo crypto_id);
>  extern int tpm_is_tpm2(u32 chip_num);
>  extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
>  extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash);
> +extern int tpm_pcr_algorithms(u32 chip_num, u32 count,
> +			      enum tpm2_algorithms *algorithms);
>  extern int tpm_send(u32 chip_num, void *cmd, size_t buflen);
>  extern int tpm_get_random(u32 chip_num, u8 *data, size_t max);
>  extern int tpm_seal_trusted(u32 chip_num,
> @@ -97,6 +100,11 @@ static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) {
>  static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) {
>  	return -ENODEV;
>  }
> +static inline int tpm_pcr_algorithms(u32 chip_num, u32 count,
> +				     enum tpm2_algorithms *algorithms)
> +{
> +	return -ENODEV;
> +}
>  static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) {
>  	return -ENODEV;
>  }
> -- 
> 2.9.3
> 
> 
> ------------------------------------------------------------------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, Slashdot.org! http://sdm.link/slashdot
> _______________________________________________
> tpmdd-devel mailing list
> tpmdd-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Roberto Sassu April 5, 2017, 1:33 p.m.
On 4/5/2017 2:13 PM, Jarkko Sakkinen wrote:
> On Wed, Mar 29, 2017 at 12:24:51PM +0200, Roberto Sassu wrote:
>> Return the algorithms supported by the TPM. The limit
>> (TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.
>>
>> Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
>
> Why is this needed?

The reason of exporting the limit is that this simplifies the
code dealing with information returned by the TPM driver interface.

The new function tpm_pcr_algorithms() can accept as input a static
array, instead of returning a dynamic array that must be freed
by the caller.

Since the size of the dynamic array would have been the same of
that of the active_banks array, member of the tpm_chip structure,
and since the limit is small, the choice of using static arrays
seems reasonable.

Roberto

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Jarkko Sakkinen April 5, 2017, 1:54 p.m.
On Wed, Apr 05, 2017 at 03:33:55PM +0200, Roberto Sassu wrote:
> On 4/5/2017 2:13 PM, Jarkko Sakkinen wrote:
> > On Wed, Mar 29, 2017 at 12:24:51PM +0200, Roberto Sassu wrote:
> > > Return the algorithms supported by the TPM. The limit
> > > (TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.
> > > 
> > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > 
> > Why is this needed?
> 
> The reason of exporting the limit is that this simplifies the
> code dealing with information returned by the TPM driver interface.
> 
> The new function tpm_pcr_algorithms() can accept as input a static
> array, instead of returning a dynamic array that must be freed
> by the caller.
> 
> Since the size of the dynamic array would have been the same of
> that of the active_banks array, member of the tpm_chip structure,
> and since the limit is small, the choice of using static arrays
> seems reasonable.
> 
> Roberto

Still sounds confusing. Or to be honest (and I don't mean to be
mean): I still don't get this at all.

You are adding bunch of functions that somehow "add flexibility".
I still don't have any context how IMA is using these. Maybe in
the next version of the patch set you coud write some kind of
simple usage example to the cover letter that would cover how
these are supposed to be used.

You hardly even metion IMA anywhere. It's fine to explain same
things in both IMA and TPM patches in this case where both
maintainers have to understand the context rather than kind of
delegate that work to the maintainers :-)

/Jarko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
Jarkko Sakkinen April 5, 2017, 1:57 p.m.
On Wed, Apr 05, 2017 at 04:54:18PM +0300, Jarkko Sakkinen wrote:
> On Wed, Apr 05, 2017 at 03:33:55PM +0200, Roberto Sassu wrote:
> > On 4/5/2017 2:13 PM, Jarkko Sakkinen wrote:
> > > On Wed, Mar 29, 2017 at 12:24:51PM +0200, Roberto Sassu wrote:
> > > > Return the algorithms supported by the TPM. The limit
> > > > (TPM_ACTIVE_BANKS_MAX) has been exported to include/linux/tpm.h.
> > > > 
> > > > Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
> > > 
> > > Why is this needed?
> > 
> > The reason of exporting the limit is that this simplifies the
> > code dealing with information returned by the TPM driver interface.
> > 
> > The new function tpm_pcr_algorithms() can accept as input a static
> > array, instead of returning a dynamic array that must be freed
> > by the caller.
> > 
> > Since the size of the dynamic array would have been the same of
> > that of the active_banks array, member of the tpm_chip structure,
> > and since the limit is small, the choice of using static arrays
> > seems reasonable.
> > 
> > Roberto
> 
> Still sounds confusing. Or to be honest (and I don't mean to be
> mean): I still don't get this at all.
> 
> You are adding bunch of functions that somehow "add flexibility".
> I still don't have any context how IMA is using these. Maybe in
> the next version of the patch set you coud write some kind of
> simple usage example to the cover letter that would cover how
> these are supposed to be used.
> 
> You hardly even metion IMA anywhere. It's fine to explain same
> things in both IMA and TPM patches in this case where both
> maintainers have to understand the context rather than kind of
> delegate that work to the maintainers :-)
> 
> /Jarko

And you should have linux-kernel in your CC list since this is not an
RFC patch set but something that you think is ready enough to a kernel
release. For bigger patch sets like this I would recommend also
linux-security-module.

/Jarkko

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot

Patch hide | download patch | download mbox

diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
index 0b6cb87..44e7c99 100644
--- a/drivers/char/tpm/tpm-interface.c
+++ b/drivers/char/tpm/tpm-interface.c
@@ -876,6 +876,45 @@  int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
 EXPORT_SYMBOL_GPL(tpm_pcr_extend);
 
 /**
+ * tpm_pcr_algorithms - get TPM IDs of active PCR banks algorithms
+ * @chip_num:	tpm idx # or ANY
+ * @algorithms: array of TPM IDs
+ * @algo_num: size of array
+ *
+ * Returns < 0 on error, and the number of active PCR banks on success.
+ */
+int tpm_pcr_algorithms(u32 chip_num, u32 count,
+		       enum tpm2_algorithms *algorithms)
+{
+	struct tpm_chip *chip;
+	int rc = -ENODEV;
+	int i;
+
+	chip = tpm_chip_find_get(chip_num);
+	if (chip == NULL)
+		return rc;
+
+	if (!(chip->flags & TPM_CHIP_FLAG_TPM2))
+		goto out;
+
+	for (i = 0; i < ARRAY_SIZE(chip->active_banks) &&
+	     chip->active_banks[i] != TPM2_ALG_ERROR; i++) {
+		if (i >= count) {
+			rc = -EINVAL;
+			goto out;
+		}
+
+		algorithms[i] = chip->active_banks[i];
+	}
+
+	rc = i;
+out:
+	tpm_put_ops(chip);
+	return rc;
+}
+EXPORT_SYMBOL_GPL(tpm_pcr_algorithms);
+
+/**
  * tpm_do_selftest - have the TPM continue its selftest and wait until it
  *                   can receive further commands
  * @chip: TPM chip to use
diff --git a/drivers/char/tpm/tpm.h b/drivers/char/tpm/tpm.h
index e20f3ae..f15279b 100644
--- a/drivers/char/tpm/tpm.h
+++ b/drivers/char/tpm/tpm.h
@@ -183,7 +183,7 @@  struct tpm_chip {
 	const struct attribute_group *groups[3];
 	unsigned int groups_cnt;
 
-	u16 active_banks[7];
+	u16 active_banks[TPM_ACTIVE_BANKS_MAX];
 #ifdef CONFIG_ACPI
 	acpi_handle acpi_dev_handle;
 	char ppi_version[TPM_PPI_VERSION_LEN + 1];
diff --git a/include/linux/tpm.h b/include/linux/tpm.h
index 14b4a42..6552e43 100644
--- a/include/linux/tpm.h
+++ b/include/linux/tpm.h
@@ -23,6 +23,7 @@ 
 #define __LINUX_TPM_H__
 
 #define TPM_DIGEST_SIZE 20	/* Max TPM v1.2 PCR size */
+#define TPM_ACTIVE_BANKS_MAX 7	/* Max num of active banks for TPM 2.0 */
 
 /*
  * Chip num is this value or a valid tpm idx
@@ -69,6 +70,8 @@  extern enum tpm2_algorithms tpm2_pcr_algo_from_crypto(enum hash_algo crypto_id);
 extern int tpm_is_tpm2(u32 chip_num);
 extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
 extern int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash);
+extern int tpm_pcr_algorithms(u32 chip_num, u32 count,
+			      enum tpm2_algorithms *algorithms);
 extern int tpm_send(u32 chip_num, void *cmd, size_t buflen);
 extern int tpm_get_random(u32 chip_num, u8 *data, size_t max);
 extern int tpm_seal_trusted(u32 chip_num,
@@ -97,6 +100,11 @@  static inline int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf) {
 static inline int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash) {
 	return -ENODEV;
 }
+static inline int tpm_pcr_algorithms(u32 chip_num, u32 count,
+				     enum tpm2_algorithms *algorithms)
+{
+	return -ENODEV;
+}
 static inline int tpm_send(u32 chip_num, void *cmd, size_t buflen) {
 	return -ENODEV;
 }