| Message ID | AS1P250MB060864865460745C69F23D74A9FF2@AS1P250MB0608.EURP250.PROD.OUTLOOK.COM |
|---|---|
| State | New |
| Delegated to: | Ilias Apalodimas |
| Headers | show |
| Series | [1/1] tpm: fixed the nv_define_space command in TPMv2 | expand |
Hi Michel On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote: > Added 2 HMAC bytes to the command message Please cc the TPM maintainers, otherwise I might miss this patch. What the patch does is obvious, can you add a better explanation of - what it fixes / what was broken? - pointers to spec that define the hmac size and placement? Thanks /Ilias > > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com> > --- > lib/tpm-v2.c | 5 +++-- > 1 file changed, 3 insertions(+), 2 deletions(-) > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c > index 9ca7933c094..4a082af78af 100644 > --- a/lib/tpm-v2.c > +++ b/lib/tpm-v2.c > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, > * chunks below. > */ > const int platform_len = sizeof(u32); > - const int session_hdr_len = 13; > + const int session_hdr_len = 15; > const int message_len = 14; > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + > message_len; > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, > /* handles 4 bytes */ > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ > > - /* session header 13 bytes */ > + /* session header 15 bytes */ > tpm_u32(9), /* Header size */ > tpm_u32(TPM2_RS_PW), /* Password authorisation */ > tpm_u16(0), /* nonce_size */ > 0, /* session_attrs */ > + tpm_u16(0), /* HMAC size */ > tpm_u16(0), /* auth_size */ > > /* message 14 bytes + policy */ > -- > 2.43.0 >
Hi Ilias, I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering why this command does not work in u-boot. Then I found a patch, that has never been applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html, where the nv_define's message buf was "fixed". I tried this change and the nv_define command is working now. Alex > -----Original Message----- > From: Ilias Apalodimas <ilias.apalodimas@linaro.org> > Sent: Tuesday, February 18, 2025 8:38 AM > To: Michel Alex <Alex.Michel@wiedemann-group.com> > Cc: u-boot@lists.denx.de > Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2 > > Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias > Apalodimas <ilias.apalodimas@linaro.org>. Bitte klicken Sie nicht auf Links oder > Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind. > > Hi Michel > > On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote: > > Added 2 HMAC bytes to the command message > > Please cc the TPM maintainers, otherwise I might miss this patch. > > What the patch does is obvious, can you add a better explanation of > - what it fixes / what was broken? > - pointers to spec that define the hmac size and placement? > > Thanks > /Ilias > > > > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com> > > --- > > lib/tpm-v2.c | 5 +++-- > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index > > 9ca7933c094..4a082af78af 100644 > > --- a/lib/tpm-v2.c > > +++ b/lib/tpm-v2.c > > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 > space_index, > > * chunks below. > > */ > > const int platform_len = sizeof(u32); > > - const int session_hdr_len = 13; > > + const int session_hdr_len = 15; > > const int message_len = 14; > > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + > > message_len; > > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 > space_index, > > /* handles 4 bytes */ > > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ > > > > - /* session header 13 bytes */ > > + /* session header 15 bytes */ > > tpm_u32(9), /* Header size */ > > tpm_u32(TPM2_RS_PW), /* Password authorisation > */ > > tpm_u16(0), /* nonce_size */ > > 0, /* session_attrs */ > > + tpm_u16(0), /* HMAC size */ > > tpm_u16(0), /* auth_size */ > > > > /* message 14 bytes + policy */ > > -- > > 2.43.0 > >
Hi Michel, On Thu, 20 Feb 2025 at 09:14, Michel Alex <Alex.Michel@wiedemann-group.com> wrote: > > Hi Ilias, > > I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering > why this command does not work in u-boot. Then I found a patch, that has never been > applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html, Yes, that patch was useful but unfortunately, it didn't apply to -master cleanly and I haven't seen an updated revision since. I'll have a look at the tpm specs and figure out why this change is working and let you know. You can then send a v2 with a commit message that explains why Thanks /Ilias > where the nv_define's message buf was "fixed". I tried this change and the nv_define command > is working now. > > Alex > > > -----Original Message----- > > From: Ilias Apalodimas <ilias.apalodimas@linaro.org> > > Sent: Tuesday, February 18, 2025 8:38 AM > > To: Michel Alex <Alex.Michel@wiedemann-group.com> > > Cc: u-boot@lists.denx.de > > Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2 > > > > Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias > > Apalodimas <ilias.apalodimas@linaro.org>. Bitte klicken Sie nicht auf Links oder > > Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind. > > > > Hi Michel > > > > On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote: > > > Added 2 HMAC bytes to the command message > > > > Please cc the TPM maintainers, otherwise I might miss this patch. > > > > What the patch does is obvious, can you add a better explanation of > > - what it fixes / what was broken? > > - pointers to spec that define the hmac size and placement? > > > > Thanks > > /Ilias > > > > > > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com> > > > --- > > > lib/tpm-v2.c | 5 +++-- > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index > > > 9ca7933c094..4a082af78af 100644 > > > --- a/lib/tpm-v2.c > > > +++ b/lib/tpm-v2.c > > > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 > > space_index, > > > * chunks below. > > > */ > > > const int platform_len = sizeof(u32); > > > - const int session_hdr_len = 13; > > > + const int session_hdr_len = 15; > > > const int message_len = 14; > > > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + > > > message_len; > > > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 > > space_index, > > > /* handles 4 bytes */ > > > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ > > > > > > - /* session header 13 bytes */ > > > + /* session header 15 bytes */ > > > tpm_u32(9), /* Header size */ > > > tpm_u32(TPM2_RS_PW), /* Password authorisation > > */ > > > tpm_u16(0), /* nonce_size */ > > > 0, /* session_attrs */ > > > + tpm_u16(0), /* HMAC size */ > > > tpm_u16(0), /* auth_size */ > > > > > > /* message 14 bytes + policy */ > > > -- > > > 2.43.0 > > >
Hi Alex, ++ CC Niek who originally authored this On Thu, 20 Feb 2025 at 10:27, Ilias Apalodimas <ilias.apalodimas@linaro.org> wrote: > > Hi Michel, > > On Thu, 20 Feb 2025 at 09:14, Michel Alex > <Alex.Michel@wiedemann-group.com> wrote: > > > > Hi Ilias, > > > > I don't know where to find the spec for the tpm v2 nv_define command. I was just wondering > > why this command does not work in u-boot. Then I found a patch, that has never been > > applied to the master, see https://lists.denx.de/pipermail/u-boot/2023-December/542089.html, > > Yes, that patch was useful but unfortunately, it didn't apply to > -master cleanly and I haven't seen an updated revision since. > I'll have a look at the tpm specs and figure out why this change is > working and let you know. You can then send a v2 with a commit message > that explains why > > Thanks > /Ilias > > > where the nv_define's message buf was "fixed". I tried this change and the nv_define command > > is working now. > > > > Alex > > > > > -----Original Message----- > > > From: Ilias Apalodimas <ilias.apalodimas@linaro.org> > > > Sent: Tuesday, February 18, 2025 8:38 AM > > > To: Michel Alex <Alex.Michel@wiedemann-group.com> > > > Cc: u-boot@lists.denx.de > > > Subject: Re: [PATCH 1/1] tpm: fixed the nv_define_space command in TPMv2 > > > > > > Vorsicht: Es handelt sich um eine externe E-Mail vom Absender Ilias > > > Apalodimas <ilias.apalodimas@linaro.org>. Bitte klicken Sie nicht auf Links oder > > > Anhänge, solange Sie nicht von der Echtheit der Nachricht überzeugt sind. > > > > > > Hi Michel > > > > > > On Thu, Feb 13, 2025 at 12:43:34PM +0000, Michel Alex wrote: > > > > Added 2 HMAC bytes to the command message > > > > > > Please cc the TPM maintainers, otherwise I might miss this patch. > > > > > > What the patch does is obvious, can you add a better explanation of > > > - what it fixes / what was broken? > > > - pointers to spec that define the hmac size and placement? > > > > > > Thanks > > > /Ilias > > > > > > > > Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com> > > > > --- > > > > lib/tpm-v2.c | 5 +++-- > > > > 1 file changed, 3 insertions(+), 2 deletions(-) > > > > > > > > diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index > > > > 9ca7933c094..4a082af78af 100644 > > > > --- a/lib/tpm-v2.c > > > > +++ b/lib/tpm-v2.c > > > > @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 > > > space_index, > > > > * chunks below. > > > > */ > > > > const int platform_len = sizeof(u32); > > > > - const int session_hdr_len = 13; > > > > + const int session_hdr_len = 15; > > > > const int message_len = 14; > > > > uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + > > > > message_len; > > > > @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 > > > space_index, > > > > /* handles 4 bytes */ > > > > tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ > > > > > > > > - /* session header 13 bytes */ > > > > + /* session header 15 bytes */ > > > > tpm_u32(9), /* Header size */ > > > > tpm_u32(TPM2_RS_PW), /* Password authorisation > > > */ > > > > tpm_u16(0), /* nonce_size */ > > > > 0, /* session_attrs */ > > > > + tpm_u16(0), /* HMAC size */ So looking at this again, and the spec -- we are using a password auth just above. So the HMAC shouldn't be needed. Any chance this is the TPM2B_AUTH filed we add and it somehow fixes your issue? Cheers /Ilias > > > > tpm_u16(0), /* auth_size */ > > > > > > > > /* message 14 bytes + policy */ > > > > -- > > > > 2.43.0 > > > >
diff --git a/lib/tpm-v2.c b/lib/tpm-v2.c index 9ca7933c094..4a082af78af 100644 --- a/lib/tpm-v2.c +++ b/lib/tpm-v2.c @@ -264,7 +264,7 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, * chunks below. */ const int platform_len = sizeof(u32); - const int session_hdr_len = 13; + const int session_hdr_len = 15; const int message_len = 14; uint offset = TPM2_HDR_LEN + platform_len + session_hdr_len + message_len; @@ -277,11 +277,12 @@ u32 tpm2_nv_define_space(struct udevice *dev, u32 space_index, /* handles 4 bytes */ tpm_u32(TPM2_RH_PLATFORM), /* Primary platform seed */ - /* session header 13 bytes */ + /* session header 15 bytes */ tpm_u32(9), /* Header size */ tpm_u32(TPM2_RS_PW), /* Password authorisation */ tpm_u16(0), /* nonce_size */ 0, /* session_attrs */ + tpm_u16(0), /* HMAC size */ tpm_u16(0), /* auth_size */ /* message 14 bytes + policy */
Added 2 HMAC bytes to the command message Signed-off-by: Alex Michel <alex.michel@wiedemann-group.com> --- lib/tpm-v2.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)