From: Jonathan McDowell
The change to only use interrupts to handle supported status changes,
then switch to polling for the rest, inverted the status test and sleep
such that we can end up sleeping beyond our timeout and not actually
checking the status. This can result in spurious TPM timeouts,
On Tue, Mar 04, 2025 at 10:21:55PM +0200, Jarkko Sakkinen wrote:
On Tue, Mar 04, 2025 at 06:56:02PM +0200, Jarkko Sakkinen wrote:
On Mon, 2025-03-03 at 17:21 +0100, Stefano Garzarella wrote:
> On Sat, Mar 01, 2025 at 03:45:10AM +0200, Jarkko Sakkinen wrote:
> > On Fri, Feb 28, 2025 at 06:07:17PM
On Sat, Mar 01, 2025 at 04:13:23AM +0200, Jarkko Sakkinen wrote:
> On Mon, Feb 24, 2025 at 02:04:13PM +0100, Michal Suchánek wrote:
> > On Mon, Feb 10, 2025 at 07:32:53PM +0200, Jarkko Sakkinen wrote:
> > > On Mon Feb 10, 2025 at 6:18 PM EET, Jonathan McDowell wrote:
> > > > Who then handles the ER
On Mon, 2025-03-03 at 10:26 +, Enrico Bravi wrote:
> On Thu, 2025-02-27 at 15:49 +0100, Roberto Sassu wrote:
> > On Thu, 2025-02-27 at 11:36 +, Enrico Bravi wrote:
> > > On Wed, 2025-02-26 at 22:05 -0500, Mimi Zohar wrote:
> > > > On Wed, 2025-02-26 at 22:53 +, Enrico Bravi wrote:
>
On Tue, Mar 04, 2025 at 07:27:30PM +0200, Jarkko Sakkinen wrote:
On Mon, Mar 03, 2025 at 05:46:16PM +0100, Stefano Garzarella wrote:
On Sat, Mar 01, 2025 at 03:51:46AM +0200, Jarkko Sakkinen wrote:
> On Fri, Feb 28, 2025 at 06:07:19PM +0100, Stefano Garzarella wrote:
> > Add driver for the vTPM
On Wed, Mar 05, 2025 at 10:04:25AM +0100, Stefano Garzarella wrote:
> Jason suggested the send_recv() ops [2], which I liked, but if you prefer to
> avoid that, I can restore what we did in v1 and replace the
> TPM_CHIP_FLAG_IRQ hack with your point 2 (or use TPM_CHIP_FLAG_IRQ if you
> think it is
Depending on the IMA policy and the number of violations, the kernel
patches for minimizing the number of open-writers and ToMToU (Time of
Measure Time of Use) violations may be a major performance improvement.
Most likely the kernel patches will be back ported, but for now limit
the new tests to
On 3/4/25 10:02 AM, Jarkko Sakkinen wrote:
On Mon, 2025-03-03 at 12:55 -0400, Jason Gunthorpe wrote:
On Sun, Mar 02, 2025 at 09:33:59PM +0200, Jarkko Sakkinen wrote:
WARNING: line length of 102 exceeds 100 columns
#764: FILE: drivers/char/tpm/tpm_crb.c:821:
+ FW_
Firmware Framework for Arm A-profile (FF-A) is a messaging framework
for Arm-based systems, and in the context of the TPM CRB driver is used
to signal 'start' to a CRB-based TPM service which is hosted in an
FF-A secure partition running in TrustZone.
These patches add support for the CRB FF-A sta
Add TPM start method for Arm FF-A defined in the TCG ACPI
specification v1.4.
Link: https://github.com/acpica/acpica/pull/1000
Reviewed-by: Jarkko Sakkinen
Signed-off-by: Stuart Yoder
---
include/acpi/actbl3.h | 1 +
1 file changed, 1 insertion(+)
diff --git a/include/acpi/actbl3.h b/include/a
The Arm specification TPM Service CRB over FF-A specification
defines the FF-A messages to interact with a CRB-based TPM
implemented as an FF-A secure partition.
Spec URL:
https://developer.arm.com/documentation/den0138/latest/
This driver is probed when a TPM Secure Partition is
discovered by th
Refactor TPM idle check to tpm_crb_has_idle(), and reduce paraentheses
usage in start method checks
Reviewed-by: Jarkko Sakkinen
Signed-off-by: Stuart Yoder
---
drivers/char/tpm/tpm_crb.c | 36 +---
1 file changed, 21 insertions(+), 15 deletions(-)
diff --git a/
The TCG ACPI spec v1.4 defines a start method for the
TPMs implemented with the Arm CRB over FF-A ABI.
Add support for the FF-A start method, and use interfaces
provided by the ffa_crb driver to interact with the
FF-A based TPM.
Reviewed-by: Jarkko Sakkinen
Signed-off-by: Stuart Yoder
---
driv
Add documentation providing details of how the CRB driver interacts
with FF-A.
Reviewed-by: Jarkko Sakkinen
Signed-off-by: Stuart Yoder
---
Documentation/security/tpm/tpm_ffa_crb.rst | 65 ++
1 file changed, 65 insertions(+)
create mode 100644 Documentation/security/tpm/tpm
Add optional support for the number of expected violations. Include the
expected number of violations in the output.
Limit the new expected violations to the new tests, so that the existing
tests continue to work properly with/without the kernel changes.
Signed-off-by: Mimi Zohar
---
.../secur
Violation tests are dependent on searching the $LOG file, which may
itself result in a ToMToU violation. Preempt getting an additional
violation during the tests by forcing the $LOG ToMToU violation
earlier.
Signed-off-by: Mimi Zohar
---
testcases/kernel/security/integrity/ima/tests/ima_violati
Kernel patch "ima: limit the number of ToMToU integrity violations"
prevents superfluous ToMToU violations. Add corresponding LTP tests.
Link:
https://lore.kernel.org/linux-integrity/20250228205505.476845-3-zo...@linux.ibm.com/
Signed-off-by: Mimi Zohar
---
.../integrity/ima/tests/ima_violatio
Kernel patch "ima: limit the number of open-writers integrity
violations" prevents superfluous "open-writers" violations. Add
corresponding LTP tests.
Link:
https://lore.kernel.org/linux-integrity/20250228205505.476845-2-zo...@linux.ibm.com/
Signed-off-by: Mimi Zohar
---
.../integrity/ima/test
18 matches
Mail list logo
