On 3/25/2025 7:18 PM, Frederick Lawler wrote:
My mistake, this is PATCH v2. I forgot to change the subject in git
send-email. I can resend if that's needed.
No problem. However, let's change:
mask & MAY_WRITE
with
file->f_mode & FMODE_WRITE
Thanks
Roberto
On Wed, 2025-03-26 at 09:21 +0100, Nicolai Stange wrote:
> Mimi Zohar writes:
>
> > On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
> > > runtime_measurements_ sysfs files are getting created for
> > > each PCR bank + for SHA-1.
> > >
> > > Now that runtime_measurements_ sysfs file crea
> > > I would argue that it's likely that no existing userspace tool is relying
> > > on this fallback logic -- they either wouldn't consume the hash value from
> > > the measurement list directly but recreate it by themselves, as is
> > > required
> > > for verification against PCRs, or, if the
On Wed, Mar 26, 2025 at 11:34:01AM -0300, Jason Gunthorpe wrote:
> On Wed, Mar 26, 2025 at 02:11:12PM +0200, Jarkko Sakkinen wrote:
>
> > Generally speaking I don't see enough value in complicating
> > callback interface. It's better to handle complications in
> > the leaves (i.e. dictatorship of
On Wed, Mar 26, 2025 at 04:57:47PM +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 26, 2025 at 11:34:01AM -0300, Jason Gunthorpe wrote:
> > On Wed, Mar 26, 2025 at 02:11:12PM +0200, Jarkko Sakkinen wrote:
> >
> > > Generally speaking I don't see enough value in complicating
> > > callback interface. I
On Wed, 2025-03-26 at 14:46 +0100, Nicolai Stange wrote:
> Mimi Zohar writes:
>
> > On Wed, 2025-03-26 at 09:21 +0100, Nicolai Stange wrote:
> > > Mimi Zohar writes:
> > >
> > > > On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
>
> > > > "ima_hash" is the default file hash algorithm.
On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
> Normally IMA would extend a template hash of each bank's associated
> algorithm into a PCR. However, if a bank's hash algorithm is
> unavailable to the kernel at IMA init time, it would fallback to
> extending padded SHA1 hashes instead.
>
On Wed, Mar 26, 2025 at 02:11:12PM +0200, Jarkko Sakkinen wrote:
> Generally speaking I don't see enough value in complicating
> callback interface. It's better to handle complications in
> the leaves (i.e. dictatorship of majority ;-) ).
That is very much not the way most driver subsystems view
From: Jarkko Sakkinen
tpm_ftpm_tee does not require chip->status, chip->cancel and
chip->req_canceled. Make them optional.
Signed-off-by: Jarkko Sakkinen
---
drivers/char/tpm/tpm-interface.c | 31 ---
drivers/char/tpm/tpm_ftpm_tee.c | 20
2 fil
On Thu, Mar 20, 2025 at 04:24:32PM +0100, Stefano Garzarella wrote:
> From: Stefano Garzarella
>
> Some devices do not support interrupts and provide a single operation
> to send the command and receive the response on the same buffer.
>
> To support this scenario, a driver could set TPM_CHIP_FL
On Mon, Mar 24, 2025 at 11:46:46AM +0100, Stefano Garzarella wrote:
> From: Stefano Garzarella
>
> Add two new functions to probe and send commands to the SVSM vTPM.
> They leverage the two calls defined by the AMD SVSM specification [1]
> for the vTPM protocol: SVSM_VTPM_QUERY and SVSM_VTPM_CMD.
On Tue, Mar 25, 2025 at 06:20:48PM +0100, Stefano Garzarella wrote:
> On Tue, Mar 25, 2025 at 09:56:53AM -0700, Dionna Amalie Glaze wrote:
> > On Mon, Mar 24, 2025 at 3:47 AM Stefano Garzarella
> > wrote:
> > >
> > > From: Stefano Garzarella
> > >
> > > Add two new functions to probe and send
On Wed, Mar 26, 2025 at 05:58:33PM +0200, Jarkko Sakkinen wrote:
> On Wed, Mar 26, 2025 at 04:57:47PM +0200, Jarkko Sakkinen wrote:
> > On Wed, Mar 26, 2025 at 11:34:01AM -0300, Jason Gunthorpe wrote:
> > > On Wed, Mar 26, 2025 at 02:11:12PM +0200, Jarkko Sakkinen wrote:
> > >
> > > > Generally sp
On Mon, Mar 24, 2025 at 11:46:47AM +0100, Stefano Garzarella wrote:
> From: Stefano Garzarella
>
> Helpers for the SVSM_VTPM_CMD calls used by the vTPM protocol defined by
> the AMD SVSM spec [1].
>
> The vTPM protocol follows the Official TPM 2.0 Reference Implementation
> (originally by Micros
On Mon, Mar 24, 2025 at 11:46:48AM +0100, Stefano Garzarella wrote:
> From: Stefano Garzarella
>
> Add driver for the vTPM defined by the AMD SVSM spec [1].
>
> The specification defines a protocol that a SEV-SNP guest OS can use to
> discover and talk to a vTPM emulated by the Secure VM Service
Mimi Zohar writes:
> On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
>
>> diff --git a/drivers/char/tpm/tpm2-cmd.c b/drivers/char/tpm/tpm2-cmd.c
>> index dfdcbd009720..23ded8ea47dc 100644
>> --- a/drivers/char/tpm/tpm2-cmd.c
>> +++ b/drivers/char/tpm/tpm2-cmd.c
>> @@ -226,16 +226,34 @@ i
Jarkko Sakkinen writes:
> On Sun, Mar 23, 2025 at 03:09:05PM +0100, Nicolai Stange wrote:
>> The existing tpm_pcr_extend() extends all of a PCR's allocated banks with
>> the corresponding digest from the provided digests[] argument.
>
> Why not "just" tpm_pcr_extend(). We don't have a concept of
On Tue, Mar 25, 2025 at 10:49:38AM +0530, Sumit Garg wrote:
> On Thu, Mar 20, 2025 at 04:24:33PM +0100, Stefano Garzarella wrote:
> > From: Stefano Garzarella
> >
> > This driver does not support interrupts, and receiving the response is
> > synchronous with sending the command.
> >
> > It used
Mimi Zohar writes:
> On Wed, 2025-03-26 at 09:21 +0100, Nicolai Stange wrote:
>> Mimi Zohar writes:
>>
>> > On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
>> > "ima_hash" is the default file hash algorithm. Re-using it as the default
>> > complete measurement list assumes that the s
On Wed, 2025-03-26 at 10:01 +0100, Nicolai Stange wrote:
> Mimi Zohar writes:
>
> > > diff --git a/security/integrity/ima/ima_crypto.c
> > > b/security/integrity/ima/ima_crypto.c
> > > index 6f5696d999d0..a43080fb8edc 100644
> > > --- a/security/integrity/ima/ima_crypto.c
> > > +++ b/security/in
Mimi Zohar writes:
> On Wed, 2025-03-26 at 10:01 +0100, Nicolai Stange wrote:
>> Mimi Zohar writes:
>>
>> > > diff --git a/security/integrity/ima/ima_crypto.c
>> > > b/security/integrity/ima/ima_crypto.c
>> > > index 6f5696d999d0..a43080fb8edc 100644
>> > > --- a/security/integrity/ima/ima_cry
Mimi Zohar writes:
> On Sun, 2025-03-23 at 15:08 +0100, Nicolai Stange wrote:
>> IMA creates one runtime_measurements_ sysfs file for every TPM
>> bank + for SHA1 if not covered by any such. These differ only in that the
>> template hash value for each record is of the file's associated algorithm
Mimi Zohar writes:
> On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
>> runtime_measurements_ sysfs files are getting created for
>> each PCR bank + for SHA-1.
>>
>> Now that runtime_measurements_ sysfs file creation is being
>> skipped for unsupported hash algorithms, it will become po
James Bottomley writes:
> On Mon, 2025-03-24 at 21:03 -0400, Mimi Zohar wrote:
>> On Sun, 2025-03-23 at 17:18 -0400, James Bottomley wrote:
> [...]
>> > Instead of any of that, why not do what the TCG tells us to do for
>> > unsupported banks and simply cap them with 0x record
>> > EV_SEP
Mimi Zohar writes:
>> diff --git a/security/integrity/ima/ima_crypto.c
>> b/security/integrity/ima/ima_crypto.c
>> index 6f5696d999d0..a43080fb8edc 100644
>> --- a/security/integrity/ima/ima_crypto.c
>> +++ b/security/integrity/ima/ima_crypto.c
>> @@ -625,26 +625,43 @@ int ima_calc_field_array_h
Mimi Zohar writes:
> On Sun, 2025-03-23 at 15:09 +0100, Nicolai Stange wrote:
>> Right now, PCR banks with unsupported hash algorithms are getting
>> invalidated over and over again for each new measurement list entry
>> recorded.
>>
>> A subsequent patch will make IMA to invalidate PCR banks as
26 matches
Mail list logo
