Re: [PATCH v5 1/4] x86/sev: add SVSM vTPM probe/send_command functions

On Tue, Apr 1, 2025 at 9:13 PM Dionna Amalie Glaze wrote: > > On Mon, Mar 31, 2025 at 3:39 AM Stefano Garzarella > wrote: > > > > From: Stefano Garzarella > > > > Add two new functions to probe and send commands to the SVSM vTPM. > > They leverage the two calls defined by the AMD SVSM specifica

Re: [PATCH] tpm: tis: Increase the default for timeout B

On Thu, Apr 03, 2025 at 09:49:02PM +0300, Jarkko Sakkinen wrote: > On Thu, Apr 03, 2025 at 08:25:05PM +0200, Michal Suchanek wrote: > > With some Infineon chips the timeouts in tpm_tis_send_data (both B and > > C) can reach up to about 2250 ms. > > > > Timeout C is retried since > > commit de9e33d

Re: [PATCH] tpm: tis: Increase the default for timeout B

On Fri, Apr 04, 2025 at 10:12:18AM +0200, Michal Suchánek wrote: > On Thu, Apr 03, 2025 at 09:49:02PM +0300, Jarkko Sakkinen wrote: > > On Thu, Apr 03, 2025 at 08:25:05PM +0200, Michal Suchanek wrote: > > > With some Infineon chips the timeouts in tpm_tis_send_data (both B and > > > C) can reach up

Re: [PATCH] tpm: tis: Increase the default for timeouts B and C

On Fri, Apr 04, 2025 at 11:10:12AM +0300, Jarkko Sakkinen wrote: On Fri, Apr 04, 2025 at 09:51:29AM +0200, Michal Suchánek wrote: On Thu, Apr 03, 2025 at 09:43:19PM +0100, Jonathan McDowell wrote: > On Thu, Apr 03, 2025 at 09:45:21PM +0300, Jarkko Sakkinen wrote: > > On Wed, Apr 02, 2025 at 06:4

Re: [PATCH] tpm: tis: Increase the default for timeouts B and C

On Fri, Apr 04, 2025 at 10:31:18AM +0100, Jonathan McDowell wrote: > On Fri, Apr 04, 2025 at 11:10:12AM +0300, Jarkko Sakkinen wrote: > > On Fri, Apr 04, 2025 at 09:51:29AM +0200, Michal Suchánek wrote: > > > On Thu, Apr 03, 2025 at 09:43:19PM +0100, Jonathan McDowell wrote: > > > > On Thu, Apr 03,

Re: [PATCH] tpm: tis: Increase the default for timeouts B and C

On Thu, Apr 03, 2025 at 09:43:19PM +0100, Jonathan McDowell wrote: > On Thu, Apr 03, 2025 at 09:45:21PM +0300, Jarkko Sakkinen wrote: > > On Wed, Apr 02, 2025 at 06:45:40PM +0100, Jonathan McDowell wrote: > > > On Wed, Apr 02, 2025 at 07:21:30PM +0200, Michal Suchanek wrote: > > > > With some Infin

Re: [PATCH AUTOSEL 5.4 9/9] tpm: End any active auth session before shutdown

NAK. Not sure on the logic that decided this was applicable for 5.4, but it's obviously not even been compile tested: noodles@sevai:~/checkouts/linux$ git checkout v5.4.291 Updating files: 100% (13517/13517), done. Previous HEAD position was 219d54332a09 Linux 5.4 HEAD is now at 52bcf31d8e3d Lin

Re: [PATCH] tpm: tis: Increase the default for timeout B

On Thu, Apr 03, 2025 at 09:49:02PM +0300, Jarkko Sakkinen wrote: > On Thu, Apr 03, 2025 at 08:25:05PM +0200, Michal Suchanek wrote: > > With some Infineon chips the timeouts in tpm_tis_send_data (both B and > > C) can reach up to about 2250 ms. > > > > Timeout C is retried since > > commit de9e33d

Re: [PATCH v3] tpm: tis: Double the timeout B to 4s

On Fri, Apr 04, 2025 at 10:23:14AM +0200, Michal Suchanek wrote: > With some Infineon chips the timeouts in tpm_tis_send_data (both B and > C) can reach up to about 2250 ms. > > Timeout C is retried since > commit de9e33df7762 ("tpm, tpm_tis: Workaround failed command reception on > Infineon devi

[PATCH v3] tpm: tis: Double the timeout B to 4s

With some Infineon chips the timeouts in tpm_tis_send_data (both B and C) can reach up to about 2250 ms. Timeout C is retried since commit de9e33df7762 ("tpm, tpm_tis: Workaround failed command reception on Infineon devices") Timeout B still needs to be extended. The problem is most commonly en

Re: [PATCH v2] tpm, tpm_tis: Workaround failed command reception on Infineon devices

Jarkko, I've realised I've somehow introduced a typo in the patch below that means it doesn't fire correctly; I'm not sure how this happened as my local copy I was testing on is definitely correct. Would you like a one line fix up patch, or can you manually fix it up in your tree? This hunk:

Re: [PATCH v6 3/4] tpm: add SNP SVSM vTPM driver

On Thu, Apr 3, 2025 at 3:10 AM Stefano Garzarella wrote: > > From: Stefano Garzarella > > Add driver for the vTPM defined by the AMD SVSM spec [1]. > > The specification defines a protocol that a SEV-SNP guest OS can use to > discover and talk to a vTPM emulated by the Secure VM Service Module (S

Re: [PATCH v6 3/4] tpm: add SNP SVSM vTPM driver

On Fri, 4 Apr 2025 at 19:32, Dionna Amalie Glaze wrote: > > On Thu, Apr 3, 2025 at 3:10 AM Stefano Garzarella wrote: > > > > From: Stefano Garzarella > > > > Add driver for the vTPM defined by the AMD SVSM spec [1]. > > > > The specification defines a protocol that a SEV-SNP guest OS can use to

Re: [PATCH v5 3/4] tpm: add SNP SVSM vTPM driver

On Mon, Mar 31, 2025 at 10:34 AM Jarkko Sakkinen wrote: > > On Mon, Mar 31, 2025 at 12:38:56PM +0200, Stefano Garzarella wrote: > > From: Stefano Garzarella > > > > Add driver for the vTPM defined by the AMD SVSM spec [1]. > > > > The specification defines a protocol that a SEV-SNP guest OS can u

Re: [PATCH v6 3/4] tpm: add SNP SVSM vTPM driver

On Fri, Apr 4, 2025 at 11:37 AM Stefano Garzarella wrote: > > On Fri, 4 Apr 2025 at 19:32, Dionna Amalie Glaze > wrote: > > > > On Thu, Apr 3, 2025 at 3:10 AM Stefano Garzarella > > wrote: > > > > > > From: Stefano Garzarella > > > > > > Add driver for the vTPM defined by the AMD SVSM spec [1

Re: [RFC PATCH v2 10/13] tpm: authenticate tpm2_pcr_read()

On Sun, Mar 23, 2025 at 03:09:08PM +0100, Nicolai Stange wrote: > PCR reads aren't currently authenticated even with CONFIG_TCG_TPM2_HMAC=y > yet. > > It is probably desirable though, as e.g. IMA does some PCR reads to form > the cumulative boot digest subsequently extended into PCR 10 (an operati

[PATCH v6 3/4] tpm: add SNP SVSM vTPM driver

From: Stefano Garzarella Add driver for the vTPM defined by the AMD SVSM spec [1]. The specification defines a protocol that a SEV-SNP guest OS can use to discover and talk to a vTPM emulated by the Secure VM Service Module (SVSM) in the guest context, but at a more privileged level (VMPL0). Th