Re: [PATCH v2] tpm: display warning if using gpio reset with TPM

Thu, 28 Mar 2024 00:09:32 -0700 

Thanks Tim

On Thu, 28 Mar 2024 at 00:12, Tim Harvey <thar...@gateworks.com> wrote:
>
> Instead of displaying what looks like an error message if a
> gpio-reset dt prop is missing for a TPM display a warning that
> having a gpio reset on a TPM should not be used for a secure production
> device.
>
> TCG TIS spec [1] says:
> "The TPM_Init (LRESET#/SPI_RST#) signal MUST be connected to the
> platform CPU Reset signal such that it complies with the requirements
> specified in section 1.2.7 HOST Platform Reset in the PC Client
> Implementation Specification for Conventional BIOS."
>
> The reasoning is that you should not be able to toggle a GPIO and reset
> the TPM without resetting the CPU as well because if an attacker can
> break into your OS via an OS level security flaw they can then reset the
> TPM via GPIO and replay the measurements required to unseal keys
> that you have otherwise protected.
>
> [1] 
> https://trustedcomputinggroup.org/wp-content/uploads/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_03212013.pdf
>
> Signed-off-by: Tim Harvey <thar...@gateworks.com>
> ---
> v2: change the message to a warning and update commit desc/log
> ---
>  drivers/tpm/tpm2_tis_spi.c | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/drivers/tpm/tpm2_tis_spi.c b/drivers/tpm/tpm2_tis_spi.c
> index de9cf8f21e07..c9c83f6f0fc8 100644
> --- a/drivers/tpm/tpm2_tis_spi.c
> +++ b/drivers/tpm/tpm2_tis_spi.c
> @@ -237,14 +237,14 @@ static int tpm_tis_spi_probe(struct udevice *dev)
>                         /* legacy reset */
>                         ret = gpio_request_by_name(dev, "gpio-reset", 0,
>                                                    &reset_gpio, GPIOD_IS_OUT);
> -                       if (ret) {
> -                               log(LOGC_NONE, LOGL_NOTICE,
> -                                   "%s: missing reset GPIO\n", __func__);
> +                       if (ret)
>                                 goto init;
> -                       }
>                         log(LOGC_NONE, LOGL_NOTICE,
>                             "%s: gpio-reset is deprecated\n", __func__);
>                 }
> +               log(LOGC_NONE, LOGL_WARNING,
> +                   "%s: TPM gpio reset should not be used on secure 
> production devices\n",
> +                   dev->name);
>                 dm_gpio_set_value(&reset_gpio, 1);
>                 mdelay(1);
>                 dm_gpio_set_value(&reset_gpio, 0);
> --
> 2.25.1
>

Reviewed-by: Ilias Apalodimas <ilias.apalodi...@linaro.org>

Reply via email to