Message ID | 20220407111849.5676-1-LinoSanfilippo@gmx.de |
---|---|
Headers | show |
Series | Support TPM Reset GPIO | expand |
On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote: > Currently it is not possible to set the tpm chips reset state from within > the driver. This is problematic if the chip is still in reset after the > system comes up. This may e.g. happen if the reset line is pulled into > reset state by a pin configuration in the device tree. This kind of system is badly misdesigned. TPM PCRs fundementally cannot work if the TPM reset line is under software control. Jason
Hi, On 07.04.22 at 16:25, Jason Gunthorpe wrote: > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote: >> Currently it is not possible to set the tpm chips reset state from within >> the driver. This is problematic if the chip is still in reset after the >> system comes up. This may e.g. happen if the reset line is pulled into >> reset state by a pin configuration in the device tree. > > This kind of system is badly misdesigned. > > TPM PCRs fundementally cannot work if the TPM reset line is under > software control. > > Jason > you may be right about the misdesign, but as a matter of fact there are systems which have the TPMs reset line connected to a GPIO and not the system reset. For those systems we should provide a way to let at least the driver put the TPM out of reset (note that on those systems the TPM reset can be triggered by software anyway by asserting/deasserting the GPIO line). Regards, Lino
On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote: > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote: > > Currently it is not possible to set the tpm chips reset state from within > > the driver. This is problematic if the chip is still in reset after the > > system comes up. This may e.g. happen if the reset line is pulled into > > reset state by a pin configuration in the device tree. > > This kind of system is badly misdesigned. > > TPM PCRs fundementally cannot work if the TPM reset line is under > software control. Not every system which incorporates a TPM wants to use or is even capable of measuring software state of any kind or perform secure boot. Those systems may merely want to use the TPM to store key material. Thanks, Lukas
On Thu, Apr 07, 2022 at 01:18:49PM +0200, Lino Sanfilippo wrote: > --- /dev/null > +++ b/drivers/char/tpm/tpm_tis_spi_slb9670.c [...] > +int slb9670_spi_unset_reset(struct tpm_tis_data *data) [...] > +int slb9670_spi_set_reset(struct tpm_tis_data *data) [...] > +static const struct tpm_tis_phy_ops slb9670_spi_phy_ops = { > + .read_bytes = tpm_tis_spi_read_bytes, > + .write_bytes = tpm_tis_spi_write_bytes, > + .read16 = tpm_tis_spi_read16, > + .read32 = tpm_tis_spi_read32, > + .write32 = tpm_tis_spi_write32, > + .set_reset = slb9670_spi_set_reset, > + .unset_reset = slb9670_spi_unset_reset, > +}; 0-day is complaining that slb9670_spi_set_reset() / slb9670_spi_unset_reset() are not declared static: https://lore.kernel.org/all/202204081357.8SfjQosI-lkp@intel.com/ Thanks, Lukas
On 10.04.22 at 19:18, Lukas Wunner wrote: > On Thu, Apr 07, 2022 at 01:18:49PM +0200, Lino Sanfilippo wrote: >> --- /dev/null >> +++ b/drivers/char/tpm/tpm_tis_spi_slb9670.c > [...] >> +int slb9670_spi_unset_reset(struct tpm_tis_data *data) > [...] >> +int slb9670_spi_set_reset(struct tpm_tis_data *data) > [...] >> +static const struct tpm_tis_phy_ops slb9670_spi_phy_ops = { >> + .read_bytes = tpm_tis_spi_read_bytes, >> + .write_bytes = tpm_tis_spi_write_bytes, >> + .read16 = tpm_tis_spi_read16, >> + .read32 = tpm_tis_spi_read32, >> + .write32 = tpm_tis_spi_write32, >> + .set_reset = slb9670_spi_set_reset, >> + .unset_reset = slb9670_spi_unset_reset, >> +}; > > 0-day is complaining that slb9670_spi_set_reset() / slb9670_spi_unset_reset() > are not declared static: > > https://lore.kernel.org/all/202204081357.8SfjQosI-lkp@intel.com/ > > Thanks, > > Lukas > Right, I will fix this in the next version, thanks! Regards, Lino
On Sun, Apr 10, 2022 at 07:11:23PM +0200, Lukas Wunner wrote: > On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote: > > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote: > > > Currently it is not possible to set the tpm chips reset state from within > > > the driver. This is problematic if the chip is still in reset after the > > > system comes up. This may e.g. happen if the reset line is pulled into > > > reset state by a pin configuration in the device tree. > > > > This kind of system is badly misdesigned. > > > > TPM PCRs fundementally cannot work if the TPM reset line is under > > software control. > > Not every system which incorporates a TPM wants to use or is even capable > of measuring software state of any kind or perform secure boot. > > Those systems may merely want to use the TPM to store key material. Then maybe the TPM driver should make it clear somehow that the PCRs don't work in these systems. It is really dangerous to add capabilities like this that should never, ever be used in sanely designed systems. Jason
On Mon, Apr 11, 2022 at 08:47:41AM -0300, Jason Gunthorpe wrote: > On Sun, Apr 10, 2022 at 07:11:23PM +0200, Lukas Wunner wrote: > > On Thu, Apr 07, 2022 at 11:25:26AM -0300, Jason Gunthorpe wrote: > > > On Thu, Apr 07, 2022 at 01:18:45PM +0200, Lino Sanfilippo wrote: > > > > Currently it is not possible to set the tpm chips reset state from within > > > > the driver. This is problematic if the chip is still in reset after the > > > > system comes up. This may e.g. happen if the reset line is pulled into > > > > reset state by a pin configuration in the device tree. > > > > > > This kind of system is badly misdesigned. > > > > > > TPM PCRs fundementally cannot work if the TPM reset line is under > > > software control. > > > > Not every system which incorporates a TPM wants to use or is even capable > > of measuring software state of any kind or perform secure boot. > > > > Those systems may merely want to use the TPM to store key material. > > Then maybe the TPM driver should make it clear somehow that the PCRs > don't work in these systems. > > It is really dangerous to add capabilities like this that should > never, ever be used in sanely designed systems. > > Jason I agree. That niche should do the bad things with oot patches. BR, Jarkko