Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] tpm sessions

Doug Fraser
 

Jerry,

Was there anything outside of drivers/char/tpm tree?

I diffed that whole tree 4.14 vs 4.18 and got a small number of diffs.

Doug

These five files...

diff --unified --recursive --minimal a/linux/drivers/char/tpm/Kconfig b/linux/drivers/char/tpm/Kconfig
diff --unified --recursive --minimal a/linux/drivers/char/tpm/tpm_crb.c b/linux/drivers/char/tpm/tpm_crb.c
diff --unified --recursive --minimal a/linux/drivers/char/tpm/tpm_i2c_nuvoton.c b/linux/drivers/char/tpm/tpm_i2c_nuvoton.c
diff --unified --recursive --minimal a/linux/drivers/char/tpm/tpm-interface.c b/linux/drivers/char/tpm/tpm-interface.c
diff --unified --recursive --minimal a/linux/drivers/char/tpm/xen-tpmfront.c b/linux/drivers/char/tpm/xen-tpmfront.c

With what looks to be the relevant changes in tpm-interface.c, with about a dozen lines spread across five sections of code.

diff --unified --recursive --minimal a/linux/drivers/char/tpm/tpm-interface.c b/linux/drivers/char/tpm/tpm-interface.c
--- a/linux/drivers/char/tpm/tpm-interface.c 2019-02-25 12:55:59.000000000 -0500
+++ b/linux/drivers/char/tpm/tpm-interface.c 2019-03-19 09:36:57.601582514 -0400
@@ -479,13 +479,15 @@

if (need_locality) {
rc = tpm_request_locality(chip, flags);
- if (rc < 0)
- goto out_no_locality;
+ if (rc < 0) {
+ need_locality = false;
+ goto out_locality;
+ }
}

rc = tpm_cmd_ready(chip, flags);
if (rc)
- goto out;
+ goto out_locality;

rc = tpm2_prepare_space(chip, space, ordinal, buf);
if (rc)
@@ -549,14 +551,13 @@
dev_err(&chip->dev, "tpm2_commit_space: error %d\n", rc);

out:
- rc = tpm_go_idle(chip, flags);
- if (rc)
- goto out;
+ /* may fail but do not override previous error value in rc */
+ tpm_go_idle(chip, flags);

+out_locality:
if (need_locality)
tpm_relinquish_locality(chip, flags);

-out_no_locality:
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, false);

@@ -611,12 +612,13 @@
rc = be32_to_cpu(header->return_code);
if (rc != TPM2_RC_RETRY)
break;
- delay_msec *= 2;
+
if (delay_msec > TPM2_DURATION_LONG) {
dev_err(&chip->dev, "TPM is in retry loop\n");
break;
}
tpm_msleep(delay_msec);
+ delay_msec *= 2;
memcpy(buf, save, save_size);
}
return ret;
@@ -652,7 +654,8 @@
return len;

err = be32_to_cpu(header->return_code);
- if (err != 0 && desc)
+ if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED
+ && desc)
dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err,
desc);
if (err)

-----Original Message-----
From: Jerry Snitselaar <jsnitsel@...>
Sent: Tuesday, March 19, 2019 1:31 PM
To: Doug Fraser <doug.fraser@...>
Cc: James Bottomley <James.Bottomley@...>; openssl-tpm2-engine@groups.io; Kenneth Goldman <kgoldman@...>; Ibmtpm20tss-users@...
Subject: Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] tpm sessions

On Tue Mar 19 19, Doug Fraser wrote:
Jerry,

We are on 4.14.77

I will look at cherry picking the tpm from 4.18
I'll take a stab at backporting the commit to 4.14 this afternoon. There are some minor differences back then, but it shouldn't too bad. Since it sounds like you are building the kernel, I can also send along a debugging patch that will spit out the values in the access and status registers when the status expect data check fails.

Regards,
Jerry


We are currently on Alpine 3.8 hoping to move to 3.9 (for other reasons) and also looking to move to 4.19 kernel.
This is going to take some time, but now I have a greater incentive to push on that.

Thank you all for your help in this.

Doug

Join openssl-tpm2-engine@groups.io to automatically receive all group messages.