Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] tpm sessions

Doug Fraser
 

Ah, sorry, yes we are using the TIS driver

tpm_tis_spi 16384 0
tpm_tis_core 20480 1 tpm_tis_spi
tpm 57344 18 tpm_tis_spi,tpm_tis_core

I was just showing all the diffs that showed up in drivers/char/tpm

It seemed the most interesting (to us) would be in linux/drivers/char/tpm/tpm-interface.c

Is that not used in TIS? I didn't capture any other diffs.


Doug

-----Original Message-----
From: Jerry Snitselaar <jsnitsel@...>
Sent: Tuesday, March 19, 2019 1:52 PM
To: Doug Fraser <doug.fraser@...>
Cc: James Bottomley <James.Bottomley@...>; openssl-tpm2-engine@groups.io; Kenneth Goldman <kgoldman@...>; Ibmtpm20tss-users@...
Subject: Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] tpm sessions

On Tue, Mar 19, 2019 at 10:43 AM Doug Fraser <doug.fraser@...> wrote:

Jerry,

Was there anything outside of drivers/char/tpm tree?

I diffed that whole tree 4.14 vs 4.18 and got a small number of diffs.

Doug

These five files...

diff --unified --recursive --minimal a/linux/drivers/char/tpm/Kconfig
b/linux/drivers/char/tpm/Kconfig diff --unified --recursive --minimal
a/linux/drivers/char/tpm/tpm_crb.c b/linux/drivers/char/tpm/tpm_crb.c
diff --unified --recursive --minimal
a/linux/drivers/char/tpm/tpm_i2c_nuvoton.c
b/linux/drivers/char/tpm/tpm_i2c_nuvoton.c
diff --unified --recursive --minimal
a/linux/drivers/char/tpm/tpm-interface.c
b/linux/drivers/char/tpm/tpm-interface.c
diff --unified --recursive --minimal
a/linux/drivers/char/tpm/xen-tpmfront.c
b/linux/drivers/char/tpm/xen-tpmfront.c

With what looks to be the relevant changes in tpm-interface.c, with about a dozen lines spread across five sections of code.
I somehow got it in my mind reading this earlier that you were using the tis driver. My apologies on that, ignore the 4.18 suggestion then.
So you are using
tpm_i2c_nuvoton and the crb driver?



diff --unified --recursive --minimal a/linux/drivers/char/tpm/tpm-interface.c b/linux/drivers/char/tpm/tpm-interface.c
--- a/linux/drivers/char/tpm/tpm-interface.c 2019-02-25 12:55:59.000000000 -0500
+++ b/linux/drivers/char/tpm/tpm-interface.c 2019-03-19 09:36:57.601582514 -0400
@@ -479,13 +479,15 @@

if (need_locality) {
rc = tpm_request_locality(chip, flags);
- if (rc < 0)
- goto out_no_locality;
+ if (rc < 0) {
+ need_locality = false;
+ goto out_locality;
+ }
}

rc = tpm_cmd_ready(chip, flags);
if (rc)
- goto out;
+ goto out_locality;

rc = tpm2_prepare_space(chip, space, ordinal, buf);
if (rc)
@@ -549,14 +551,13 @@
dev_err(&chip->dev, "tpm2_commit_space: error %d\n",
rc);

out:
- rc = tpm_go_idle(chip, flags);
- if (rc)
- goto out;
+ /* may fail but do not override previous error value in rc */
+ tpm_go_idle(chip, flags);

+out_locality:
if (need_locality)
tpm_relinquish_locality(chip, flags);

-out_no_locality:
if (chip->ops->clk_enable != NULL)
chip->ops->clk_enable(chip, false);

@@ -611,12 +612,13 @@
rc = be32_to_cpu(header->return_code);
if (rc != TPM2_RC_RETRY)
break;
- delay_msec *= 2;
+
if (delay_msec > TPM2_DURATION_LONG) {
dev_err(&chip->dev, "TPM is in retry loop\n");
break;
}
tpm_msleep(delay_msec);
+ delay_msec *= 2;
memcpy(buf, save, save_size);
}
return ret;
@@ -652,7 +654,8 @@
return len;

err = be32_to_cpu(header->return_code);
- if (err != 0 && desc)
+ if (err != 0 && err != TPM_ERR_DISABLED && err != TPM_ERR_DEACTIVATED
+ && desc)
dev_err(&chip->dev, "A TPM error (%d) occurred %s\n", err,
desc);
if (err)

-----Original Message-----
From: Jerry Snitselaar <jsnitsel@...>
Sent: Tuesday, March 19, 2019 1:31 PM
To: Doug Fraser <doug.fraser@...>
Cc: James Bottomley <James.Bottomley@...>;
openssl-tpm2-engine@groups.io; Kenneth Goldman <kgoldman@...>;
Ibmtpm20tss-users@...
Subject: Re: [Ibmtpm20tss-users] [openssl-tpm2-engine] tpm sessions

On Tue Mar 19 19, Doug Fraser wrote:
Jerry,

We are on 4.14.77

I will look at cherry picking the tpm from 4.18
I'll take a stab at backporting the commit to 4.14 this afternoon. There are some minor differences back then, but it shouldn't too bad. Since it sounds like you are building the kernel, I can also send along a debugging patch that will spit out the values in the access and status registers when the status expect data check fails.

Regards,
Jerry


We are currently on Alpine 3.8 hoping to move to 3.9 (for other reasons) and also looking to move to 4.19 kernel.
This is going to take some time, but now I have a greater incentive to push on that.

Thank you all for your help in this.

Doug
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient:(a) any dissemination or copying of this message is strictly prohibited; and (b) immediately notify the sender by return message and destroy any copies of this message in any form (electronic, paper or otherwise) that you have. The delivery of this message and its information is neither intended to be nor constitutes a disclosure or waiver of any trade secrets, intellectual property, attorney work product, or attorney-client communications.

Join openssl-tpm2-engine@groups.io to automatically receive all group messages.