[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PATCH 0/9] vtpmmgr: Some fixes - still incomplete

To: xen-devel@xxxxxxxxxxxxxxxxxxxx
From: Jason Andryuk <jandryuk@xxxxxxxxx>
Date: Tue, 4 May 2021 08:48:33 -0400
Cc: Jason Andryuk <jandryuk@xxxxxxxxx>, Ian Jackson <iwj@xxxxxxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, Daniel De Graaf <dgdegra@xxxxxxxxxxxxx>, Quan Xu <quan.xu0@xxxxxxxxx>, Samuel Thibault <samuel.thibault@xxxxxxxxxxxx>, Dag Nygren <dag@xxxxxxxxxx>
Delivery-date: Tue, 04 May 2021 12:49:13 +0000
List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

vtpmmgr TPM 2.0 support is incomplete.  There is no code to save the
tpm2 keys generated by the vtpmmgr, so it's impossible to restore vtpm
state with tpm2.  The vtpmmgr also issues TPM 1.2 commands to the TPM
2.0 hardware which naturally fails.  Dag reported this [1][2], and I
independently re-discovered it.

I have not fixed the above issues.  These are some fixes I made while
investigating tpm2 support.  At a minimum, "docs: Warn about incomplete
vtpmmgr TPM 2.0 support" should be applied to warn others.

This is useful for debugging:
vtpmmgr: Print error code to aid debugging

This fixes vtpmmgr output (also noted by Dag [3]) but maybe removing %z
would be better:
stubom: newlib: Enable C99 formats for %z

This gives more flexibility if you are already using the TPM2 hardware:
vtpmmgr: Allow specifying srk_handle for TPM2

These are some changes to unload keys from the TPM hardware (so they
are not still loaded for anything that runs afterwards):
vtpmmgr: Move vtpmmgr_shutdown
vtpmmgr: Flush transient keys on shutdown
vtpmmgr: Flush all transient keys
vtpmmgr: Shutdown more gracefully

This lets vtpms initialize their random pools:
vtpmmgr: Support GetRandom passthrough on TPM 2.0

[1] https://lore.kernel.org/xen-devel/8285393.eUs1EhXEQl@xxxxxxxxxxxxxxxxxx/
[2] https://lore.kernel.org/xen-devel/1615731.eyaQ0j4tC5@xxxxxxxxxxxxxxxxxx/
[3] https://lore.kernel.org/xen-devel/3151252.0ZAaMuH7Fy@xxxxxxxxxxxxxx/

Jason Andryuk (9):
  docs: Warn about incomplete vtpmmgr TPM 2.0 support
  vtpmmgr: Print error code to aid debugging
  stubom: newlib: Enable C99 formats for %z
  vtpmmgr: Allow specifying srk_handle for TPM2
  vtpmmgr: Move vtpmmgr_shutdown
  vtpmmgr: Flush transient keys on shutdown
  vtpmmgr: Flush all transient keys
  vtpmmgr: Shutdown more gracefully
  vtpmmgr: Support GetRandom passthrough on TPM 2.0

 docs/man/xen-vtpmmgr.7.pod         | 18 +++++++++++
 stubdom/Makefile                   |  2 +-
 stubdom/vtpmmgr/init.c             | 49 ++++++++++++++++++++----------
 stubdom/vtpmmgr/marshal.h          | 10 ++++++
 stubdom/vtpmmgr/tpm.c              |  2 +-
 stubdom/vtpmmgr/tpm2.c             |  2 +-
 stubdom/vtpmmgr/vtpm_cmd_handler.c | 48 +++++++++++++++++++++++++++++
 stubdom/vtpmmgr/vtpmmgr.c          | 12 +++++++-
 8 files changed, 123 insertions(+), 20 deletions(-)

-- 
2.30.2

Follow-Ups:
- [PATCH 9/9] vtpmmgr: Support GetRandom passthrough on TPM 2.0
  - From: Jason Andryuk
- [PATCH 8/9] vtpmmgr: Shutdown more gracefully
  - From: Jason Andryuk
- [PATCH 7/9] vtpmmgr: Flush all transient keys
  - From: Jason Andryuk
- [PATCH 6/9] vtpmmgr: Flush transient keys on shutdown
  - From: Jason Andryuk
- [PATCH 5/9] vtpmmgr: Move vtpmmgr_shutdown
  - From: Jason Andryuk
- [PATCH 4/9] vtpmmgr: Allow specifying srk_handle for TPM2
  - From: Jason Andryuk
- [PATCH 3/9] stubom: newlib: Enable C99 formats for %z
  - From: Jason Andryuk
- [PATCH 2/9] vtpmmgr: Print error code to aid debugging
  - From: Jason Andryuk
- [PATCH 1/9] docs: Warn about incomplete vtpmmgr TPM 2.0 support
  - From: Jason Andryuk

Prev by Date: Re: [PATCH 3/5] x86/xstate: Rework xstate_ctxt_size() as xstate_uncompressed_size()
Next by Date: [PATCH 1/9] docs: Warn about incomplete vtpmmgr TPM 2.0 support
Previous by thread: Xen Security Advisory 370 v2 (CVE-2021-28689) - x86: Speculative vulnerabilities with bare (non-shim) 32-bit PV guests
Next by thread: [PATCH 1/9] docs: Warn about incomplete vtpmmgr TPM 2.0 support
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.