|
|
Subscribe / Log in / New account

tpm: Decouple PCR extend from driver

From:  Jarkko Sakkinen <jarkko-AT-kernel.org>
To:  linux-integrity-AT-vger.kernel.org
Subject:  [PATCH v2 0/9] tpm: Decouple PCR extend from driver
Date:  Mon, 29 Sep 2025 06:59:29 +0300
Message-ID:  <20250929035938.1773341-1-jarkko@kernel.org>
Cc:  dpsmith-AT-apertussolutions.com, ross.philipson-AT-oracle.com, Jarkko Sakkinen <jarkko-AT-kernel.org>, David Howells <dhowells-AT-redhat.com>, Paul Moore <paul-AT-paul-moore.com>, James Morris <jmorris-AT-namei.org>, "Serge E. Hallyn" <serge-AT-hallyn.com>, keyrings-AT-vger.kernel.org (open list:KEYS/KEYRINGS), linux-security-module-AT-vger.kernel.org (open list:SECURITY SUBSYSTEM), linux-kernel-AT-vger.kernel.org (open list)
Archive-link:  Article

Decouple tpm2-sessions enough from implementation so that building for PCR
extend commands can be decoupled from rest of the implementation. This is
a mandatory for Trenchboot series, and including all these changes for
that series would over-complicate it.

This is first part of refactorizations for make grounds for Trenchboot,
and still aimed for 6.18. The second part includes robustness updates
for tpm-buf.

v2:
- While including fixes from v1, this patch set has a refocus in order to
  do minimal changes to make code base more compatible  Trenchboot.

Jarkko Sakkinen (9):
  tpm: cap PCR bank in tpm2_get_pcr_allocations()
  tpm: Use -EPERM as fallback error code in tpm_ret_to_err
  KEYS: trusted: Use tpm_ret_to_err() in trusted_tpm2
  tpm2-sessions: Remove 'attributes' from tpm_buf_append_auth
  tpm2-sessions: Umask tpm_buf_append_hmac_session()
  KEYS: trusted: Open code tpm2_buf_append()
  tpm-buf: check for corruption in  tpm_buf_append_handle()
  tpm-buf: Remove chip parameeter from tpm_buf_append_handle
  tpm-buf: Build PCR extend commands

 drivers/char/tpm/tpm-buf.c                | 85 +++++++++++++++++---
 drivers/char/tpm/tpm-chip.c               | 13 +++-
 drivers/char/tpm/tpm.h                    |  1 -
 drivers/char/tpm/tpm1-cmd.c               | 40 ++--------
 drivers/char/tpm/tpm2-cmd.c               | 39 ++++++----
 drivers/char/tpm/tpm2-sessions.c          |  7 +-
 include/linux/tpm.h                       | 61 +++++----------
 include/linux/tpm_command.h               |  5 +-
 security/keys/trusted-keys/trusted_tpm2.c | 95 +++++++----------------
 9 files changed, 170 insertions(+), 176 deletions(-)

-- 
2.39.5

Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds