Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands

From: Ken Goldman
Date: Mon Mar 20 2017 - 18:46:10 EST

Next message: Luck, Tony: "Re: [PATCH 3/4] RAS: Add a Corrected Errors Collector"
Previous message: Tomoyoshi ASANO: "Re: [Y2038] [RESEND PATCH 2/7] time: Change posix clocks ops interfaces to use timespec64"
In reply to: Jason Gunthorpe: "Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands"
Next in thread: Alexander.Steffen: "RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 3/20/2017 5:54 AM, Alexander.Steffen@xxxxxxxxxxxx wrote:

There are a few special cases that need some thought though. For
example, it is possible to use an upgrade to switch the TPM family
from 1.2 to 2.0 (or vice versa). In this case it seems useful to let
the kernel reinitialize the TPM driver, so it uses the correct
timeouts for communication, activates the correct features (resource
manager or not?), etc., without needing to reboot the system.

In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur without a reboot? Is it an important use case?

1 - It would leave the SHA-256 PCRs in the reset state.

2 - It's possible that this upgrade would also require a BIOS upgrade.

Next message: Luck, Tony: "Re: [PATCH 3/4] RAS: Add a Corrected Errors Collector"
Previous message: Tomoyoshi ASANO: "Re: [Y2038] [RESEND PATCH 2/7] time: Change posix clocks ops interfaces to use timespec64"
In reply to: Jason Gunthorpe: "Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands"
Next in thread: Alexander.Steffen: "RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]