Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE

From: Ilias Apalodimas
Date: Thu Jun 27 2019 - 09:30:12 EST

Next message: Lee Jones: "[GIT PULL] Immutable branch between MFD, Clk, GPIO, Power, Regulator and RTC due for the v5.3 merge window"
Previous message: David Howells: "Re: linux-next: Tree for Jun 26 (security/integrity/ima/)"
In reply to: Jarkko Sakkinen: "Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi Jarkko,
> On Wed, 2019-06-26 at 19:56 -0400, Sasha Levin wrote:
> > > You've used so much on this so shouldn't this have that somewhat new
> > > co-developed-by tag? I'm also wondering can this work at all
> >
> > Honestly, I've just been massaging this patch more than "authoring" it.
> > If you feel strongly about it feel free to add a Co-authored patch with
> > my name, but in my mind this is just Thiru's work.
>
> This is just my subjective view but writing code is easier than making
> it work in the mainline in 99% of cases. If this patch was doing
> something revolutional, lets say a new outstanding scheduling algorithm,
> then I would think otherwise. It is not. You without question deserve
> both credit and also the blame (if this breaks everything) :-)
>
> > > process-wise if the original author of the patch is also the only tester
> > > of the patch?
> >
> > There's not much we can do about this... Linaro folks have tested this
> > without the fTPM firmware, so at the very least it won't explode for
> > everyone. If for some reason non-microsoft folks see issues then we can
> > submit patches on top to fix this, we're not just throwing this at you
> > and running away.
>
> So why any of those Linaro folks can't do it? I can add after tested-by
> tag parentheses something explaining that context of testing. It is
> reasonable given the circumstances.
There's 2 teams from Microsoft trying to do this [1]. We tested the previous
implementation (which problems on probing as built-in). We had to change some
stuff in the OP-TEE fTPM implementation [2] and test it in QEMU.

What i quickly did with this module was to replace the kernel of the previous
build with the new one. Unfortunately i couldn't get it to work, but i don't
know if it's the module or the changes in the fTPM OP-TEE part. Since you have
tested it my guess is that it has something to do with the OP-TEE part. I don't
have any objections in this going in. On the contrary i think the functionality
is really useful. I don't have hardware to test this at the moment, but once i
get it, i'll give it a spin.

The part i tested is that the probing works as expected when no fTPM
implementation is running on secure world.
Since it has been tested and doesn't break anything we can always fix corner,
cases afterwards with more extensive testing

[1]
https://github.com/ms-iot/linux/blob/ms-optee-ocalls-merge/drivers/char/tpm/tpm_ftpm_optee.c
[2] https://github.com/jbech-linaro/manifest/blob/ftpm/README.md

Thanks
/Ilias

>
> I can also give an explanation in my next PR along the lines what you
> are saying. This would definitely work for me.
>
> /Jarkko
>

Next message: Lee Jones: "[GIT PULL] Immutable branch between MFD, Clk, GPIO, Power, Regulator and RTC due for the v5.3 merge window"
Previous message: David Howells: "Re: linux-next: Tree for Jun 26 (security/integrity/ima/)"
In reply to: Jarkko Sakkinen: "Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE"
Next in thread: Jarkko Sakkinen: "Re: [PATCH v7 1/2] fTPM: firmware TPM running in TEE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]