Re: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
From: Stefan Berger
Date: Mon Jan 14 2019 - 14:51:56 EST
On 1/11/19 3:28 PM, Safford, David (GE Global Research) wrote:
-----Original Message-----
From: linux-integrity-owner@xxxxxxxxxxxxxxx <linux-integrity-
owner@xxxxxxxxxxxxxxx> On Behalf Of Stefan Berger
Sent: Wednesday, January 09, 2019 5:11 PM
To: linux-integrity@xxxxxxxxxxxxxxx; jarkko.sakkinen@xxxxxxxxxxxxxxx
Cc: linux-security-module@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx;
Stefan Berger <stefanb@xxxxxxxxxxxxxxxxxx>
Subject: EXT: [PATCH 0/5] Extend TPM PPI interface to support revision 1.3
This series of patches extends the TPM subsystem's PPI support to support
TPM PPI revision 1.3 where more commands are supported (up to 101) and
the TPM 2 command code '23' takes an additional parameter.
For the command code '23' see this document here on document page 39:
https://trustedcomputinggroup.org/wp-content/uploads/Physical-
Presence-Interface_1-30_0-52.pdf
Stefan
You might mention that this is an important feature, as on at least some
systems, ppi function 23 is the only way to enable/disable PCR banks.
'The only way' depends on how good or bad the firmware support for this
is. SeaBIOS will have a menu item that lets one toggle the activation of
the PCR banks in the firmware menu -- assuming my patch makes it
upstream :-)
I have tested this patch set on my HP Spectre laptop, and I am finally
able to turn the sha-1 bank on and off. Much appreciated!
Tested-by: David Safford <david.safford@xxxxxx>
Thanks.
ÂÂÂ Stefan
Stefan Berger (5):
tpm: ppi: pass function revision ID to tpm_eval_dsm()
tpm: ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_1
tpm: ppi: Display up to 101 operations as define for version 1.3
tpm: ppi: Possibly show command parameter if TPM PPI 1.3 is used
tpm: ppi: Enable submission of optional command parameter for PPI 1.3
drivers/char/tpm/tpm_ppi.c | 78 ++++++++++++++++++++++++++++--------
--
1 file changed, 58 insertions(+), 20 deletions(-)
--
2.17.1