Re: [PATCH v2] tpm: Opt-in in disable PCR integrity protection

From: James Bottomley
Date: Mon Nov 11 2024 - 15:12:58 EST


On Mon, 2024-11-11 at 14:53 -0500, Mimi Zohar wrote:
> On Thu, 2024-11-07 at 08:52 -0500, James Bottomley wrote:
> > On Thu, 2024-11-07 at 15:49 +0200, Jarkko Sakkinen wrote:
> > > On Thu Nov 7, 2024 at 3:20 PM EET, James Bottomley wrote:
> > > > On Thu, 2024-11-07 at 11:51 +0200, Jarkko Sakkinen wrote:
> > > > [...]
> > > > > +void tpm_buf_append_auth(struct tpm_chip *chip, struct
> > > > > tpm_buf
> > > > > *buf,
> > > > > +                        u8 attributes, u8 *passphrase, int
> > > > > passphrase_len)
> > > > > +{
> > > > > +       /* offset tells us where the sessions area begins */
> > > > > +       int offset = buf->handles * 4 + TPM_HEADER_SIZE;
> > > > > +       u32 len = 9 + passphrase_len;
> > > > > +
> > > > > +       if (tpm_buf_length(buf) != offset) {
> > > > > +               /* not the first session so update the
> > > > > existing
> > > > > length */
> > > > > +               len += get_unaligned_be32(&buf-
> > > > > >data[offset]);
> > > > > +               put_unaligned_be32(len, &buf->data[offset]);
> > > > > +       } else {
> > > > > +               tpm_buf_append_u32(buf, len);
> > > > > +       }
> > > > > +       /* auth handle */
> > > > > +       tpm_buf_append_u32(buf, TPM2_RS_PW);
> > > > > +       /* nonce */
> > > > > +       tpm_buf_append_u16(buf, 0);
> > > > > +       /* attributes */
> > > > > +       tpm_buf_append_u8(buf, 0);
> > > > > +       /* passphrase */
> > > > > +       tpm_buf_append_u16(buf, passphrase_len);
> > > > > +       tpm_buf_append(buf, passphrase, passphrase_len);
> > > > > +}
> > > > > +
> > > >
> > > > The rest of the code looks fine, but if you're going to extract
> > > > this as a separate function instead of doing the open coded
> > > > struct
> > > > tpm2_null_auth that was there originally, you should probably
> > > > extract and use the tpm2_buf_append_auth() function in
> > > > trusted_tpm2.c
> > >
> > > So this was straight up from Mimi's original patch :-)
> >
> > Yes, I had the same comment prepped for that too.
>
> But it wasn't sent ...

no.

> >
> > > Hmm... was there duplicate use for this in the patch? I'll check
> > > this.
> >
> > The original open coded the empty auth append with struct
> > tpm2_null_auth since it's the only user.  However, since we do have
> > another user in trusted keys, it might make sense to consolidate.
>
> Instead of delaying the current patch from being upstreamed, perhaps
> this change can be deferred?

I don't see why not; it was the introduction of the new function rather
than going back to the struct tpm2_null_auth_area of the original that
caught my attention.

James