Re: [RFC PATCH v2 07/13] tpm: enable bank selection for PCR extend

From: Nicolai Stange
Date: Wed Mar 26 2025 - 05:46:08 EST

Next message: Oliver Neukum: "Re: [PATCH v2] net: usb: usbnet: restore usb%d name exception for local mac addresses"
Previous message: Roxana Nicolescu: "[PATCH] bcachefs: replace deprecated strncpy() with strscpy()"
In reply to: Nicolai Stange: "Re: [RFC PATCH v2 07/13] tpm: enable bank selection for PCR extend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jarkko Sakkinen <jarkko@xxxxxxxxxx> writes:

> On Sun, Mar 23, 2025 at 03:09:05PM +0100, Nicolai Stange wrote:
>> The existing tpm_pcr_extend() extends all of a PCR's allocated banks with
>> the corresponding digest from the provided digests[] argument.
>
> Why not "just" tpm_pcr_extend(). We don't have a concept of
> "non-existing tpm_pcr_extend()".
>
> "tpm_pcr_extend() extends the allocated PCR banks ..."
>
> or something.

Right.

>>
>> An upcoming code change to IMA will introduce the need to skip over those
>
> Don't talk about upcoming code changes. Just explain why IMA depends on
> the change.

Ok.

>> banks it does not have a hash algorithm implementation available for.
>>
>> Introduce tpm_pcr_extend_sel() to support this.
>>
>> tpm_pcr_extend_sel() also expects a digests[] array, always being the
>> number of allocated PCR banks in size, just as it's the case for the
>> existing tpm_pcr_extend(). In addition to that however, it takes a
>> 'banks_skip_mask', and will skip the extension of any bank having its
>> corresponding bit set there.
>>
>> Signed-off-by: Nicolai Stange <nstange@xxxxxxx>
>> ---
>> drivers/char/tpm/tpm-interface.c | 29 +++++++++++++++++++++++++++--
>> drivers/char/tpm/tpm.h | 3 ++-
>> drivers/char/tpm/tpm2-cmd.c | 29 +++++++++++++++++++++++++++--
>> include/linux/tpm.h | 3 +++
>> 4 files changed, 59 insertions(+), 5 deletions(-)
>>
>> diff --git a/drivers/char/tpm/tpm-interface.c b/drivers/char/tpm/tpm-interface.c
>> index b1daa0d7b341..88b4496de1df 100644
>> --- a/drivers/char/tpm/tpm-interface.c
>> +++ b/drivers/char/tpm/tpm-interface.c
>> @@ -314,6 +314,26 @@ EXPORT_SYMBOL_GPL(tpm_pcr_read);
>> */
>> int tpm_pcr_extend(struct tpm_chip *chip, u32 pcr_idx,
>> struct tpm_digest *digests)
>> +{
>> + return tpm_pcr_extend_sel(chip, pcr_idx, digests, 0);
>> +}
>> +EXPORT_SYMBOL_GPL(tpm_pcr_extend);
>
> I'd add just an extra argument to tpm_pcr_extend().

Perfect, will do.

Thanks!

Nicolai

--
SUSE Software Solutions Germany GmbH, Frankenstraße 146, 90461 Nürnberg, Germany
GF: Ivo Totev, Andrew McDonald, Werner Knoblich
(HRB 36809, AG Nürnberg)

Next message: Oliver Neukum: "Re: [PATCH v2] net: usb: usbnet: restore usb%d name exception for local mac addresses"
Previous message: Roxana Nicolescu: "[PATCH] bcachefs: replace deprecated strncpy() with strscpy()"
In reply to: Nicolai Stange: "Re: [RFC PATCH v2 07/13] tpm: enable bank selection for PCR extend"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]