TPM: ACPI/PNP dependency removal
in [Kernel]
|
Prev: [Bug #15768] Incorrectly calculated free blocks result in ENOSPC from writepage
Next: [Bug #15610] fsck leads to swapper - BUG: unable to handle kernel NULL pointer dereference & panic
From: Randy Dunlap on 4 May 2010 18:10 On Tue, 04 May 2010 18:49:20 -0300 Rajiv Andrade wrote: > This patch pushes the ACPI dependency into the device driver code > itself. Now, even without ACPI/PNP enabled, the device can be registered > using the TIS specified memory space. This will however result in the > lack of access to the bios event log, being the only implication of such > ACPI removal. > > Signed-off-by: Rajiv Andrade <srajiv(a)linux.vnet.ibm.com> > Acked-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> > --- > drivers/char/tpm/Kconfig | 14 +++++++++++--- > drivers/char/tpm/tpm_tis.c | 42 ++++++++++++++++++++++-------------------- > 2 files changed, 33 insertions(+), 23 deletions(-) > > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig > index f5fc64f..0a9ec0b 100644 > --- a/drivers/char/tpm/Kconfig > +++ b/drivers/char/tpm/Kconfig > @@ -17,20 +17,28 @@ menuconfig TCG_TPM > obtained at: <http://sourceforge.net/projects/trousers>. To > compile this driver as a module, choose M here; the module > will be called tpm. If unsure, say N. > - Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI > - and CONFIG_PNPACPI. > + Note: For more TPM drivers and BIOS LOG access enable > + CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. > > if TCG_TPM > > config TCG_TIS > tristate "TPM Interface Specification 1.2 Interface" > - depends on PNP > ---help--- > If you have a TPM security chip that is compliant with the > TCG TIS 1.2 TPM specification say Yes and it will be accessible > from within Linux. To compile this driver as a module, choose > M here; the module will be called tpm_tis. > > +config TCG_BIOS_LOG > + bool "TPM bios mesurement log" BIOS measurement > + depends on X86 > + select ACPI > + ---help--- > + ACPI is required for access to bios measurements lists and therefore BIOS and if I had any say-so, I would Nack this part of the patch. Selecting ACPI adds a huge amount of code, so it should just depend on ACPI IMO. Also, ACPI depends on PCI and PM, so if this "select" part remains, this should be more like: depends on X86 && PCI && PM (unless that's already enforced somewhere else). > + to validate the PCR[0] value. So say Yes in case you want this > + feature and, consequently, ACPI will be enabled. > + > config TCG_NSC > tristate "National Semiconductor TPM Interface" > ---help--- --- ~Randy *** Remember to use Documentation/SubmitChecklist when testing your code *** -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Mimi Zohar on 4 May 2010 18:40 On Tue, 2010-05-04 at 15:00 -0700, Randy Dunlap wrote: > On Tue, 04 May 2010 18:49:20 -0300 Rajiv Andrade wrote: > > > This patch pushes the ACPI dependency into the device driver code > > itself. Now, even without ACPI/PNP enabled, the device can be registered > > using the TIS specified memory space. This will however result in the > > lack of access to the bios event log, being the only implication of such > > ACPI removal. > > > > Signed-off-by: Rajiv Andrade <srajiv(a)linux.vnet.ibm.com> > > Acked-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> > > --- > > drivers/char/tpm/Kconfig | 14 +++++++++++--- > > drivers/char/tpm/tpm_tis.c | 42 ++++++++++++++++++++++-------------------- > > 2 files changed, 33 insertions(+), 23 deletions(-) > > > > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig > > index f5fc64f..0a9ec0b 100644 > > --- a/drivers/char/tpm/Kconfig > > +++ b/drivers/char/tpm/Kconfig > > @@ -17,20 +17,28 @@ menuconfig TCG_TPM > > obtained at: <http://sourceforge.net/projects/trousers>. To > > compile this driver as a module, choose M here; the module > > will be called tpm. If unsure, say N. > > - Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI > > - and CONFIG_PNPACPI. > > + Note: For more TPM drivers and BIOS LOG access enable > > + CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. > > > > if TCG_TPM > > > > config TCG_TIS > > tristate "TPM Interface Specification 1.2 Interface" > > - depends on PNP > > ---help--- > > If you have a TPM security chip that is compliant with the > > TCG TIS 1.2 TPM specification say Yes and it will be accessible > > from within Linux. To compile this driver as a module, choose > > M here; the module will be called tpm_tis. > > > > +config TCG_BIOS_LOG > > + bool "TPM bios mesurement log" > > BIOS measurement > > > + depends on X86 > > + select ACPI > > + ---help--- > > + ACPI is required for access to bios measurements lists and therefore > > BIOS > > and if I had any say-so, I would Nack this part of the patch. > Selecting ACPI adds a huge amount of code, so it should just depend on ACPI IMO. Just posted a patch removing the ACPI dependency from IMA, as IMA can run with/without ACPI or TPM enabled. However, without ACPI enabled, the PCR values can not be verified against the BIOS measurement log. > Also, ACPI depends on PCI and PM, so if this "select" part remains, > this should be more like: > > depends on X86 && PCI && PM > > (unless that's already enforced somewhere else). Thanks. > > + to validate the PCR[0] value. So say Yes in case you want this > > + feature and, consequently, ACPI will be enabled. > > + > > config TCG_NSC > > tristate "National Semiconductor TPM Interface" > > ---help--- Mimi -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: James Morris on 4 May 2010 20:10 On Tue, 4 May 2010, Rajiv Andrade wrote: > This patch pushes the ACPI dependency into the device driver code > itself. Now, even without ACPI/PNP enabled, the device can be registered > using the TIS specified memory space. This will however result in the > lack of access to the bios event log, being the only implication of such > ACPI removal. > > Signed-off-by: Rajiv Andrade <srajiv(a)linux.vnet.ibm.com> > Acked-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> Applied to git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next -- James Morris <jmorris(a)namei.org> -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Rajiv Andrade on 6 May 2010 23:10 On May 4, 2010, at 7:00 PM, Randy Dunlap wrote: > On Tue, 04 May 2010 18:49:20 -0300 Rajiv Andrade wrote: > >> This patch pushes the ACPI dependency into the device driver code >> itself. Now, even without ACPI/PNP enabled, the device can be registered >> using the TIS specified memory space. This will however result in the >> lack of access to the bios event log, being the only implication of such >> ACPI removal. >> >> Signed-off-by: Rajiv Andrade <srajiv(a)linux.vnet.ibm.com> >> Acked-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> >> --- >> drivers/char/tpm/Kconfig | 14 +++++++++++--- >> drivers/char/tpm/tpm_tis.c | 42 ++++++++++++++++++++++-------------------- >> 2 files changed, 33 insertions(+), 23 deletions(-) >> >> diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig >> index f5fc64f..0a9ec0b 100644 >> --- a/drivers/char/tpm/Kconfig >> +++ b/drivers/char/tpm/Kconfig >> @@ -17,20 +17,28 @@ menuconfig TCG_TPM >> obtained at: <http://sourceforge.net/projects/trousers>. To >> compile this driver as a module, choose M here; the module >> will be called tpm. If unsure, say N. >> - Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI >> - and CONFIG_PNPACPI. >> + Note: For more TPM drivers and BIOS LOG access enable >> + CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. >> >> if TCG_TPM >> >> config TCG_TIS >> tristate "TPM Interface Specification 1.2 Interface" >> - depends on PNP >> ---help--- >> If you have a TPM security chip that is compliant with the >> TCG TIS 1.2 TPM specification say Yes and it will be accessible >> from within Linux. To compile this driver as a module, choose >> M here; the module will be called tpm_tis. >> >> +config TCG_BIOS_LOG >> + bool "TPM bios mesurement log" > > BIOS measurement > >> + depends on X86 >> + select ACPI >> + ---help--- >> + ACPI is required for access to bios measurements lists and therefore > > BIOS > > and if I had any say-so, I would Nack this part of the patch. > Selecting ACPI adds a huge amount of code, so it should just depend on ACPI IMO. > > Also, ACPI depends on PCI and PM, so if this "select" part remains, > this should be more like: > > depends on X86 && PCI && PM > > (unless that's already enforced somewhere else). Ok, this option here was just to enforce the warning 'You won't be able to validate PCRs 0-7 if without ACPI enabled'. I'll then just document this and remove this option. In the end, we'll be left with the ACPI code and Kconfig dependency removal from the TPM device driver. Thanks, Rajiv -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
From: Rajiv Andrade on 13 May 2010 16:40
This patch pushes the ACPI dependency into the device driver code itself. Now, even without ACPI/PNP enabled, the device can be registered using the TIS specified memory space. This will however result in the lack of access to the BIOS event log, being the only implication of such ACPI removal. Signed-off-by: Rajiv Andrade <srajiv(a)linux.vnet.ibm.com> Acked-by: Mimi Zohar <zohar(a)linux.vnet.ibm.com> --- drivers/char/tpm/Kconfig | 6 ++++-- drivers/char/tpm/tpm_tis.c | 42 ++++++++++++++++++++++-------------------- 2 files changed, 26 insertions(+), 22 deletions(-) diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index f5fc64f..fffc994 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -17,14 +17,16 @@ menuconfig TCG_TPM obtained at: <http://sourceforge.net/projects/trousers>. To compile this driver as a module, choose M here; the module will be called tpm. If unsure, say N. - Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI + Notes: + 1) For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI. + 2) Without ACPI enabled, the BIOS event log won't be accessible, + which is required to validate the PCR 0-7 values. if TCG_TPM config TCG_TIS tristate "TPM Interface Specification 1.2 Interface" - depends on PNP ---help--- If you have a TPM security chip that is compliant with the TCG TIS 1.2 TPM specification say Yes and it will be accessible diff --git a/drivers/char/tpm/tpm_tis.c b/drivers/char/tpm/tpm_tis.c index 27e8de4..2423d66 100644 --- a/drivers/char/tpm/tpm_tis.c +++ b/drivers/char/tpm/tpm_tis.c @@ -597,7 +597,7 @@ out_err: tpm_remove_hardware(chip->dev); return rc; } - +#ifdef CONFIG_PNP static int __devinit tpm_tis_pnp_init(struct pnp_dev *pnp_dev, const struct pnp_device_id *pnp_id) { @@ -661,7 +661,7 @@ static struct pnp_driver tis_pnp_driver = { module_param_string(hid, tpm_pnp_tbl[TIS_HID_USR_IDX].id, sizeof(tpm_pnp_tbl[TIS_HID_USR_IDX].id), 0444); MODULE_PARM_DESC(hid, "Set additional specific HID for this driver to probe"); - +#endif static int tpm_tis_suspend(struct platform_device *dev, pm_message_t msg) { return tpm_pm_suspend(&dev->dev, msg); @@ -688,21 +688,21 @@ MODULE_PARM_DESC(force, "Force device probe rather than using ACPI entry"); static int __init init_tis(void) { int rc; - - if (force) { - rc = platform_driver_register(&tis_drv); - if (rc < 0) - return rc; - if (IS_ERR(pdev=platform_device_register_simple("tpm_tis", -1, NULL, 0))) - return PTR_ERR(pdev); - if((rc=tpm_tis_init(&pdev->dev, TIS_MEM_BASE, TIS_MEM_LEN, 0)) != 0) { - platform_device_unregister(pdev); - platform_driver_unregister(&tis_drv); - } +#ifdef CONFIG_PNP + if (!force) + return pnp_register_driver(&tis_pnp_driver); +#endif + + rc = platform_driver_register(&tis_drv); + if (rc < 0) return rc; + if (IS_ERR(pdev=platform_device_register_simple("tpm_tis", -1, NULL, 0))) + return PTR_ERR(pdev); + if((rc=tpm_tis_init(&pdev->dev, TIS_MEM_BASE, TIS_MEM_LEN, 0)) != 0) { + platform_device_unregister(pdev); + platform_driver_unregister(&tis_drv); } - - return pnp_register_driver(&tis_pnp_driver); + return rc; } static void __exit cleanup_tis(void) @@ -726,12 +726,14 @@ static void __exit cleanup_tis(void) list_del(&i->list); } spin_unlock(&tis_lock); - - if (force) { - platform_device_unregister(pdev); - platform_driver_unregister(&tis_drv); - } else +#ifdef CONFIG_PNP + if (!force) { pnp_unregister_driver(&tis_pnp_driver); + return; + } +#endif + platform_device_unregister(pdev); + platform_driver_unregister(&tis_drv); } module_init(init_tis); -- 1.6.6.1 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo(a)vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/ |