RE: [PATCH v3 0/2] ftpm: a firmware based TPM driver

From: Thirupathaiah Annapureddy
Date: Thu May 16 2019 - 15:26:08 EST




> -----Original Message-----
> From: Sumit Garg <sumit.garg@xxxxxxxxxx>
> Sent: Thursday, May 16, 2019 12:06 AM
> To: Thirupathaiah Annapureddy <thiruan@xxxxxxxxxxxxx>
> Cc: Sasha Levin <sashal@xxxxxxxxxx>; Jarkko Sakkinen
> <jarkko.sakkinen@xxxxxxxxxxxxxxx>; peterhuewe@xxxxxx; jgg@xxxxxxxx;
> corbet@xxxxxxx; Linux Kernel Mailing List <linux-kernel@xxxxxxxxxxxxxxx>;
> linux-doc@xxxxxxxxxxxxxxx; linux-integrity@xxxxxxxxxxxxxxx; Microsoft Linux
> Kernel List <linux-kernel@xxxxxxxxxxxxx>; Bryan Kelly (CSI)
> <bryankel@xxxxxxxxxxxxx>
> Subject: Re: [PATCH v3 0/2] ftpm: a firmware based TPM driver
>
> On Thu, 16 May 2019 at 06:30, Thirupathaiah Annapureddy
> <thiruan@xxxxxxxxxxxxx> wrote:
> >
> >
> >
> > > -----Original Message-----
> > > From: Sumit Garg <sumit.garg@xxxxxxxxxx>
> > > Sent: Tuesday, May 14, 2019 7:02 PM
> > > To: Sasha Levin <sashal@xxxxxxxxxx>
> > > Cc: Jarkko Sakkinen <jarkko.sakkinen@xxxxxxxxxxxxxxx>;
> peterhuewe@xxxxxx;
> > > jgg@xxxxxxxx; corbet@xxxxxxx; Linux Kernel Mailing List <linux-
> > > kernel@xxxxxxxxxxxxxxx>; linux-doc@xxxxxxxxxxxxxxx; linux-
> > > integrity@xxxxxxxxxxxxxxx; Microsoft Linux Kernel List <linux-
> > > kernel@xxxxxxxxxxxxx>; Thirupathaiah Annapureddy
> <thiruan@xxxxxxxxxxxxx>;
> > > Bryan Kelly (CSI) <bryankel@xxxxxxxxxxxxx>
> > > Subject: Re: [PATCH v3 0/2] ftpm: a firmware based TPM driver
> > >
> > > On Wed, 15 May 2019 at 01:00, Sasha Levin <sashal@xxxxxxxxxx> wrote:
> > > >
> > > > On Wed, May 08, 2019 at 03:44:36PM +0300, Jarkko Sakkinen wrote:
> > > > >On Tue, May 07, 2019 at 01:40:20PM -0400, Sasha Levin wrote:
> > > > >> On Mon, Apr 15, 2019 at 11:56:34AM -0400, Sasha Levin wrote:
> > > > >> > From: "Sasha Levin (Microsoft)" <sashal@xxxxxxxxxx>
> > > > >> >
> > > > >> > Changes since v2:
> > > > >> >
> > > > >> > - Drop the devicetree bindings patch (we don't add any new
> ones).
> > > > >> > - More code cleanups based on Jason Gunthorpe's review.
> > > > >> >
> > > > >> > Sasha Levin (2):
> > > > >> > ftpm: firmware TPM running in TEE
> > > > >> > ftpm: add documentation for ftpm driver
> > > > >>
> > > > >> Ping? Does anyone have any objections to this?
> > > > >
> > > > >Sorry I've been on vacation week before last week and last week
> > > > >I was extremely busy because I had been on vacation. This in
> > > > >my TODO list. Will look into it tomorrow in detail.
> > > > >
> > > > >Apologies for the delay with this!
> > > >
> > > > Hi Jarkko,
> > > >
> > > > If there aren't any big objections to this, can we get it merged in?
> > > > We'll be happy to address any comments that come up.
> > >
> > > I guess you have missed or ignored this comment [1]. Please address it.
> > >
> > > [1]
> > >
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Flkml.org%
> > >
> 2Flkml%2F2019%2F5%2F8%2F11&amp;data=01%7C01%7Cthiruan%40microsoft.com%7Cf2a
> > >
> 80c7b94434329eaee08d6d8d962b1%7C72f988bf86f141af91ab2d7cd011db47%7C1&amp;sd
> > > ata=hyJRc23NwEFLDuaIMkbSCGetd%2BObQWiAg%2BJtMMR6z9U%3D&amp;reserved=0
> > >
> > > -Sumit
> >
> > Thanks for reviewing and adding comments.
> >
> > We tried to use TEE bus framework you suggested for fTPM enumeration.
> > We were not able to pass the TCG Logs collected by the boot loaders.
> >
> > Currently there are 3 ways to pass TCG Logs based on the code
> > in drivers/char/tpm/eventlog:
> >
> > 1. ACPI Table
> > 2. EFI Table
> > 3. OF Device node properties
> >
> > Our ARM system is booting using U-boot and Device Tree.
> > So ACPI/EFI table mechanism to pass TCG2 logs won't be applicable.
> > We needed to use OF device node properties to pass TCG2 Logs.
> > TEE bus enumeration framework does not work for our use case due to the
> above.
>
> Firstly let me clarify that this framework is intended to communicate
> with TEE based services/devices rather than boot loader. And in this
> case fTPM being a TEE based service, so this framework should be used.
>
It does not work for our use case. We gave enough justification so far.
TEE bus enumeration needs to be flexible to support our use case and
more future use cases.

> >
> > Is it possible to add flexibility in TEE bus enumeration framework to
> support
> > platform specific properties through OF nodes or ACPI?
> >
>
> As you mentioned above, TCG logs are collected by boot loader. So it
> should find a way to pass them to Linux.
>
> How about if boot loader register these TCG logs with fTPM TA which
> could be fetched during fTPM driver probe or new api like
> tpm_read_log_tee()?

And then how does fTPM driver pass TCG Logs to the TPM framework?
It requires changes to the upstream TPM framework to ask the driver
explicitly for the TCG Logs.

Note that this also requires changes to the fTPM TA that has been existing for few years.

Is it not possible to add flexibility in TEE bus enumeration framework to
support platform specific properties through OF nodes or ACPI?

Devices enumerated by buses such as i2c can read platform specific properties.
With this flexibility added, more future use cases through TEE bus.


> This is something similar to what I used in
> optee-rng [1] driver to fetch RNG properties.
>
> [1]
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
> m%2Ftorvalds%2Flinux%2Fblob%2Fmaster%2Fdrivers%2Fchar%2Fhw_random%2Foptee-
> rng.c%23L176&amp;data=02%7C01%7Cthiruan%40microsoft.com%7Cd37438eaf4f9483e4
> 0c708d6d9ccfe0c%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C63693587179549
> 3006&amp;sdata=As9sC45Bl7sZdJKOq0sHz6GmXttMxS80Nn5yvN4vqng%3D&amp;reserved=
> 0
>
> -Sumit
>
> > >
> > > >
> > > > --
> > > > Thanks,
> > > > Sasha