Re: [PATCH 1/3] tpm: protect against locality counter underflow
From: Jarkko Sakkinen
Date: Thu Feb 22 2024 - 18:49:28 EST
On Thu Feb 22, 2024 at 11:06 AM EET, James Bottomley wrote:
> On Wed, 2024-02-21 at 19:43 +0000, Jarkko Sakkinen wrote:
> > On Wed Feb 21, 2024 at 12:37 PM UTC, James Bottomley wrote:
> > > On Tue, 2024-02-20 at 22:31 +0000, Jarkko Sakkinen wrote:
> [...]
> > > > I cannot recall out of top of my head can
> > > > you have two localities open at same time.
> > >
> > > I think there's a misunderstanding about what localities are:
> > > they're effectively an additional platform supplied tag to a
> > > command. Each command can therefore have one and only one
> > > locality. The TPM doesn't
> >
> > Actually this was not unclear at all. I even read the chapters from
> > Ariel Segall's yesterday as a refresher.
> >
> > I was merely asking that if TPM_ACCESS_X is not properly cleared and
> > you se TPM_ACCESS_Y where Y < X how does the hardware react as the
> > bug report is pretty open ended and not very clear of the steps
> > leading to unwanted results.
>
> So TPM_ACCESS_X is *not* a generic TPM thing, it's a TIS interface
> specific thing. Now the TIS interface seems to be dominating, so
> perhaps it is the correct programming model for us to follow, but not
> all current TPMs adhere to it.
I know, I only have CRB based TPMs in my host machines but here the
context is TIS interface so in this scope it's what we care about.
We're trying to fix a bug here, not speculate what additional
features could be done with localities.
BR, Jarkko