[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH v10 10/20] tpm2: Add TPM Software Stack (TSS)
From: |
Gary Lin |
Subject: |
Re: [PATCH v10 10/20] tpm2: Add TPM Software Stack (TSS) |
Date: |
Wed, 10 Apr 2024 14:44:27 +0800 |
On Tue, Apr 09, 2024 at 11:32:44AM -0400, Stefan Berger wrote:
>
>
> On 4/9/24 04:30, Gary Lin via Grub-devel wrote:
> > From: Hernan Gatta <hegatta@linux.microsoft.com>
> >
> > A Trusted Platform Module (TPM) Software Stack (TSS) provides logic to
> > compose, submit, and parse TPM commands and responses.
> >
> > A limited number of TPM commands may be accessed via the EFI TCG2
> > protocol. This protocol exposes functionality that is primarily geared
> > toward TPM usage within the context of Secure Boot. For all other TPM
> > commands, however, such as sealing and unsealing, this protocol does not
> > provide any help, with the exception of passthrough command submission.
> >
> > The SubmitCommand method allows a caller to send raw commands to the
> > system's TPM and to receive the corresponding response. These
> > command/response pairs are formatted using the TPM wire protocol. To
> > construct commands in this way, and to parse the TPM's response, it is
> > necessary to, first, possess knowledge of the various TPM structures, and,
> > second, of the TPM wire protocol itself.
> >
> > As such, this patch includes a set of header files that define the
> > necessary TPM structures and TSS functions, implementations of various
> > TPM2_* functions (inventoried below), and logic to write and read command
> > and response buffers, respectively, using the TPM wire protocol.
> >
> > Functions: TPM2_Create, TPM2_CreatePrimary, TPM2_EvictControl,
> > TPM2_FlushContext, TPM2_Load, TPM2_PCR_Read, TPM2_PolicyGetDigest,
> > TPM2_PolicyPCR, TPM2_ReadPublic, TPM2_StartAuthSession, TPM2_Unseal,
> > TPM2_LoadExternal, TPM2_HashSequenceStart, TPM2_SequenceUpdate,
> > TPM2_SequenceComplete, TPM2_Hash, TPM2_VerifySignature,
> > TPM2_PolicyAuthorize, TPM2_TestParms
> >
> > Signed-off-by: Hernan Gatta <hegatta@linux.microsoft.com>
> > Signed-off-by: Gary Lin <glin@suse.com>
> > ---
> > grub-core/tpm2/buffer.c | 145 +++
> > grub-core/tpm2/mu.c | 1150 ++++++++++++++++++++++
> > grub-core/tpm2/tcg2.c | 143 +++
> > grub-core/tpm2/tpm2.c | 1221 ++++++++++++++++++++++++
>
> Apart from that this is 'a lot' (and maybe more complete than it needs to
> be)
There are some commands added in the early development stage but ended up not
used. I kept those commands since they are already there and may be
useful in some day.
> the only thing that cought my attention was that most times you have a
> default: handler in a case statements, occasionally it's missing. Maybe you
> should add some missing default: handlers.
>
Oops, thanks for spotting that. I'll add those missing default:
handlers.
> Also, Synopsis should extend Coverity to provide Reviewed-by's :-).
>
That could be a nice feature :)
Thanks,
Gary Lin
- [PATCH v10 04/20] libtasn1: changes for grub compatibility, (continued)
- [PATCH v10 04/20] libtasn1: changes for grub compatibility, Gary Lin, 2024/04/09
- [PATCH v10 02/20] libtasn1: import libtasn1-4.19.0, Gary Lin, 2024/04/09
- [PATCH v10 05/20] libtasn1: fix the potential buffer overrun, Gary Lin, 2024/04/09
- [PATCH v10 03/20] libtasn1: disable code not needed in grub, Gary Lin, 2024/04/09
- [PATCH v10 06/20] libtasn1: compile into asn1 module, Gary Lin, 2024/04/09
- [PATCH v10 08/20] libtasn1: Add the documentation, Gary Lin, 2024/04/09
- [PATCH v10 07/20] asn1_test: test module for libtasn1, Gary Lin, 2024/04/09
- [PATCH v10 09/20] key_protector: Add key protectors framework, Gary Lin, 2024/04/09
- [PATCH v10 10/20] tpm2: Add TPM Software Stack (TSS), Gary Lin, 2024/04/09
- [PATCH v10 11/20] key_protector: Add TPM2 Key Protector, Gary Lin, 2024/04/09
- [PATCH v10 12/20] cryptodisk: Support key protectors, Gary Lin, 2024/04/09
- [PATCH v10 13/20] util/grub-protect: Add new tool, Gary Lin, 2024/04/09
- [PATCH v10 15/20] tpm2: Implement NV index, Gary Lin, 2024/04/09
- [PATCH v10 14/20] tpm2: Support authorized policy, Gary Lin, 2024/04/09
- [PATCH v10 16/20] cryptodisk: Fallback to passphrase, Gary Lin, 2024/04/09
- [PATCH v10 18/20] diskfilter: look up cryptodisk devices first, Gary Lin, 2024/04/09
- [PATCH v10 17/20] cryptodisk: wipe out the cached keys from protectors, Gary Lin, 2024/04/09
- [PATCH v10 19/20] tpm2: Enable tpm2 module for grub-emu, Gary Lin, 2024/04/09
- [PATCH v10 20/20] tests: Add tpm2_test, Gary Lin, 2024/04/09