Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Mon, Mar 20, 2017 at 09:56:17AM +, alexander.stef...@infineon.com wrote: > > I think the most straight-forward way to sort this out would be to limit > > validation to the resource manager. > > Sounds good to me. > > > If I send a fix, would you care to test it? > > Sure, will do. > > Alexander I sent the patch. Please check it out. /Jarkko
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Mon, Mar 20, 2017 at 09:56:17AM +, alexander.stef...@infineon.com wrote: > > I think the most straight-forward way to sort this out would be to limit > > validation to the resource manager. > > Sounds good to me. > > > If I send a fix, would you care to test it? > > Sure, will do. > > Alexander I sent the patch. Please check it out. /Jarkko
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> > There are a few special cases that need some thought though. For > > example, it is possible to use an upgrade to switch the TPM family > > from 1.2 to 2.0 (or vice versa). In this case it seems useful to let > > the kernel reinitialize the TPM driver, so it uses the correct > > timeouts for communication, activates the correct features (resource > > manager or not?), etc., without needing to reboot the system. > > In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur > without a reboot? Is it an important use case? > > 1 - It would leave the SHA-256 PCRs in the reset state. > > 2 - It's possible that this upgrade would also require a BIOS upgrade. For a traditional PC and when your goal is platform integrity, a reboot is probably the way to go. But in an embedded environment where there is no BIOS or if you use the TPM more like a smartcard just to store some keys (or generate random numbers), a reboot is unnecessary and it is more comfortable to avoid it. We probably should inform the kernel before the upgrade anyway, so that it can shut down the TPM gracefully (and maybe switch to the upgrade mode, as Jason suggested). With that infrastructure in place, it does not seem like a lot of effort to also let it switch the TPM back to normal operation mode once the upgrade is complete. Alexander
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> > There are a few special cases that need some thought though. For > > example, it is possible to use an upgrade to switch the TPM family > > from 1.2 to 2.0 (or vice versa). In this case it seems useful to let > > the kernel reinitialize the TPM driver, so it uses the correct > > timeouts for communication, activates the correct features (resource > > manager or not?), etc., without needing to reboot the system. > > In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur > without a reboot? Is it an important use case? > > 1 - It would leave the SHA-256 PCRs in the reset state. > > 2 - It's possible that this upgrade would also require a BIOS upgrade. For a traditional PC and when your goal is platform integrity, a reboot is probably the way to go. But in an embedded environment where there is no BIOS or if you use the TPM more like a smartcard just to store some keys (or generate random numbers), a reboot is unnecessary and it is more comfortable to avoid it. We probably should inform the kernel before the upgrade anyway, so that it can shut down the TPM gracefully (and maybe switch to the upgrade mode, as Jason suggested). With that infrastructure in place, it does not seem like a lot of effort to also let it switch the TPM back to normal operation mode once the upgrade is complete. Alexander
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On 3/20/2017 5:54 AM, alexander.stef...@infineon.com wrote: There are a few special cases that need some thought though. For example, it is possible to use an upgrade to switch the TPM family from 1.2 to 2.0 (or vice versa). In this case it seems useful to let the kernel reinitialize the TPM driver, so it uses the correct timeouts for communication, activates the correct features (resource manager or not?), etc., without needing to reboot the system. In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur without a reboot? Is it an important use case? 1 - It would leave the SHA-256 PCRs in the reset state. 2 - It's possible that this upgrade would also require a BIOS upgrade.
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On 3/20/2017 5:54 AM, alexander.stef...@infineon.com wrote: There are a few special cases that need some thought though. For example, it is possible to use an upgrade to switch the TPM family from 1.2 to 2.0 (or vice versa). In this case it seems useful to let the kernel reinitialize the TPM driver, so it uses the correct timeouts for communication, activates the correct features (resource manager or not?), etc., without needing to reboot the system. In practice, would a TPM upgrade from TPM 1.2 to TPM 2.0 even occur without a reboot? Is it an important use case? 1 - It would leave the SHA-256 PCRs in the reset state. 2 - It's possible that this upgrade would also require a BIOS upgrade.
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Mon, Mar 20, 2017 at 09:54:41AM +, alexander.stef...@infineon.com wrote: > >>> 2. When upgrading the firmware on my TPM, it switches to a > >>> non-standard communication mode for the upgrade process and does not > >>> communicate using TPM2.0 commands during this time. Rejecting > >>> non-TPM2.0 commands means upgrading won't be possible anymore. > >> > >> How non standard? Is the basic header even there? Are the lengths and > >> status code right? > >> > >> This might be an argument to add a 'raw' ioctl or something specifically > >> for this special case. > > > > It follows the regular TPM command syntax and looks something like 1.2 > > commands. > > Yep, so most of it already works with the current implementation. > > There are a few special cases that need some thought though. For > example, it is possible to use an upgrade to switch the TPM family > from 1.2 to 2.0 (or vice versa). In this case it seems useful to let > the kernel reinitialize the TPM driver, so it uses the correct > timeouts for communication, activates the correct features (resource > manager or not?), etc., without needing to reboot the system. It would be nice to do this via plug/unplug with existing sysfs machinery. > Another problem arises when the upgrade process is interrupted, > e.g. because power is lost. Then the TPM is stuck in its > non-standard upgrade mode, so the kernel does not recognize it as a > valid TPM device and does not export /dev/tpm. But without the > device node the upgrader is unable to restart the upgrade process, > leaving the TPM forever inaccessible. I guess you'd have to teach the TPM core about a new chip mode besides 1.2, 2.0 - some kind of 'upgrade' mode. So the flow would be to send the upgrade command, unplug/replug the driver to switch to 'upgrade' mode (which could happen if there was a reboot?) do the upgrade, then unplug/replug to rediscover the 'new' TPM. Jason
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Mon, Mar 20, 2017 at 09:54:41AM +, alexander.stef...@infineon.com wrote: > >>> 2. When upgrading the firmware on my TPM, it switches to a > >>> non-standard communication mode for the upgrade process and does not > >>> communicate using TPM2.0 commands during this time. Rejecting > >>> non-TPM2.0 commands means upgrading won't be possible anymore. > >> > >> How non standard? Is the basic header even there? Are the lengths and > >> status code right? > >> > >> This might be an argument to add a 'raw' ioctl or something specifically > >> for this special case. > > > > It follows the regular TPM command syntax and looks something like 1.2 > > commands. > > Yep, so most of it already works with the current implementation. > > There are a few special cases that need some thought though. For > example, it is possible to use an upgrade to switch the TPM family > from 1.2 to 2.0 (or vice versa). In this case it seems useful to let > the kernel reinitialize the TPM driver, so it uses the correct > timeouts for communication, activates the correct features (resource > manager or not?), etc., without needing to reboot the system. It would be nice to do this via plug/unplug with existing sysfs machinery. > Another problem arises when the upgrade process is interrupted, > e.g. because power is lost. Then the TPM is stuck in its > non-standard upgrade mode, so the kernel does not recognize it as a > valid TPM device and does not export /dev/tpm. But without the > device node the upgrader is unable to restart the upgrade process, > leaving the TPM forever inaccessible. I guess you'd have to teach the TPM core about a new chip mode besides 1.2, 2.0 - some kind of 'upgrade' mode. So the flow would be to send the upgrade command, unplug/replug the driver to switch to 'upgrade' mode (which could happen if there was a reboot?) do the upgrade, then unplug/replug to rediscover the 'new' TPM. Jason
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> I think the most straight-forward way to sort this out would be to limit > validation to the resource manager. Sounds good to me. > If I send a fix, would you care to test it? Sure, will do. Alexander
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> I think the most straight-forward way to sort this out would be to limit > validation to the resource manager. Sounds good to me. > If I send a fix, would you care to test it? Sure, will do. Alexander
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
>>> 2. When upgrading the firmware on my TPM, it switches to a >>> non-standard communication mode for the upgrade process and does not >>> communicate using TPM2.0 commands during this time. Rejecting >>> non-TPM2.0 commands means upgrading won't be possible anymore. >> >> How non standard? Is the basic header even there? Are the lengths and >> status code right? >> >> This might be an argument to add a 'raw' ioctl or something specifically >> for this special case. > > It follows the regular TPM command syntax and looks something like 1.2 > commands. Yep, so most of it already works with the current implementation. There are a few special cases that need some thought though. For example, it is possible to use an upgrade to switch the TPM family from 1.2 to 2.0 (or vice versa). In this case it seems useful to let the kernel reinitialize the TPM driver, so it uses the correct timeouts for communication, activates the correct features (resource manager or not?), etc., without needing to reboot the system. Another problem arises when the upgrade process is interrupted, e.g. because power is lost. Then the TPM is stuck in its non-standard upgrade mode, so the kernel does not recognize it as a valid TPM device and does not export /dev/tpm. But without the device node the upgrader is unable to restart the upgrade process, leaving the TPM forever inaccessible. I'll try to work on those problems in the coming weeks and provide the fixes. Any input is appreciated. Alexander
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
>>> 2. When upgrading the firmware on my TPM, it switches to a >>> non-standard communication mode for the upgrade process and does not >>> communicate using TPM2.0 commands during this time. Rejecting >>> non-TPM2.0 commands means upgrading won't be possible anymore. >> >> How non standard? Is the basic header even there? Are the lengths and >> status code right? >> >> This might be an argument to add a 'raw' ioctl or something specifically >> for this special case. > > It follows the regular TPM command syntax and looks something like 1.2 > commands. Yep, so most of it already works with the current implementation. There are a few special cases that need some thought though. For example, it is possible to use an upgrade to switch the TPM family from 1.2 to 2.0 (or vice versa). In this case it seems useful to let the kernel reinitialize the TPM driver, so it uses the correct timeouts for communication, activates the correct features (resource manager or not?), etc., without needing to reboot the system. Another problem arises when the upgrade process is interrupted, e.g. because power is lost. Then the TPM is stuck in its non-standard upgrade mode, so the kernel does not recognize it as a valid TPM device and does not export /dev/tpm. But without the device node the upgrader is unable to restart the upgrade process, leaving the TPM forever inaccessible. I'll try to work on those problems in the coming weeks and provide the fixes. Any input is appreciated. Alexander
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Fri, Mar 17, 2017 at 03:40:15PM +, alexander.stef...@infineon.com wrote: > > Check for every TPM 2.0 command that the command code is supported and > > the command buffer has at least the length that can contain the header > > and the handle area. > > This breaks several use cases for me: Thank you for reporting these. This is really great feedback to get. > 1. I've got a TPM that implements vendor-specific command codes. Those > cannot be send to the TPM anymore, but are rejected with EINVAL. > > 2. When upgrading the firmware on my TPM, it switches to a > non-standard communication mode for the upgrade process and does not > communicate using TPM2.0 commands during this time. Rejecting > non-TPM2.0 commands means upgrading won't be possible anymore. > > 3. I'd like to use the kernel driver to test my TPM implementation. So > for example, I send an invalid command code to the TPM and expect > TPM_RC_COMMAND_CODE in response, but now I get EINVAL instead and the > TPM never sees the command. > > From my point of view, the kernel driver should provide a transparent > communication channel to the TPM. Whatever I write to /dev/tpm > should arrive at the TPM device, so that the TPM can handle it and > return the appropriate response. Otherwise, you'll end up > reimplementing all the command handling logic, that is already part of > the TPM's job, and as soon as you miss one case and behave differently > than the TPM, something relying on this behavior will break. > > I see two possible solutions: > > 1. When the driver does not know a command code, it passes through the > command unmodified. This bears the risk of unknown side effects > though, so TPM spaces might not be as independent as they should be. > > 2. Since the command code lookup is only really necessary for TPM > spaces, it only gets activated when space != NULL. So the change will > not affect /dev/tpm, but only the new /dev/tpmrm. As > /dev/tpmrm is not meant to be a transparent interface anyway, > rejecting unknown commands is acceptable. > > Alexander I think the most straight-forward way to sort this out would be to limit validation to the resource manager. If I send a fix, would you care to test it? If your issues get sorted, I'll squash it to the existing commits. Thanks again! /Jarkko
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Fri, Mar 17, 2017 at 03:40:15PM +, alexander.stef...@infineon.com wrote: > > Check for every TPM 2.0 command that the command code is supported and > > the command buffer has at least the length that can contain the header > > and the handle area. > > This breaks several use cases for me: Thank you for reporting these. This is really great feedback to get. > 1. I've got a TPM that implements vendor-specific command codes. Those > cannot be send to the TPM anymore, but are rejected with EINVAL. > > 2. When upgrading the firmware on my TPM, it switches to a > non-standard communication mode for the upgrade process and does not > communicate using TPM2.0 commands during this time. Rejecting > non-TPM2.0 commands means upgrading won't be possible anymore. > > 3. I'd like to use the kernel driver to test my TPM implementation. So > for example, I send an invalid command code to the TPM and expect > TPM_RC_COMMAND_CODE in response, but now I get EINVAL instead and the > TPM never sees the command. > > From my point of view, the kernel driver should provide a transparent > communication channel to the TPM. Whatever I write to /dev/tpm > should arrive at the TPM device, so that the TPM can handle it and > return the appropriate response. Otherwise, you'll end up > reimplementing all the command handling logic, that is already part of > the TPM's job, and as soon as you miss one case and behave differently > than the TPM, something relying on this behavior will break. > > I see two possible solutions: > > 1. When the driver does not know a command code, it passes through the > command unmodified. This bears the risk of unknown side effects > though, so TPM spaces might not be as independent as they should be. > > 2. Since the command code lookup is only really necessary for TPM > spaces, it only gets activated when space != NULL. So the change will > not affect /dev/tpm, but only the new /dev/tpmrm. As > /dev/tpmrm is not meant to be a transparent interface anyway, > rejecting unknown commands is acceptable. > > Alexander I think the most straight-forward way to sort this out would be to limit validation to the resource manager. If I send a fix, would you care to test it? If your issues get sorted, I'll squash it to the existing commits. Thanks again! /Jarkko
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> 1. I've got a TPM that implements vendor-specific command codes. Those > cannot be send to the TPM anymore, but are rejected with EINVAL. > >> 2. When upgrading the firmware on my TPM, it switches to a >> non-standard communication mode for the upgrade process and does not >> communicate using TPM2.0 commands during this time. Rejecting >> non-TPM2.0 commands means upgrading won't be possible anymore. >How non standard? Is the basic header even there? Are the lengths and status >code right? >This might be an argument to add a 'raw' ioctl or something specifically for >this special case. It follows the regular TPM command syntax and looks something like 1.2 commands. Peter
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> 1. I've got a TPM that implements vendor-specific command codes. Those > cannot be send to the TPM anymore, but are rejected with EINVAL. > >> 2. When upgrading the firmware on my TPM, it switches to a >> non-standard communication mode for the upgrade process and does not >> communicate using TPM2.0 commands during this time. Rejecting >> non-TPM2.0 commands means upgrading won't be possible anymore. >How non standard? Is the basic header even there? Are the lengths and status >code right? >This might be an argument to add a 'raw' ioctl or something specifically for >this special case. It follows the regular TPM command syntax and looks something like 1.2 commands. Peter
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Fri, Mar 17, 2017 at 03:40:15PM +, alexander.stef...@infineon.com wrote: > 1. I've got a TPM that implements vendor-specific command > codes. Those cannot be send to the TPM anymore, but are rejected > with EINVAL. > > 2. When upgrading the firmware on my TPM, it switches to a > non-standard communication mode for the upgrade process and does not > communicate using TPM2.0 commands during this time. Rejecting > non-TPM2.0 commands means upgrading won't be possible anymore. How non standard? Is the basic header even there? Are the lengths and status code right? This might be an argument to add a 'raw' ioctl or something specifically for this special case. Jason
Re: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
On Fri, Mar 17, 2017 at 03:40:15PM +, alexander.stef...@infineon.com wrote: > 1. I've got a TPM that implements vendor-specific command > codes. Those cannot be send to the TPM anymore, but are rejected > with EINVAL. > > 2. When upgrading the firmware on my TPM, it switches to a > non-standard communication mode for the upgrade process and does not > communicate using TPM2.0 commands during this time. Rejecting > non-TPM2.0 commands means upgrading won't be possible anymore. How non standard? Is the basic header even there? Are the lengths and status code right? This might be an argument to add a 'raw' ioctl or something specifically for this special case. Jason
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> Check for every TPM 2.0 command that the command code is supported and > the command buffer has at least the length that can contain the header > and the handle area. This breaks several use cases for me: 1. I've got a TPM that implements vendor-specific command codes. Those cannot be send to the TPM anymore, but are rejected with EINVAL. 2. When upgrading the firmware on my TPM, it switches to a non-standard communication mode for the upgrade process and does not communicate using TPM2.0 commands during this time. Rejecting non-TPM2.0 commands means upgrading won't be possible anymore. 3. I'd like to use the kernel driver to test my TPM implementation. So for example, I send an invalid command code to the TPM and expect TPM_RC_COMMAND_CODE in response, but now I get EINVAL instead and the TPM never sees the command. From my point of view, the kernel driver should provide a transparent communication channel to the TPM. Whatever I write to /dev/tpm should arrive at the TPM device, so that the TPM can handle it and return the appropriate response. Otherwise, you'll end up reimplementing all the command handling logic, that is already part of the TPM's job, and as soon as you miss one case and behave differently than the TPM, something relying on this behavior will break. I see two possible solutions: 1. When the driver does not know a command code, it passes through the command unmodified. This bears the risk of unknown side effects though, so TPM spaces might not be as independent as they should be. 2. Since the command code lookup is only really necessary for TPM spaces, it only gets activated when space != NULL. So the change will not affect /dev/tpm, but only the new /dev/tpmrm. As /dev/tpmrm is not meant to be a transparent interface anyway, rejecting unknown commands is acceptable. Alexander
RE: [tpmdd-devel] [PATCH v3 2/7] tpm: validate TPM 2.0 commands
> Check for every TPM 2.0 command that the command code is supported and > the command buffer has at least the length that can contain the header > and the handle area. This breaks several use cases for me: 1. I've got a TPM that implements vendor-specific command codes. Those cannot be send to the TPM anymore, but are rejected with EINVAL. 2. When upgrading the firmware on my TPM, it switches to a non-standard communication mode for the upgrade process and does not communicate using TPM2.0 commands during this time. Rejecting non-TPM2.0 commands means upgrading won't be possible anymore. 3. I'd like to use the kernel driver to test my TPM implementation. So for example, I send an invalid command code to the TPM and expect TPM_RC_COMMAND_CODE in response, but now I get EINVAL instead and the TPM never sees the command. From my point of view, the kernel driver should provide a transparent communication channel to the TPM. Whatever I write to /dev/tpm should arrive at the TPM device, so that the TPM can handle it and return the appropriate response. Otherwise, you'll end up reimplementing all the command handling logic, that is already part of the TPM's job, and as soon as you miss one case and behave differently than the TPM, something relying on this behavior will break. I see two possible solutions: 1. When the driver does not know a command code, it passes through the command unmodified. This bears the risk of unknown side effects though, so TPM spaces might not be as independent as they should be. 2. Since the command code lookup is only really necessary for TPM spaces, it only gets activated when space != NULL. So the change will not affect /dev/tpm, but only the new /dev/tpmrm. As /dev/tpmrm is not meant to be a transparent interface anyway, rejecting unknown commands is acceptable. Alexander
