[LTP] [PATCH] ima: skip verifying TPM 2.0 PCR values
Jason Gunthorpe
jgg@ziepe.ca
Fri Oct 25 01:26:46 CEST 2019
On Thu, Oct 24, 2019 at 02:38:42PM -0700, Jerry Snitselaar wrote:
> On Thu Oct 24 19, Jarkko Sakkinen wrote:
> > On Thu, Oct 24, 2019 at 02:18:48PM +0200, Petr Vorel wrote:
> > > Hi all,
> > >
> > > I wonder what to do with this patch "ima: skip verifying TPM 2.0 PCR values" [1].
> > > Is it a correct way to differentiate between TPM 1.2 and TPM 2.0?
> > > Or something else should be applied?
> > >
> > > How is the work on TPM 2.0 Linux sysfs interface?
> > > But even it's done in near future, we'd still need some way for older kernels.
> > >
> > > Kind regards,
> > > Petr
> > >
> > > [1] https://patchwork.ozlabs.org/patch/1100733/
> >
> > version_major sysfs file would be acceptable if someone wants to proceed
> > and send such patch.
> >
> > Also replicants for durations and timeouts files would make sense for
> > TPM 2.0.
> >
> > /Jarkko
>
> Is it as simple as doing this?
>
> diff --git a/drivers/char/tpm/tpm-sysfs.c b/drivers/char/tpm/tpm-sysfs.c
> index edfa89160010..fd8eb8d8945c 100644
> +++ b/drivers/char/tpm/tpm-sysfs.c
> @@ -309,7 +309,17 @@ static ssize_t timeouts_show(struct device *dev, struct device_attribute *attr,
> }
> static DEVICE_ATTR_RO(timeouts);
>
> -static struct attribute *tpm_dev_attrs[] = {
> +static ssize_t version_major_show(struct device *dev,
> + struct device_attribute *attr, char *buf)
> +{
> + struct tpm_chip *chip = to_tpm_chip(dev);
> + return sprintf(buf, "TPM%s\n", chip->flags & TPM_CHIP_FLAG_TPM2
> + ? "2.0" : "1.2");
Probably no TPM prefix here
The usual sysfs naming would be more like 'major_version'
Jason
More information about the ltp
mailing list