<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux.git/drivers/char/tpm, branch v6.15</title>
<subtitle>Linux kernel source tree</subtitle>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/'/>
<entry>
<title>tpm: tis: Double the timeout B to 4s</title>
<updated>2025-05-15T01:49:15+00:00</updated>
<author>
<name>Michal Suchanek</name>
<email>msuchanek@suse.de</email>
</author>
<published>2025-04-04T08:23:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=2f661f71fda1fc0c42b7746ca5b7da529eb6b5be'/>
<id>2f661f71fda1fc0c42b7746ca5b7da529eb6b5be</id>
<content type='text'>
With some Infineon chips the timeouts in tpm_tis_send_data (both B and
C) can reach up to about 2250 ms.

Timeout C is retried since
commit de9e33df7762 ("tpm, tpm_tis: Workaround failed command reception on Infineon devices")

Timeout B still needs to be extended.

The problem is most commonly encountered with context related operation
such as load context/save context. These are issued directly by the
kernel, and there is no retry logic for them.

When a filesystem is set up to use the TPM for unlocking the boot fails,
and restarting the userspace service is ineffective. This is likely
because ignoring a load context/save context result puts the real TPM
state and the TPM state expected by the kernel out of sync.

Chips known to be affected:
tpm_tis IFX1522:00: 2.0 TPM (device-id 0x1D, rev-id 54)
Description: SLB9672
Firmware Revision: 15.22

tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1B, rev-id 22)
Firmware Revision: 7.83

tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
Firmware Revision: 5.63

Link: https://lore.kernel.org/linux-integrity/Z5pI07m0Muapyu9w@kitsune.suse.cz/
Signed-off-by: Michal Suchanek &lt;msuchanek@suse.de&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
With some Infineon chips the timeouts in tpm_tis_send_data (both B and
C) can reach up to about 2250 ms.

Timeout C is retried since
commit de9e33df7762 ("tpm, tpm_tis: Workaround failed command reception on Infineon devices")

Timeout B still needs to be extended.

The problem is most commonly encountered with context related operation
such as load context/save context. These are issued directly by the
kernel, and there is no retry logic for them.

When a filesystem is set up to use the TPM for unlocking the boot fails,
and restarting the userspace service is ineffective. This is likely
because ignoring a load context/save context result puts the real TPM
state and the TPM state expected by the kernel out of sync.

Chips known to be affected:
tpm_tis IFX1522:00: 2.0 TPM (device-id 0x1D, rev-id 54)
Description: SLB9672
Firmware Revision: 15.22

tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1B, rev-id 22)
Firmware Revision: 7.83

tpm_tis MSFT0101:00: 2.0 TPM (device-id 0x1A, rev-id 16)
Firmware Revision: 5.63

Link: https://lore.kernel.org/linux-integrity/Z5pI07m0Muapyu9w@kitsune.suse.cz/
Signed-off-by: Michal Suchanek &lt;msuchanek@suse.de&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>char: tpm: tpm-buf: Add sanity check fallback in read helpers</title>
<updated>2025-05-15T01:47:14+00:00</updated>
<author>
<name>Purva Yeshi</name>
<email>purvayeshi550@gmail.com</email>
</author>
<published>2025-04-10T10:34:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=32d495b384a2db7d23c2295e03e6b6edb1c0db8d'/>
<id>32d495b384a2db7d23c2295e03e6b6edb1c0db8d</id>
<content type='text'>
Fix Smatch-detected issue:

drivers/char/tpm/tpm-buf.c:208 tpm_buf_read_u8() error:
uninitialized symbol 'value'.
drivers/char/tpm/tpm-buf.c:225 tpm_buf_read_u16() error:
uninitialized symbol 'value'.
drivers/char/tpm/tpm-buf.c:242 tpm_buf_read_u32() error:
uninitialized symbol 'value'.

Zero-initialize the return values in tpm_buf_read_u8(), tpm_buf_read_u16(),
and tpm_buf_read_u32() to guard against uninitialized data in case of a
boundary overflow.

Add defensive initialization ensures the return values are always defined,
preventing undefined behavior if the unexpected happens.

Signed-off-by: Purva Yeshi &lt;purvayeshi550@gmail.com&gt;
Reviewed-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Fix Smatch-detected issue:

drivers/char/tpm/tpm-buf.c:208 tpm_buf_read_u8() error:
uninitialized symbol 'value'.
drivers/char/tpm/tpm-buf.c:225 tpm_buf_read_u16() error:
uninitialized symbol 'value'.
drivers/char/tpm/tpm-buf.c:242 tpm_buf_read_u32() error:
uninitialized symbol 'value'.

Zero-initialize the return values in tpm_buf_read_u8(), tpm_buf_read_u16(),
and tpm_buf_read_u32() to guard against uninitialized data in case of a
boundary overflow.

Add defensive initialization ensures the return values are always defined,
preventing undefined behavior if the unexpected happens.

Signed-off-by: Purva Yeshi &lt;purvayeshi550@gmail.com&gt;
Reviewed-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm: Mask TPM RC in tpm2_start_auth_session()</title>
<updated>2025-05-15T01:47:14+00:00</updated>
<author>
<name>Jarkko Sakkinen</name>
<email>jarkko@kernel.org</email>
</author>
<published>2025-04-07T12:28:05+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=539fbab37881e32ba6a708a100de6db19e1e7e7d'/>
<id>539fbab37881e32ba6a708a100de6db19e1e7e7d</id>
<content type='text'>
tpm2_start_auth_session() does not mask TPM RC correctly from the callers:

[   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session

Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
error codes.

Cc: stable@vger.kernel.org # v6.10+
Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
Reported-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
Reviewed-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
tpm2_start_auth_session() does not mask TPM RC correctly from the callers:

[   28.766528] tpm tpm0: A TPM error (2307) occurred start auth session

Process TPM RCs inside tpm2_start_auth_session(), and map them to POSIX
error codes.

Cc: stable@vger.kernel.org # v6.10+
Fixes: 699e3efd6c64 ("tpm: Add HMAC session start and end functions")
Reported-by: Herbert Xu &lt;herbert@gondor.apana.org.au&gt;
Closes: https://lore.kernel.org/linux-integrity/Z_NgdRHuTKP6JK--@gondor.apana.org.au/
Reviewed-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>treewide: Switch/rename to timer_delete[_sync]()</title>
<updated>2025-04-05T08:30:12+00:00</updated>
<author>
<name>Thomas Gleixner</name>
<email>tglx@linutronix.de</email>
</author>
<published>2025-04-05T08:17:26+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=8fa7292fee5c5240402371ea89ab285ec856c916'/>
<id>8fa7292fee5c5240402371ea89ab285ec856c916</id>
<content type='text'>
timer_delete[_sync]() replaces del_timer[_sync](). Convert the whole tree
over and remove the historical wrapper inlines.

Conversion was done with coccinelle plus manual fixups where necessary.

Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
timer_delete[_sync]() replaces del_timer[_sync](). Convert the whole tree
over and remove the historical wrapper inlines.

Conversion was done with coccinelle plus manual fixups where necessary.

Signed-off-by: Thomas Gleixner &lt;tglx@linutronix.de&gt;
Signed-off-by: Ingo Molnar &lt;mingo@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm: Make chip-&gt;{status,cancel,req_canceled} opt</title>
<updated>2025-03-27T15:10:43+00:00</updated>
<author>
<name>Jarkko Sakkinen</name>
<email>jarkko.sakkinen@opinsys.com</email>
</author>
<published>2025-03-26T15:55:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=980a573621ea4b5032123937df0115bdbec6b2de'/>
<id>980a573621ea4b5032123937df0115bdbec6b2de</id>
<content type='text'>
tpm_ftpm_tee does not require chip-&gt;status, chip-&gt;cancel and
chip-&gt;req_canceled. Make them optional.

Reviewed-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko.sakkinen@opinsys.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
tpm_ftpm_tee does not require chip-&gt;status, chip-&gt;cancel and
chip-&gt;req_canceled. Make them optional.

Reviewed-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko.sakkinen@opinsys.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm: End any active auth session before shutdown</title>
<updated>2025-03-27T13:34:05+00:00</updated>
<author>
<name>Jonathan McDowell</name>
<email>noodles@meta.com</email>
</author>
<published>2025-03-07T12:25:23+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=1dbf74e00a5f882b04b398399b6def65cd51ef21'/>
<id>1dbf74e00a5f882b04b398399b6def65cd51ef21</id>
<content type='text'>
Lazy flushing of TPM auth sessions can interact badly with IMA + kexec,
resulting in loaded session handles being leaked across the kexec and
not cleaned up. Fix by ensuring any active auth session is ended before
the TPM is told about the shutdown, matching what is done when
suspending.

Before:

root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~# kexec --load --kexec-file-syscall …
root@debian-qemu-efi:~# systemctl kexec
…
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
- 0x2000000
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#
(repeat kexec steps)
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
- 0x2000000
- 0x2000001
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#

After:

root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~# kexec --load --kexec-file-syscall …
root@debian-qemu-efi:~# systemctl kexec
…
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#

Signed-off-by: Jonathan McDowell &lt;noodles@meta.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Lazy flushing of TPM auth sessions can interact badly with IMA + kexec,
resulting in loaded session handles being leaked across the kexec and
not cleaned up. Fix by ensuring any active auth session is ended before
the TPM is told about the shutdown, matching what is done when
suspending.

Before:

root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~# kexec --load --kexec-file-syscall …
root@debian-qemu-efi:~# systemctl kexec
…
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
- 0x2000000
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#
(repeat kexec steps)
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
- 0x2000000
- 0x2000001
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#

After:

root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~# kexec --load --kexec-file-syscall …
root@debian-qemu-efi:~# systemctl kexec
…
root@debian-qemu-efi:~# tpm2_getcap handles-loaded-session
root@debian-qemu-efi:~# tpm2_getcap handles-saved-session
root@debian-qemu-efi:~#

Signed-off-by: Jonathan McDowell &lt;noodles@meta.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm_crb: Add support for the ARM FF-A start method</title>
<updated>2025-03-27T13:34:05+00:00</updated>
<author>
<name>Stuart Yoder</name>
<email>stuart.yoder@arm.com</email>
</author>
<published>2025-03-12T21:58:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=9afb9eaa9f7e22c238150c69ddb859c723aad6d1'/>
<id>9afb9eaa9f7e22c238150c69ddb859c723aad6d1</id>
<content type='text'>
The TCG ACPI spec v1.4 defines a start method for the TPMs implemented with
the ARM CRB over FF-A ABI.

Add support for the FF-A start method, and use interfaces provided by the
ffa_crb driver to interact with the FF-A based TPM.

[jarkko: Fine-tuned the commit message.]

Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Stuart Yoder &lt;stuart.yoder@arm.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The TCG ACPI spec v1.4 defines a start method for the TPMs implemented with
the ARM CRB over FF-A ABI.

Add support for the FF-A start method, and use interfaces provided by the
ffa_crb driver to interact with the FF-A based TPM.

[jarkko: Fine-tuned the commit message.]

Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Stuart Yoder &lt;stuart.yoder@arm.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm_crb: Clean-up and refactor check for idle support</title>
<updated>2025-03-27T13:34:05+00:00</updated>
<author>
<name>Stuart Yoder</name>
<email>stuart.yoder@arm.com</email>
</author>
<published>2025-03-12T21:58:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=e0ad11e703e6f771ae1566e19e49380b4467818d'/>
<id>e0ad11e703e6f771ae1566e19e49380b4467818d</id>
<content type='text'>
Refactor TPM idle check to tpm_crb_has_idle(), and reduce paraentheses
usage in start method checks

[jarkko: Fine-tuned the commit message.]

Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Stuart Yoder &lt;stuart.yoder@arm.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Refactor TPM idle check to tpm_crb_has_idle(), and reduce paraentheses
usage in start method checks

[jarkko: Fine-tuned the commit message.]

Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Stuart Yoder &lt;stuart.yoder@arm.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm_crb: ffa_tpm: Implement driver compliant to CRB over FF-A</title>
<updated>2025-03-27T13:34:05+00:00</updated>
<author>
<name>Stuart Yoder</name>
<email>stuart.yoder@arm.com</email>
</author>
<published>2025-03-12T21:58:24+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=eb93f0734ef1bc5657313bfb55cda58763363603'/>
<id>eb93f0734ef1bc5657313bfb55cda58763363603</id>
<content type='text'>
The ARM specification TPM Service CRB over FF-A specification defines the
FF-A messages to interact with a CRB-based TPM implemented as an FF-A
secure partition.

See: https://developer.arm.com/documentation/den0138/latest/

This driver is probed when a TPM Secure Partition is discovered by the FF-A
subsystem. It exposes APIs used by the TPM CRB driver to send notifications
to the TPM.

[jarkko: Fine-tuned the commit message.]

Acked-by: Sudeep Holla &lt;sudeep.holla@arm.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Stuart Yoder &lt;stuart.yoder@arm.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The ARM specification TPM Service CRB over FF-A specification defines the
FF-A messages to interact with a CRB-based TPM implemented as an FF-A
secure partition.

See: https://developer.arm.com/documentation/den0138/latest/

This driver is probed when a TPM Secure Partition is discovered by the FF-A
subsystem. It exposes APIs used by the TPM CRB driver to send notifications
to the TPM.

[jarkko: Fine-tuned the commit message.]

Acked-by: Sudeep Holla &lt;sudeep.holla@arm.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Stuart Yoder &lt;stuart.yoder@arm.com&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
<entry>
<title>tpm/tpm_ftpm_tee: fix struct ftpm_tee_private documentation</title>
<updated>2025-03-27T13:34:05+00:00</updated>
<author>
<name>Stefano Garzarella</name>
<email>sgarzare@redhat.com</email>
</author>
<published>2025-03-13T09:37:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.tavy.me/linux.git/commit/?id=618bf0349ef087d9ae0e90a0b2617139bd4b7d0b'/>
<id>618bf0349ef087d9ae0e90a0b2617139bd4b7d0b</id>
<content type='text'>
The `state` member in `struct ftpm_tee_private` is in the documentation,
but it has never been in the implementation since the commit 09e574831b27
("tpm/tpm_ftpm_tee: A driver for firmware TPM running inside TEE") that
introduced it.

Remove it to have a match between documentation and implementation.

Signed-off-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
The `state` member in `struct ftpm_tee_private` is in the documentation,
but it has never been in the implementation since the commit 09e574831b27
("tpm/tpm_ftpm_tee: A driver for firmware TPM running inside TEE") that
introduced it.

Remove it to have a match between documentation and implementation.

Signed-off-by: Stefano Garzarella &lt;sgarzare@redhat.com&gt;
Reviewed-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
Signed-off-by: Jarkko Sakkinen &lt;jarkko@kernel.org&gt;
</pre>
</div>
</content>
</entry>
</feed>
