On Mon, Dec 21, 2015 at 11:50:07AM -0500, Stefan Berger wrote:
"Kevin O'Connor" kevin@koconnor.net wrote on 12/17/2015 05:22:56 PM:
On Mon, Nov 30, 2015 at 11:32:05AM +0000, Wim Vervoorn wrote:
Hello,
I noticed that a lot of work is going on for the TPM support in
SeaBIOS.
All of this work is TPM 1.2 based. I was wondering if there are any plans to support TPM 2.0 in the future.
I'm not aware of any plans.
We're working on it...
So maybe you have some comments to the following:
There will be a patch for probing the TPM TIS hardware interface for whether there's a TPM 1.2 or a TPM 2. We then have a patch for prefixing all TPM 1.2 functions with tpm12_ and then introduce functions like these ones here:
static ... tpm12_foo() { ... } static ... tpm2_foo() { ... }
tpm_foo() { [...]
switch (tpmversion) { case TPM_VERSION_1_2: tpm12_foo() break; case TPM_VERSION_2: tpm2_foo(); break; } [...]}
Is the difference between 1.2 and 2.0 so large that the above is needed?
-Kevin
"Kevin O'Connor" kevin@koconnor.net wrote on 12/22/2015 10:40:03 AM:
On Mon, Dec 21, 2015 at 11:50:07AM -0500, Stefan Berger wrote:
"Kevin O'Connor" kevin@koconnor.net wrote on 12/17/2015 05:22:56 PM:
On Mon, Nov 30, 2015 at 11:32:05AM +0000, Wim Vervoorn wrote:
Hello,
I noticed that a lot of work is going on for the TPM support in
SeaBIOS.
All of this work is TPM 1.2 based. I was wondering if there are
any
plans to support TPM 2.0 in the future.
I'm not aware of any plans.
We're working on it...
So maybe you have some comments to the following:
There will be a patch for probing the TPM TIS hardware interface for whether there's a TPM 1.2 or a TPM 2. We then have a patch for prefixing all TPM 1.2 functions with tpm12_
and
then introduce functions like these ones here:
static ... tpm12_foo() { ... } static ... tpm2_foo() { ... }
tpm_foo() { [...]
switch (tpmversion) { case TPM_VERSION_1_2: tpm12_foo() break; case TPM_VERSION_2: tpm2_foo(); break; } [...]}
Is the difference between 1.2 and 2.0 so large that the above is needed?
TPM 2 and TPM 1.2 have completely different commands, so yes, unfortunately it's needed.
Stefan
On 12/22/2015 10:40 AM, Kevin O'Connor wrote:
On Mon, Dec 21, 2015 at 11:50:07AM -0500, Stefan Berger wrote:
"Kevin O'Connor" kevin@koconnor.net wrote on 12/17/2015 05:22:56 PM:
On Mon, Nov 30, 2015 at 11:32:05AM +0000, Wim Vervoorn wrote:
Hello,
I noticed that a lot of work is going on for the TPM support in
SeaBIOS.
All of this work is TPM 1.2 based. I was wondering if there are any plans to support TPM 2.0 in the future.
I'm not aware of any plans.
We're working on it...
So maybe you have some comments to the following:
There will be a patch for probing the TPM TIS hardware interface for whether there's a TPM 1.2 or a TPM 2. We then have a patch for prefixing all TPM 1.2 functions with tpm12_ and then introduce functions like these ones here:
static ... tpm12_foo() { ... } static ... tpm2_foo() { ... }
tpm_foo() { [...]
switch (tpmversion) { case TPM_VERSION_1_2: tpm12_foo() break; case TPM_VERSION_2: tpm2_foo(); break; } [...]}
Is the difference between 1.2 and 2.0 so large that the above is needed?
At some point I'll bring the TPM 2 patches back to life following the many recent changes... Now my question is how to organize the code. Should there be one file where we essentially have the above type of code branching into TPM 1.2 & TPM 2 specific functions and TPM 1.2 and TPM 2 code in separate files or the above type of functions at the end of the current file and then a section with TPM 1.2 code and another with TPM 2? It's a few patches building on top of each other, so want to avoid churn...
Cheers!
Stefan
-Kevin
SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
On Thu, Jan 07, 2016 at 01:57:42PM -0500, Stefan Berger wrote:
At some point I'll bring the TPM 2 patches back to life following the many recent changes... Now my question is how to organize the code. Should there be one file where we essentially have the above type of code branching into TPM 1.2 & TPM 2 specific functions and TPM 1.2 and TPM 2 code in separate files or the above type of functions at the end of the current file and then a section with TPM 1.2 code and another with TPM 2? It's a few patches building on top of each other, so want to avoid churn...
I was playing with a few additional patches on top of your last series - I pushed them to my testing branch if you want to take a look.
I don't have input on what TPM2 organization should look like, mainly because I don't know what TPM2 entails. I gather the TIS commands are changing, but what else changes? Does the ACPI log, BIOS interface, or tpm menu change? Do you have a pointer to the TPM2 spec (when I last looked it seemed that TPM2 was still being worked on).
-Kevin
"Kevin O'Connor" kevin@koconnor.net wrote on 01/07/2016 03:14:37 PM:
On Thu, Jan 07, 2016 at 01:57:42PM -0500, Stefan Berger wrote:
At some point I'll bring the TPM 2 patches back to life following the
many
recent changes... Now my question is how to organize the code. Should
there
be one file where we essentially have the above type of code branching
into
TPM 1.2 & TPM 2 specific functions and TPM 1.2 and TPM 2 code in
separate
files or the above type of functions at the end of the current file
and then
a section with TPM 1.2 code and another with TPM 2? It's a few patches building on top of each other, so want to avoid churn...
I was playing with a few additional patches on top of your last series
- I pushed them to my testing branch if you want to take a look.
I don't have input on what TPM2 organization should look like, mainly because I don't know what TPM2 entails. I gather the TIS commands are changing, but what else changes? Does the ACPI log, BIOS interface, or tpm menu change? Do you have a pointer to the TPM2 spec (when I last looked it seemed that TPM2 was still being worked on).
The TIS got more registers; some flags allow detection of the TPM version.
All commands changed -- no backwards compatibility. The header 'fields' are the same, their ordinal and tag values are not.
Spec: http://www.trustedcomputinggroup.org/resources/tpm_library_specification
Regards, Stefan
-Kevin
"Kevin O'Connor" kevin@koconnor.net wrote on 01/07/2016 03:14:37 PM:
On Thu, Jan 07, 2016 at 01:57:42PM -0500, Stefan Berger wrote:
At some point I'll bring the TPM 2 patches back to life following the
many
recent changes... Now my question is how to organize the code. Should
there
be one file where we essentially have the above type of code branching
into
TPM 1.2 & TPM 2 specific functions and TPM 1.2 and TPM 2 code in
separate
files or the above type of functions at the end of the current file
and then
a section with TPM 1.2 code and another with TPM 2? It's a few patches building on top of each other, so want to avoid churn...
I was playing with a few additional patches on top of your last series
- I pushed them to my testing branch if you want to take a look.
I found this: if (hashdata || hashdata_length)
it should probably be: if (hashdata && hashdata_length)
But now I am arguing against the spec. They want 0 bytes to be 'measured'?
I would also shut down the TPM if an extend didn't work; after all the TPM will 'quote' the state of the PCRs in an attestation. By temporarily deactivating it, it will not be able to quote anymore. Though that type of failure should never occur.
I am not sure about a failed getcapability whether it's right or wrong to shut down the TPM. Basically this should never happen, either. I would tend to shut it down based on the fact that something is wrong with the device.
Stefan
I don't have input on what TPM2 organization should look like, mainly because I don't know what TPM2 entails. I gather the TIS commands are changing, but what else changes? Does the ACPI log, BIOS interface, or tpm menu change? Do you have a pointer to the TPM2 spec (when I last looked it seemed that TPM2 was still being worked on).
-Kevin
Hello Stefan,
I would go for the first option. I think it makes easier to work with.
Best Regards,
Wim Vervoorn
Eltan B.V. Ambachtstraat 23 5481 SM Schijndel The Netherlands
T : +31-(0)73-594 46 64 E : wvervoorn@eltan.com W : http://www.eltan.com
"THIS MESSAGE CONTAINS CONFIDENTIAL INFORMATION. UNLESS YOU ARE THE INTENDED RECIPIENT OF THIS MESSAGE, ANY USE OF THIS MESSAGE IS STRICTLY PROHIBITED. IF YOU HAVE RECEIVED THIS MESSAGE IN ERROR, PLEASE IMMEDIATELY NOTIFY THE SENDER BY TELEPHONE +31-(0)73-5944664 OR REPLY EMAIL, AND IMMEDIATELY DELETE THIS MESSAGE AND ALL COPIES."
-----Original Message----- From: Stefan Berger [mailto:stefanb@linux.vnet.ibm.com] Sent: Thursday, January 7, 2016 7:58 PM To: Kevin O'Connor kevin@koconnor.net; Stefan Berger stefanb@us.ibm.com Cc: Wim Vervoorn wvervoorn@eltan.com; seabios@seabios.org Subject: Re: [SeaBIOS] SeaBIOS Digest, Vol 72, Issue 33
On 12/22/2015 10:40 AM, Kevin O'Connor wrote:
On Mon, Dec 21, 2015 at 11:50:07AM -0500, Stefan Berger wrote:
"Kevin O'Connor" kevin@koconnor.net wrote on 12/17/2015 05:22:56 PM:
On Mon, Nov 30, 2015 at 11:32:05AM +0000, Wim Vervoorn wrote:
Hello,
I noticed that a lot of work is going on for the TPM support in
SeaBIOS.
All of this work is TPM 1.2 based. I was wondering if there are any plans to support TPM 2.0 in the future.
I'm not aware of any plans.
We're working on it...
So maybe you have some comments to the following:
There will be a patch for probing the TPM TIS hardware interface for whether there's a TPM 1.2 or a TPM 2. We then have a patch for prefixing all TPM 1.2 functions with tpm12_ and then introduce functions like these ones here:
static ... tpm12_foo() { ... } static ... tpm2_foo() { ... }
tpm_foo() { [...]
switch (tpmversion) { case TPM_VERSION_1_2: tpm12_foo() break; case TPM_VERSION_2: tpm2_foo(); break; } [...]}
Is the difference between 1.2 and 2.0 so large that the above is needed?
At some point I'll bring the TPM 2 patches back to life following the many recent changes... Now my question is how to organize the code. Should there be one file where we essentially have the above type of code branching into TPM 1.2 & TPM 2 specific functions and TPM 1.2 and TPM 2 code in separate files or the above type of functions at the end of the current file and then a section with TPM 1.2 code and another with TPM 2? It's a few patches building on top of each other, so want to avoid churn...
Cheers!
Stefan
-Kevin
SeaBIOS mailing list SeaBIOS@seabios.org http://www.seabios.org/mailman/listinfo/seabios
-
Kevin O'Connor -
Stefan Berger -
Stefan Berger -
Wim Vervoorn