Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Pagano <mpagano@gentoo.org>2023-08-26 11:18:16 -0400
committerMike Pagano <mpagano@gentoo.org>2023-08-26 11:18:16 -0400
commitd40e0faac42c6b42986e65605d6e04768e0e8bef (patch)
treee290d5e68f978daf48b2cd7ba5906b351c2c713a
parentLinux patch 6.1.48 (diff)
downloadlinux-patches-d40e0faac42c6b42986e65605d6e04768e0e8bef.tar.gz
linux-patches-d40e0faac42c6b42986e65605d6e04768e0e8bef.tar.bz2
linux-patches-d40e0faac42c6b42986e65605d6e04768e0e8bef.zip
tpm: Enable hwrng only for Pluton on AMD CPUs6.1-54
See: https://bugzilla.kernel.org/show_bug.cgi?id=217804 Signed-off-by: Mike Pagano <mpagano@gentoo.org>
Diffstat
-rw-r--r--0000_README4
-rw-r--r--2930_tpm-Enable-hwrng-for-Pluton-on-AMD-CPUs.patch90
2 files changed, 94 insertions, 0 deletions
diff --git a/0000_README b/0000_README
index 40eb5947..0c66344f 100644
--- a/0000_README
+++ b/0000_README
@@ -263,6 +263,10 @@ Patch: 2920_sign-file-patch-for-libressl.patch
From: https://bugs.gentoo.org/717166
Desc: sign-file: full functionality with modern LibreSSL
+Patch: 2930_tpm-Enable-hwrng-for-Pluton-on-AMD-CPUs.patch
+From: https://lore.kernel.org/all/20230822231510.2263255-1-jarkko@kernel.org/
+Desc: tpm: Enable hwrng only for Pluton on AMD CPUs
+
Patch: 3000_Support-printing-firmware-info.patch
From: https://bugs.gentoo.org/732852
Desc: Print firmware info (Reqs CONFIG_GENTOO_PRINT_FIRMWARE_INFO). Thanks to Georgy Yakovlev
diff --git a/2930_tpm-Enable-hwrng-for-Pluton-on-AMD-CPUs.patch b/2930_tpm-Enable-hwrng-for-Pluton-on-AMD-CPUs.patch
new file mode 100644
index 00000000..932e82ed
--- /dev/null
+++ b/2930_tpm-Enable-hwrng-for-Pluton-on-AMD-CPUs.patch
@@ -0,0 +1,90 @@
+From: Jarkko Sakkinen <jarkko@kernel.org>
+To: linux-integrity@vger.kernel.org
+Cc: Jerry Snitselaar <jsnitsel@redhat.com>,
+ Jarkko Sakkinen <jarkko@kernel.org>,
+ stable@vger.kernel.org, Todd Brandt <todd.e.brandt@intel.com>,
+ Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
+ Mario Limonciello <mario.limonciello@amd.com>,
+ linux-kernel@vger.kernel.org
+Subject: [PATCH v3] tpm: Enable hwrng only for Pluton on AMD CPUs
+Date: Wed, 23 Aug 2023 02:15:10 +0300 [thread overview]
+Message-ID: <20230822231510.2263255-1-jarkko@kernel.org> (raw)
+
+The vendor check introduced by commit 554b841d4703 ("tpm: Disable RNG for
+all AMD fTPMs") doesn't work properly on a number of Intel fTPMs. On the
+reported systems the TPM doesn't reply at bootup and returns back the
+command code. This makes the TPM fail probe.
+
+Since only Microsoft Pluton is the only known combination of AMD CPU and
+fTPM from other vendor, disable hwrng otherwise. In order to make sysadmin
+aware of this, print also info message to the klog.
+
+Cc: stable@vger.kernel.org
+Fixes: 554b841d4703 ("tpm: Disable RNG for all AMD fTPMs")
+Reported-by: Todd Brandt <todd.e.brandt@intel.com>
+Closes: https://bugzilla.kernel.org/show_bug.cgi?id=217804
+Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
+---
+v3:
+* Forgot to amend config flags.
+v2:
+* CONFIG_X86
+* Removed "Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>"
+* Removed "Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>"
+---
+ drivers/char/tpm/tpm_crb.c | 33 ++++++++-------------------------
+ 1 file changed, 8 insertions(+), 25 deletions(-)
+
+diff --git a/drivers/char/tpm/tpm_crb.c b/drivers/char/tpm/tpm_crb.c
+index 65ff4d2fbe8d..ea085b14ab7c 100644
+--- a/drivers/char/tpm/tpm_crb.c
++++ b/drivers/char/tpm/tpm_crb.c
+@@ -463,28 +463,6 @@ static bool crb_req_canceled(struct tpm_chip *chip, u8 status)
+ return (cancel & CRB_CANCEL_INVOKE) == CRB_CANCEL_INVOKE;
+ }
+
+-static int crb_check_flags(struct tpm_chip *chip)
+-{
+- u32 val;
+- int ret;
+-
+- ret = crb_request_locality(chip, 0);
+- if (ret)
+- return ret;
+-
+- ret = tpm2_get_tpm_pt(chip, TPM2_PT_MANUFACTURER, &val, NULL);
+- if (ret)
+- goto release;
+-
+- if (val == 0x414D4400U /* AMD */)
+- chip->flags |= TPM_CHIP_FLAG_HWRNG_DISABLED;
+-
+-release:
+- crb_relinquish_locality(chip, 0);
+-
+- return ret;
+-}
+-
+ static const struct tpm_class_ops tpm_crb = {
+ .flags = TPM_OPS_AUTO_STARTUP,
+ .status = crb_status,
+@@ -827,9 +805,14 @@ static int crb_acpi_add(struct acpi_device *device)
+ if (rc)
+ goto out;
+
+- rc = crb_check_flags(chip);
+- if (rc)
+- goto out;
++#ifdef CONFIG_X86
++ /* A quirk for https://www.amd.com/en/support/kb/faq/pa-410 */
++ if (boot_cpu_data.x86_vendor == X86_VENDOR_AMD &&
++ priv->sm != ACPI_TPM2_COMMAND_BUFFER_WITH_PLUTON) {
++ dev_info(dev, "Disabling hwrng\n");
++ chip->flags |= TPM_CHIP_FLAG_HWRNG_DISABLED;
++ }
++#endif /* CONFIG_X86 */
+
+ rc = tpm_chip_register(chip);
+
+--
+2.39.2