Hi Kamil,
I'll just answer to your question, all the comments from you are accepted,
please send a new version with the minor fixes, hopefully the change will
be included into v4.15-rc.
On 10/24/2017 02:27 PM, Kamil Konieczny wrote:
> Hi Vladimir,
>
> Thank you for review, I will apply almost al
Hi Kamil,
On 10/24/2017 01:19 PM, Kamil Konieczny wrote:
> Hi Vladimir,
>
> Thank you for review.
>
> On 22.10.2017 12:18, Vladimir Zapolskiy wrote:
>> Hi Kamil,
>>
>> On 10/17/2017 02:28 PM, Kamil Konieczny wrote:
>>> change spaces into tabs in defines
>>
>> Here a grammatically correct sentenc
On Tue, Oct 24, 2017 at 03:34:49PM -0600, Jason Gunthorpe wrote:
> On Tue, Oct 24, 2017 at 12:42:35PM -0600, Jason Gunthorpe wrote:
>
> > This is compile tested only.
>
> 0day says the kconfig has a problem when randomized, here is the fix I
> will roll into a v2 in a few days:
I will probably h
On Tue, Oct 24, 2017 at 12:52:08PM -0600, Jason Gunthorpe wrote:
> On Mon, Oct 23, 2017 at 02:38:14PM +0200, Jarkko Sakkinen wrote:
> > The reasoning is simple and obvious. Since every call site passes the
> > value TPM_ANY_NUM (0x) the parameter does not have right to exist.
> > Refined the do
On Tue, Oct 24, 2017 at 12:42:35PM -0600, Jason Gunthorpe wrote:
> This is compile tested only.
0day says the kconfig has a problem when randomized, here is the fix I
will roll into a v2 in a few days:
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
index a95725fa77789e..ca89da3
On Mon, Oct 23, 2017 at 02:38:14PM +0200, Jarkko Sakkinen wrote:
> The reasoning is simple and obvious. Since every call site passes the
> value TPM_ANY_NUM (0x) the parameter does not have right to exist.
> Refined the documentation of the corresponding functions.
I like this patch, but how a
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
The SEV_PLATFORM_STATUS command can be used by the platform owner to
get the current status of the platform. The command is defined in
SEV spec section 5.5.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc:
On 10/23/2017 04:55 PM, Brijesh Singh wrote:
The SEV_PEK_GEN command is used to generate a new Platform Endorsement
Key (PEK). The command is defined in SEV spec section 5.6.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-cr
The tpm-rng.c approach is completely inconsistent with how the kernel
handles hotplug. Instead manage a hwrng device for each TPM. This will
cause the kernel to read entropy from the TPM when it is plugged in,
and allow access to the TPM rng via /dev/hwrng.
Signed-off-by: PrasannaKumar Muralidhara
On 10/23/2017 05:14 PM, Brijesh Singh wrote:
The SEV_PEK_CERT_IMPORT command can be used to import the signed PEK
certificate. The command is defined in SEV spec section 5.8.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-cr
On 10/23/2017 05:19 PM, Brijesh Singh wrote:
The SEV_PDH_CERT_EXPORT command can be used to export the PDH and its
certificate chain. The command is defined in SEV spec section 5.10.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc:
On 10/23/2017 05:10 PM, Brijesh Singh wrote:
The SEV_PEK_CSR command can be used to generate a PEK certificate
signing request. The command is defined in SEV spec section 5.7.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-c
Am 24. Oktober 2017 20:15:12 MESZ schrieb Jarkko Sakkinen
:
>On Tue, Oct 24, 2017 at 10:02:00AM -0700, Dmitry Torokhov wrote:
>> On Tue, Oct 24, 2017 at 9:11 AM, Jason Gunthorpe
>> wrote:
>> > On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar
>Muralidharan wrote:
>> >> Hi Jason,
>> >>
>>
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
The SEV_FACTORY_RESET command can be used by the platform owner to
reset the non-volatile SEV related data. The command is defined in
SEV spec section 5.4
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: T
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
The SEV_PDH_GEN command is used to re-generate the Platform
Diffie-Hellman (PDH) key. The command is defined in SEV spec section
5.6.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linu
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
The Platform Security Processor (PSP) is part of the AMD Secure
Processor (AMD-SP) functionality. The PSP is a dedicated processor
that provides support for key management commands in Secure Encrypted
Virtualization (SEV) mode, along with software-base
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
From: Borislav Petkov
This is AMD-specific hardware so present it in Kconfig only when AMD
CPU support is enabled or on ARM64 where it is also used.
Signed-off-by: Borislav Petkov
Signed-off-by: Brijesh Singh
Cc: Brijesh Singh
Cc: Tom Lendacky
C
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
Define Secure Encrypted Virtualization (SEV) key management command id
and structure. The command definition is available in SEV KM [1] spec
0.14.
[1] http://support.amd.com/TechDocs/55766_SEV-KM API_Specification.pdf
Cc: Paolo Bonzini
Cc: "Radim Kr
On 10/19/2017 09:33 PM, Brijesh Singh wrote:
Add a include file which defines the ioctl and command id used for
issuing SEV platform management specific commands.
Cc: Paolo Bonzini
Cc: "Radim Krčmář"
Cc: Borislav Petkov
Cc: Herbert Xu
Cc: Gary Hook
Cc: Tom Lendacky
Cc: linux-crypto@vger.ke
On Tue, Oct 24, 2017 at 10:05:20PM +0530, PrasannaKumar Muralidharan wrote:
> > 1. Every user in the kernel is using TPM_ANY_NUM, which means there are
> >no other users.
>
> Completely agree that there is no in kernel users yet.
And should never be. It's a bogus parameter that makes no sense
On Tue, Oct 24, 2017 at 10:02:00AM -0700, Dmitry Torokhov wrote:
> On Tue, Oct 24, 2017 at 9:11 AM, Jason Gunthorpe
> wrote:
> > On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar Muralidharan wrote:
> >> Hi Jason,
> >>
> >> On 24 October 2017 at 21:25, Jason Gunthorpe
> >> wrote:
> >> > On
On Tue, Oct 24, 2017 at 11:37:57AM -0600, Jason Gunthorpe wrote:
> On Tue, Oct 24, 2017 at 10:02:00AM -0700, Dmitry Torokhov wrote:
> > tpm-rng is abomination that should be kicked out as soon as possible.
> > It wrecks havoc with the power management (TPM chip drivers may go
> > into suspend state
Hi Jason,
On 24 October 2017 at 23:16, Jason Gunthorpe
wrote:
> On Tue, Oct 24, 2017 at 09:44:30PM +0530, PrasannaKumar Muralidharan wrote:
>
>> I am wondering why it is wrong. Isn't the chip id valid till it is
>> unregistered? If so the rfc is correct. Please explain, may be I am
>> missing som
On Tue, Oct 24, 2017 at 09:44:30PM +0530, PrasannaKumar Muralidharan wrote:
> I am wondering why it is wrong. Isn't the chip id valid till it is
> unregistered? If so the rfc is correct. Please explain, may be I am
> missing something.
The lifetime is a bit complicated, but the general rule in th
On 24 October 2017 at 23:07, Jason Gunthorpe
wrote:
> On Tue, Oct 24, 2017 at 10:02:00AM -0700, Dmitry Torokhov wrote:
>> tpm-rng is abomination that should be kicked out as soon as possible.
>> It wrecks havoc with the power management (TPM chip drivers may go
>> into suspend state, but tpm_rng d
On Tue, Oct 24, 2017 at 10:02:00AM -0700, Dmitry Torokhov wrote:
> tpm-rng is abomination that should be kicked out as soon as possible.
> It wrecks havoc with the power management (TPM chip drivers may go
> into suspend state, but tpm_rng does not do any power management and
> happily forwards req
On Tue, Oct 24, 2017 at 9:11 AM, Jason Gunthorpe
wrote:
> On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar Muralidharan wrote:
>> Hi Jason,
>>
>> On 24 October 2017 at 21:25, Jason Gunthorpe
>> wrote:
>> > On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
>> >
>>
On 24 October 2017 at 21:53, Jarkko Sakkinen
wrote:
> On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
>> On 24 October 2017 at 21:14, Jarkko Sakkinen
>> wrote:
>> > On Mon, Oct 23, 2017 at 10:31:39AM -0600, Jason Gunthorpe wrote:
>> >> On Mon, Oct 23, 2017 at 10:07:31A
On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
> On 24 October 2017 at 21:14, Jarkko Sakkinen
> wrote:
> > On Mon, Oct 23, 2017 at 10:31:39AM -0600, Jason Gunthorpe wrote:
> >> On Mon, Oct 23, 2017 at 10:07:31AM -0400, Stefan Berger wrote:
> >>
> >> > >-int tpm_pcr_ext
On 24 October 2017 at 21:41, Jason Gunthorpe
wrote:
> On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar Muralidharan wrote:
>> Hi Jason,
>>
>> On 24 October 2017 at 21:25, Jason Gunthorpe
>> wrote:
>> > On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
>> >
>> >> P
On Tue, Oct 24, 2017 at 09:37:33PM +0530, PrasannaKumar Muralidharan wrote:
> Hi Jason,
>
> On 24 October 2017 at 21:25, Jason Gunthorpe
> wrote:
> > On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
> >
> >> Please check the RFC [1]. It does use chip id. The rfc has iss
Hi Jason,
On 24 October 2017 at 21:25, Jason Gunthorpe
wrote:
> On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
>
>> Please check the RFC [1]. It does use chip id. The rfc has issues and
>> has to be fixed but still there could be users of the API.
>>
>> 1. https://www
On Tue, Oct 24, 2017 at 09:21:15PM +0530, PrasannaKumar Muralidharan wrote:
> Please check the RFC [1]. It does use chip id. The rfc has issues and
> has to be fixed but still there could be users of the API.
>
> 1. https://www.spinics.net/lists/linux-crypto/msg28282.html
That patch isn't safe a
On 24 October 2017 at 21:14, Jarkko Sakkinen
wrote:
> On Mon, Oct 23, 2017 at 10:31:39AM -0600, Jason Gunthorpe wrote:
>> On Mon, Oct 23, 2017 at 10:07:31AM -0400, Stefan Berger wrote:
>>
>> > >-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
>> > >+int tpm_pcr_extend(int pcr_idx, co
On Mon, Oct 23, 2017 at 10:31:39AM -0600, Jason Gunthorpe wrote:
> On Mon, Oct 23, 2017 at 10:07:31AM -0400, Stefan Berger wrote:
>
> > >-int tpm_pcr_extend(u32 chip_num, int pcr_idx, const u8 *hash)
> > >+int tpm_pcr_extend(int pcr_idx, const u8 *hash)
> > > {
> >
> >
> > I think every kernel
Hi, Romain,
On 10/18/2017 04:32 PM, Romain Izard wrote:
diff --git a/crypto/ccm.c b/crypto/ccm.c
index 1ce37ae0ce56..e7c2121a3ab2 100644
--- a/crypto/ccm.c
+++ b/crypto/ccm.c
@@ -47,6 +47,7 @@ struct crypto_ccm_req_priv_ctx {
u8 odata[16];
u8 idata[16];
u8 auth_tag[16]
On Mon, Oct 23, 2017 at 10:07:31AM -0400, Stefan Berger wrote:
> I think every kernel internal TPM driver API should be called with the
> tpm_chip as a parameter. This is in foresight of namespacing of IMA where we
> want to provide the flexibility of passing a dedicated vTPM to each
> namespace an
Hi Herbert and Paolo,
On 10/19/17 9:33 PM, Brijesh Singh wrote:
> This part of Secure Encryted Virtualization (SEV) patch series focuses on KVM
> changes required to create and manage SEV guests.
>
> SEV is an extension to the AMD-V architecture which supports running encrypted
> virtual machine
Hi Vladimir,
Thank you for review, I will apply almost all of your remarks,
see answers below.
On 22.10.2017 12:18, Vladimir Zapolskiy wrote:
> Hi Kamil,
>
> thank you for updates, I have just a few more comments.
>
> On 10/17/2017 02:28 PM, Kamil Konieczny wrote:
>> [...]
>> - Select sw algori
Hi Vladimir,
Thank you for review.
On 22.10.2017 12:18, Vladimir Zapolskiy wrote:
> Hi Kamil,
>
> On 10/17/2017 02:28 PM, Kamil Konieczny wrote:
>> change spaces into tabs in defines
>
> Here a grammatically correct sentence in English is welcome.
What about: "Change spaces to tabs" ?
>> Sign
2017-10-24 5:20 GMT+02:00 Herbert Xu :
> On Mon, Oct 23, 2017 at 03:38:59PM +0300, Tudor Ambarus wrote:
>>
>> I will propose a fix, but I'm taking my time to better understand why
>> CTR requires to overwrite the iv with the last ciphertext block.
>
> That's an API requirement. So we should fix cc
On Mon, Oct 23, 2017 at 6:00 PM, Stephen Brennan wrote:
> Hi Gilad,
>
> Thanks for the quick reply, I really appreciate your taking time to help a
> newbie get started. I've made the appropriate changes and re-submitted.
It is completely my pleasure. Thanks,
>
>> TIP: if you run the scripts/get_m
Hi Tobin,
On Tue, Oct 24, 2017 at 6:02 AM, Tobin C. Harding wrote:
> On Mon, Oct 23, 2017 at 07:53:18AM -0700, Stephen Brennan wrote:
>> Simply break down some long lines and tab-indent them.
>
> Hi Stephen,
>
> Welcome to the Linux kernel. Great that you have put in a patch, you are,
> however,
43 matches
Mail list logo
