Page MenuHomeFreeBSD
Differential D55074

tpm20: fix suspend/resume and entropy harvesting
ClosedPublic
Actions

Authored by kevans on Tue, Feb 3, 6:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Feb 4, 1:07 AM
Unknown Object (File)
Tue, Feb 3, 11:00 PM
Unknown Object (File)
Tue, Feb 3, 9:11 PM
Unknown Object (File)
Tue, Feb 3, 5:38 PM
Unknown Object (File)
Tue, Feb 3, 2:27 PM
Unknown Object (File)
Tue, Feb 3, 12:47 PM
Subscribers
emaste
imp

Details

Reviewers
obrien
garga
markj
Commits
rG38a4995eb52d: tpm20: fix suspend/resume and entropy harvesting
Summary

There were a few problem here:

  • TPM2_Shutdown results in a response that we need to either process or ignore, otherwise any tpm20_write or tpm20_harvest call will trivially hang on an sc->pending_data_length != 0
  • We should have a matching TPM2_Startup upon resume to restore any state that should have persisted
  • We must drain the harvest task before we suspend to avoid problems there

Fixes: 3deb21f1afd5 ("random: TPM_HARVEST should have been [...]")
Co-authored-by: markj (D53835)

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

kevans created this revision.Tue, Feb 3, 6:08 AM
Herald added a subscriber: imp. · View Herald TranscriptTue, Feb 3, 6:08 AM
kevans requested review of this revision.Tue, Feb 3, 6:08 AM
Harbormaster completed remote builds in B70366: Diff 171048.Tue, Feb 3, 6:08 AM
kevans added a comment.Tue, Feb 3, 6:08 AM

This has been lightly tested, but additional validation would be appreciated.

garga added a comment.Tue, Feb 3, 12:50 PM

I'm gonna test it on my laptop but I believe you should uncomment tpm device on GENERIC together with this change

kevans added a comment.Tue, Feb 3, 1:13 PM
In D55074#1258796, @garga wrote:

I'm gonna test it on my laptop but I believe you should uncomment tpm device on GENERIC together with this change

Thanks!

re: GENERIC, I'd prefer to evaluate that independently- these fixes are still necessary standalone, and it'd be good to have a clean version for MFC.

emaste added a subscriber: emaste.Tue, Feb 3, 2:13 PM

Agree with @kevans, we should get this fixed first and re-enable after some wider testing.

garga accepted this revision.Tue, Feb 3, 5:33 PM

It works perfectly here. I've added tpm to kernel and suspended / resumed lots of times. Thank you!

This revision is now accepted and ready to land.Tue, Feb 3, 5:33 PM
Closed by commit rG38a4995eb52d: tpm20: fix suspend/resume and entropy harvesting (authored by kevans). · Explain WhyThu, Feb 5, 3:36 AM
This revision was automatically updated to reflect the committed changes.
kevans added a commit: rG38a4995eb52d: tpm20: fix suspend/resume and entropy harvesting.

Revision Contents
Changeset List

PathSize
sys/
dev/
tpm/
1 line
65 lines
1 line
1 line

Diff 171189

View Options

sys/dev/tpm/tpm20.h

Loading...
View Options

sys/dev/tpm/tpm20.c

Loading...
View Options

sys/dev/tpm/tpm_crb.c

Loading...
View Options

sys/dev/tpm/tpm_tis_core.c

Loading...