[Feature] TPM2.0 kernel support

Bug #1398274 reported by Yingying Zhao on 2014-12-02
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
intel
Undecided
Unassigned
linux (Ubuntu)
Medium
Tim Gardner
Xenial
Medium
Tim Gardner

Bug Description

This entry will track TPM2.0 kernel work.

Intel schedule:
basic device driver:4.0
device driver improvement: 4.5
trusted keys: 4.5
sysfs attributes: 4.4

==
Kernel-Description: TPM2.0 trusted keys fixes

Do we references for the upstream commits to confirm we have this in our Vivid 15.04 kernel?

XiongZhang (xiong-y-zhang) wrote :

For tpm 2.0 basic kernel support, it has landed into 4.0 kenrel.
aec04cb tpm: TPM 2.0 FIFO Interface
30fc8d1 tpm: TPM 2.0 CRB Interface
7a1d7e6 tpm: TPM 2.0 baseline support
313d21e tpm: device class for tpm
71ed848 tpm: rename chip->dev to chip->pdev
0dc5536 tpm: fix raciness of PPI interface lookup
afb5abc tpm: two-phase chip management functions
87155b7 tpm: merge duplicate transmit_cmd() functions
1a0f1b2 tpm_ibmvtpm: Update email address in maintainers list and ibmvtpm driver
67fe941 tpm/tpm_i2c_stm_st33: Fix coccinelle warnings. Possible NULL pointer dereference
f2f083b tpm/tpm_i2c_stm_st33: Increment driver version to 1.2.1.
00820e8 tpm/tpm_i2c_stm_st33: Remove useless i2c read on interrupt registers
c3804b8 tpm/tpm_i2c_stm_st33: Interrupt management improvement
8dcd198 tpm/tpm_i2c_stm_st33: Few code cleanup
e8f6f3b tpm/tpm_i2c_stm_st33/dts/st33zp24_i2c: Add DTS Documentation
c36b1b2 tpm/tpm_i2c_stm_st33: Add devicetree structure
875edad tpm/tpm_i2c_stm_st33: Replace tpm_st33_* function with tpm_stm_*
ca16b76 tpm/tpm_i2c_stm_st33: Replace err/rc/ret by ret for a function return code
76182b6 tpm/tpm_i2c_stm_st33: Remove reference to io_serirq
b9626f3 tpm/tpm_i2c_stm_st33: Add new tpm_stm_dev structure and remove tpm_i2c_buffer[0], [1] buffer.
2dbca75 tpm/tpm_i2c_stm_st33: Move tpm registers to tpm_i2c_stm_st33.c
7500c4b tpm/tpm_i2c_stm_st33: Fix few coding style error reported by scripts/checkpatch.pl
642d2be tpm/tpm_i2c_stm_st33: Change License header to have up to date address information
578aa13 tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product
1ba3b0b tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
2dfc2de char: tpm: Deletion of unnecessary checks before the function call "tpm_dev_vendor_release"
9fd8e5a tpm: remove unnecessary sizeof(u8)
84eb186 tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
448e9c5 tpm_tis: verify interrupt during init
bb95cd3 char: tpm: Add missing error check for devm_kzalloc
398a1e7 TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev

description: updated

Thanks Xiong,

Given the amount of patches required to backport and enable TPM 2.0 support, I'd prefer if we could postpone this feature until 15.10. Especially since I don't believe this is a hard requirement for some of our partners.

Stéphane Verdy (sverdy) wrote :

Actually we have had OEM requests for TPM 2.0 support with SKL. Would it be possible to target 15.04?

XiongZhang (xiong-y-zhang) wrote :

Since currently user space tools as TSS2/tpm2-tools isn't ready and the plan for this tools is late Q2, without this user space components, we really don't have a TPM 2.0 solution. So I agree with Leann to postpone TPM 2.0 support to 15.10.

description: updated
summary: - [Feature] TPM2.0
+ [Feature] TPM2.0 kernel
summary: - [Feature] TPM2.0 kernel
+ [Feature] TPM2.0 kernel support

Any recent status updates for TPM 2.0?

Keve Gabbert (keve-a-gabbert) wrote :

response I received when asking if there is any status update:
>The honest answer: no . There is only one active maintainer:
>Peter Hüwe. I haven't heard about him for a while now. He doesn't do
>the maintaining on paid time. That's why things are not progressing.
>
>And yes, this is a real problem because we cannot plan and schedule
>anything properly.

XiongZhang (xiong-y-zhang) wrote :

For sysfs attributes in 4.4:
b8e98dc tpm: update PPI documentation to address the location change.
9b774d5 tpm: move the PPI attributes to character device directory.
37c1c04 sysfs: added __compat_only_sysfs_link_entry_to_kobj()

description: updated
XiongZhang (xiong-y-zhang) wrote :

For trusted keys in v4.5
5beb0c4 keys, trusted: seal with a TPM2 authorization policy
5ca4c20 keys, trusted: select hash algorithm for TPM2 chips
5208cc8 keys, trusted: fix: *do not* allow duplicate key options

Tim Gardner (timg-tpi) on 2016-01-27
information type: Proprietary → Public
Changed in linux (Ubuntu Xenial):
assignee: nobody → Tim Gardner (timg-tpi)
status: New → Fix Committed
Changed in linux (Ubuntu Xenial):
importance: Undecided → Medium
Launchpad Janitor (janitor) wrote :
Download full text (17.3 KiB)

This bug was fixed in the package linux - 4.4.0-2.16

---------------
linux (4.4.0-2.16) xenial; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1539090
  * SAUCE: hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * SAUCE: dm: introduce a target_ioctl op to allow target specific ioctls
    - LP: #1538618

  [ Colin Ian King ]

  * SAUCE: ACPI / tables: Add acpi_force_32bit_fadt_addr option to force 32
    bit FADT addresses (LP: #1529381)
    - LP: #1529381

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906

  [ Mahesh Salgaonkar ]

  * SAUCE: Powernv: Remove the usage of PACAR1 from opal wrappers
    - LP: #1537881
  * SAUCE: powerpc/book3s: Fix TB corruption in guest exit path on HMI
    interrupt.
    - LP: #1537881
  * SAUCE: KVM: PPC: Book3S HV: Fix soft lockups in KVM on HMI for time
    base errors
    - LP: #1537881

  [ Paolo Pisati ]

  * SAUCE: arm64: errata: Add -mpc-relative-literal-loads to erratum
    #843419 build flags
    - LP: #1533009
  * [Config] MFD_TPS65217=y && REGULATOR_TPS65217=y
  * [Config] disable ARCH_ZX (ZTE ZX Soc)

  [ Tim Gardner ]

  * Revert "SAUCE: (noup) cxlflash: a couple off by one bugs"
  * SAUCE: (no-up) Update bnx2x firmware to 7.12.30.0
    - LP: #1536719
  * SAUCE: drop obsolete bnx2x firmware
  * SAUCE: i40e: Silence 'may be used uninitialized' warnings
    - LP: #1536474
  * [Config] CONFIG_ZONE_DMA=y for amd64 lowlatency
    - LP: #1534647
  * [Config] Add pvpanic to virtual flavour
    - LP: #1537923
  * [Config] CONFIG_INTEL_PUNIT_IPC=m, CONFIG_INTEL_TELEMETRY=m
    - LP: #1520457

  [ Upstream Kernel Changes ]

  * i40evf: fix compiler warning of unused variable
    - LP: #1536474
  * intel: i40e: fix confused code
    - LP: #1536474
  * i40e/i40evf: remove unused tunnel parameter
    - LP: #1536474
  * i40e: Change BUG_ON to WARN_ON in service event complete
    - LP: #1536474
  * i40e: remove BUG_ON from feature string building
    - LP: #1536474
  * i40e: remove BUG_ON from FCoE setup
    - LP: #1536474
  * i40e: Workaround fix for mss < 256 issue
    - LP: #1536474
  * i40e/i40evf: Add a stat to track how many times we have to do a force
    WB
    - LP: #1536474
  * i40e: Move the saving of old link info from handle_link_event to
    link_event
    - LP: #1536474
  * i40e/i40evf: Add comment to #endif
    - LP: #1536474
  * i40e/i40evf: clean up error messages
    - LP: #1536474
  * i40evf: handle many MAC filters correctly
    - LP: #1536474
  * i40e: return the number of enabled queues for ETHTOOL_GRXRINGS
    - LP: #1536474
  * i40e: rework the functions to configure RSS with similar parameters
    - LP: #1536474
  * i40e: create a generic configure rss function
    - LP: #1536474
  * i40e: Bump version to 1.4.2
    - LP: #1536474
  * i40e: add new fields to store user configuration
    - LP: #1536474
  * i40e: rename rss_size to alloc_rss_size in i40e_pf
    - LP: #1536474
  * i40e/i40evf: Fix RS bit update in Tx path and disable force WB
    workaround
    - LP: #1536474
  * i40e/i40evf: prefetch skb data on transmit
    - LP: #1536474
  * i40evf: rename VF adapter s...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
XiongZhang (xiong-y-zhang) wrote :

Sorry, I have to add more commits for TPM 2.0 trusted keys.
In v4.5 kernel:
6674ff1 tpm_ibmvtpm: properly handle interrupted packet receptions
b8ba1e7 tpm_tis: Tighten IRQ auto-probing
e3837e7 tpm_tis: Refactor the interrupt setup
7ab4032 tpm_tis: Get rid of the duplicate IRQ probing code
2511204 tpm: rework tpm_get_timeouts()
036bb38 tpm_tis: Ensure interrupts are disabled when the driver starts
727f28b tpm_tis: Use devm_free_irq not free_irq
f728643 tpm_tis: further simplify calculation of ordinal duration

There are also some bug fixes patches queued in maintainer's tree for v4.6. Once 4.6-rc1 is released, we will give the commits.
If 16.04 couldn't wait for 4.6-rc1, 16.04 should pick this fixes at least which will be in 4.5.1 stable. https://git.kernel.org/cgit/linux/kernel/git/jmorris/linux-security.git/commit/?h=next&id=c0b5eed110dcf520aadafefbcc40658cbdd18b95

Tim Gardner (timg-tpi) on 2016-03-09
Changed in linux (Ubuntu Xenial):
status: Fix Released → Fix Committed
Andy Whitcroft (apw) on 2016-03-10
description: updated
Launchpad Janitor (janitor) wrote :
Download full text (7.0 KiB)

This bug was fixed in the package linux - 4.4.0-13.29

---------------
linux (4.4.0-13.29) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1556247

  * s390/mm: four page table levels vs. fork (LP: #1556141)
    - s390/mm: four page table levels vs. fork

  * [Hyper-V] network performance patches for Xenial 16.04 (LP: #1556037)
    - hv_netvsc: use skb_get_hash() instead of a homegrown implementation
    - hv_netvsc: cleanup netdev feature flags for netvsc

  * fails to boot on megaraid (LP: #1552903)
    - SAUCE: (noup) megaraid_sas: Don't issue kill adapter for MFI controllers in
      case of PD list DCMD failure

  * ALSA: hda - add codec support for Kabylake display audio codec (LP: #1556002)
    - ALSA: hda - add codec support for Kabylake display audio codec

  * Backport upstream bugfixes to ubuntu-16.04 (LP: #1555765)
    - cpufreq: powernv: Free 'chips' on module exit
    - cpufreq: powernv: Hot-plug safe the kworker thread
    - cpufreq: powernv: Remove cpu_to_chip_id() from hot-path
    - cpufreq: powernv/tracing: Add powernv_throttle tracepoint
    - cpufreq: powernv: Replace pr_info with trace print for throttle event
    - SAUCE: (noup) cpufreq: powernv: Fix bugs in powernv_cpufreq_{init/exit}

  * Linux netfilter IPT_SO_SET_REPLACE memory corruption (LP: #1555338)
    - SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving userspace

  * integer overflow in xt_alloc_table_info (LP: #1555353)
    - SAUCE: (noup) netfilter: x_tables: check for size overflow

  * linux: auto-generate the reconstruct information from the git tag (LP: #1555543)
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Config] reconstruct -- update to autoreconstruct output
    - [Packaging] reconstruct -- update when inserting final changes

  * Xenial update to v4.4.5 stable release (LP: #1555640)
    - use ->d_seq to get coherency between ->d_inode and ->d_flags
    - drivers: sh: Restore legacy clock domain on SuperH platforms
    - Btrfs: fix deadlock running delayed iputs at transaction commit time
    - btrfs: Fix no_space in write and rm loop
    - btrfs: async-thread: Fix a use-after-free error for trace
    - block: Initialize max_dev_sectors to 0
    - PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
    - parisc: Fix ptrace syscall number and return value modification
    - mips/kvm: fix ioctl error handling
    - kvm: x86: Update tsc multiplier on change.
    - fbcon: set a default value to blink interval
    - cifs: fix out-of-bounds access in lease parsing
    - CIFS: Fix SMB2+ interim response processing for read requests
    - Fix cifs_uniqueid_to_ino_t() function for s390x
    - vfio: fix ioctl error handling
    - KVM: x86: fix root cause for missed hardware breakpoints
    - arm/arm64: KVM: Fix ioctl error handling
    - iommu/amd: Apply workaround for ATS write permission check
    - iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
    - iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
    - target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - drm/ast: Fix incorrect register check for DRAM width
    - d...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
XiongZhang (xiong-y-zhang) wrote :

Some tpm2.0 bug fix patches are missed v4.5 and delayed to v4.6:
2cb6d64 tpm_tis: fix build warning with tpm_tis_resume
99cda8c tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
30f9c8c tpm_crb/tis: fix: use dev_name() for /proc/iomem
186d124 tpm_eventlog.c: fix binary_bios_measurements
4f3b193 tpm: fix: return rc when devm_add_action() fails
c0b5eed tpm: fix: set continueSession attribute for the unseal operation
8e0ee3c tpm: fix the cleanup of struct tpm_chip
72c91ce tpm: fix the rollback in tpm_chip_register()
1bd047b tpm_crb: Use devm_ioremap_resource
1e3ed59 tpm_crb: Drop le32_to_cpu(ioread32(..))
0019482 tpm_tis: Clean up the force=1 module parameter
51dd43d tpm_tis: Use devm_ioremap_resource
4d627e6 tpm_tis: Do not fall back to a hardcoded address for TPM2
ef7b81d tpm_tis: Disable interrupt auto probing on a per-device basis
55a889c tpm_crb: Use the common ACPI definition of struct acpi_tpm2
f3c82ad tpm: fix checks for policy digest existence in tpm2_seal_trusted()
e5be990 tpm: remove unneeded include of actbl2.h

Tim Gardner (timg-tpi) wrote :

tpm: remove unneeded include of actbl2.h
tpm: fix checks for policy digest existence in tpm2_seal_trusted()
tpm_crb: Use the common ACPI definition of struct acpi_tpm2
tpm_tis: Disable interrupt auto probing on a per-device basis
tpm_tis: Do not fall back to a hardcoded address for TPM2
tpm_tis: Use devm_ioremap_resource
tpm_tis: Clean up the force=1 module parameter
tpm_crb: Drop le32_to_cpu(ioread32(..))
tpm_crb: Use devm_ioremap_resource
tpm: fix the rollback in tpm_chip_register()
tpm: fix the cleanup of struct tpm_chip
tpm: fix: set continueSession attribute for the unseal operation
tpm: fix: return rc when devm_add_action() fails
tpm_eventlog.c: fix binary_bios_measurements
tpm_crb/tis: fix: use dev_name() for /proc/iomem
tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
tpm_tis: fix build warning with tpm_tis_resume

Changed in linux (Ubuntu Xenial):
status: Fix Released → Fix Committed
Launchpad Janitor (janitor) wrote :
Download full text (7.9 KiB)

This bug was fixed in the package linux - 4.4.0-18.34

---------------
linux (4.4.0-18.34) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1566868

  * [i915_bpo] Fix RC6 on SKL GT3 & GT4 (LP: #1564759)
    - SAUCE: i915_bpo: drm/i915/skl: Fix rc6 based gpu/system hang
    - SAUCE: i915_bpo: drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs

  * CONFIG_ARCH_ROCKCHIP not enabled in armhf generic kernel (LP: #1566283)
    - [Config] CONFIG_ARCH_ROCKCHIP=y

  * [Feature] Memory Bandwidth Monitoring (LP: #1397880)
    - perf/x86/cqm: Fix CQM handling of grouping events into a cache_group
    - perf/x86/cqm: Fix CQM memory leak and notifier leak
    - x86/cpufeature: Carve out X86_FEATURE_*
    - Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
    - x86/topology: Create logical package id
    - perf/x86/mbm: Add Intel Memory B/W Monitoring enumeration and init
    - perf/x86/mbm: Add memory bandwidth monitoring event management
    - perf/x86/mbm: Implement RMID recycling
    - perf/x86/mbm: Add support for MBM counter overflow handling

  * User namespace mount updates (LP: #1566505)
    - SAUCE: quota: Require that qids passed to dqget() be valid and map into s_user_ns
    - SAUCE: fs: Allow superblock owner to change ownership of inodes with unmappable ids
    - SAUCE: fuse: Don't initialize user_id or group_id in mount options
    - SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace
    - SAUCE: fs: fix a posible leak of allocated superblock

  * [arm64] kernel BUG at /build/linux-StrpB2/linux-4.4.0/fs/ext4/inode.c:2394!
    (LP: #1566518)
    - arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
    - arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission

  * [Feature]USB core and xHCI tasks for USB 3.1 SuperSpeedPlus (SSP) support
    for Alpine Ridge on SKL (LP: #1519623)
    - usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices
    - usb: set USB 3.1 roothub device speed to USB_SPEED_SUPER_PLUS
    - usb: show speed "10000" in sysfs for USB 3.1 SuperSpeedPlus devices
    - usb: add device descriptor for usb 3.1 root hub
    - usb: Support USB 3.1 extended port status request
    - xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices.
    - xhci: set roothub speed to USB_SPEED_SUPER_PLUS for USB3.1 capable controllers
    - xhci: USB 3.1 add default Speed Attributes to SuperSpeedPlus device capability
    - xhci: set slot context speed field to SuperSpeedPlus for USB 3.1 SSP devices
    - usb: Add USB3.1 SuperSpeedPlus Isoc Endpoint Companion descriptor
    - usb: Parse the new USB 3.1 SuperSpeedPlus Isoc endpoint companion descriptor
    - usb: Add USB 3.1 Precision time measurement capability descriptor support
    - xhci: refactor and cleanup endpoint initialization.
    - xhci: Add SuperSpeedPlus high bandwidth isoc support to xhci endpoints
    - xhci: cleanup isoc tranfers queuing code
    - xhci: Support extended burst isoc TRB structure used by xhci 1.1 for USB 3.1
    - SAUCE: (noup) usb: fix regression in SuperSpeed endpoint descriptor parsing

  * wrong/missing permissions for device f...

Read more...

Changed in linux (Ubuntu Xenial):
status: Fix Committed → Fix Released
Changed in intel:
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers