kernel/linux.git/drivers/char/tpm/Kconfig, branch linux-7.0.y

tpm: Compare HMAC values in constant time

2025-10-10T05:21:45+00:00

In tpm_buf_check_hmac_response(), compare the HMAC values in constant time using crypto_memneq() instead of in variable time using memcmp(). This is worthwhile to follow best practices and to be consistent with MAC comparisons elsewhere in the kernel. However, in this driver the side channel seems to have been benign: the HMAC input data is guaranteed to always be unique, which makes the usual MAC forgery via timing side channel not possible. Specifically, the HMAC input data in tpm_buf_check_hmac_response() includes the "our_nonce" field, which was generated by the kernel earlier, remains under the control of the kernel, and is unique for each call to tpm_buf_check_hmac_response(). Signed-off-by: Eric Biggers Signed-off-by: Jarkko Sakkinen

tpm: Disable TPM2_TCG_HMAC by default

2025-10-10T05:21:45+00:00

After reading all the feedback, right now disabling the TPM2_TCG_HMAC is the right call. Other views discussed: A. Having a kernel command-line parameter or refining the feature otherwise. This goes to the area of improvements. E.g., one example is my own idea where the null key specific code would be replaced with a persistent handle parameter (which can be *unambigously* defined as part of attestation process when done correctly). B. Removing the code. I don't buy this because that is same as saying that HMAC encryption cannot work at all (if really nitpicking) in any form. Also I disagree on the view that the feature could not be refined to something more reasoable. Also, both A and B are worst options in terms of backporting. Thuss, this is the best possible choice. Cc: stable@vger.kernel.or # v6.10+ Fixes: d2add27cf2b8 ("tpm: Add NULL primary creation") Suggested-by: Chris Fenner Signed-off-by: Jarkko Sakkinen

tpm: Add a driver for Loongson TPM device

2025-09-02T11:29:57+00:00

Loongson Security Engine supports random number generation, hash, symmetric encryption and asymmetric encryption. Based on these encryption functions, TPM2 have been implemented in the Loongson Security Engine firmware. This driver is responsible for copying data into the memory visible to the firmware and receiving data from the firmware. Co-developed-by: Yinggang Gu Signed-off-by: Yinggang Gu Signed-off-by: Qunqin Zhao Reviewed-by: Huacai Chen Reviewed-by: Jarkko Sakkinen Link: https://lore.kernel.org/r/20250705072045.1067-4-zhaoqunqin@loongson.cn Signed-off-by: Lee Jones

tpm: Add SNP SVSM vTPM driver

2025-04-10T14:24:29+00:00

Add driver for the vTPM defined by the AMD SVSM spec [1]. The specification defines a protocol that a SEV-SNP guest OS can use to discover and talk to a vTPM emulated by the Secure VM Service Module (SVSM) in the guest context, but at a more privileged level (VMPL0). The new tpm-svsm platform driver uses API exposed by the x86/sev core implementation interface to a SVSM to send commands and receive responses. The device cannot be hot-plugged/unplugged as it is emulated by the platform, so module_platform_driver_probe() can be used. The device will be registered by the platform only when it's available, so the probe function just needs to setup the tpm_chip. This device does not support interrupts and sends responses to commands synchronously. In order to have .recv() called just after .send() in tpm_try_transmit(), the .status() callback is not implemented as recently supported by commit 980a573621ea ("tpm: Make chip->{status,cancel,req_canceled} opt"). [1] "Secure VM Service Module for SEV-SNP Guests" Publication # 58019 Revision: 1.00 [ bp: Massage commit message. ] Signed-off-by: Stefano Garzarella Signed-off-by: Borislav Petkov (AMD) Reviewed-by: Jarkko Sakkinen Link: https://lore.kernel.org/r/20250410135118.133240-4-sgarzare@redhat.com

tpm_crb: ffa_tpm: Implement driver compliant to CRB over FF-A

2025-03-27T13:34:05+00:00

The ARM specification TPM Service CRB over FF-A specification defines the FF-A messages to interact with a CRB-based TPM implemented as an FF-A secure partition. See: https://developer.arm.com/documentation/den0138/latest/ This driver is probed when a TPM Secure Partition is discovered by the FF-A subsystem. It exposes APIs used by the TPM CRB driver to send notifications to the TPM. [jarkko: Fine-tuned the commit message.] Acked-by: Sudeep Holla Reviewed-by: Jarkko Sakkinen Signed-off-by: Stuart Yoder Signed-off-by: Jarkko Sakkinen

tpm: atmel: Drop PPC64 specific MMIO setup

2024-11-21T22:56:50+00:00

The PPC64 specific MMIO setup open codes DT address functions rather than using standard address parsing functions. The open-coded version fails to handle any address translation and is not endian safe. I haven't found any evidence of what platform used this. The only thing that turned up was a PPC405 platform, but that is 32-bit and PPC405 support is being removed as well. CONFIG_TCG_ATMEL is not enabled for any powerpc config and never was. The support was added in 2005 and hasn't been touched since. Rather than try to modernize and fix this code, just remove it. [jarkko: fixed couple of style issues reported by checkpatch.pl --strict and put offset into parentheses in the macro declarations.] Signed-off-by: Rob Herring (Arm) Acked-by: Michael Ellerman Reviewed-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

tpm: Enable TCG_TPM2_HMAC by default only for X86_64

2024-05-28T10:14:29+00:00

Given the not fully root caused performance issues on non-x86 platforms, enable the feature by default only for x86-64. That is the platform it brings the most value and has gone most of the QA. Can be reconsidered later and can be obviously opt-in enabled too on any arch. Link: https://lore.kernel.org/linux-integrity/bf67346ef623ff3c452c4f968b7d900911e250c3.camel@gmail.com/#t Signed-off-by: Jarkko Sakkinen

tpm: Add HMAC session start and end functions

2024-05-09T19:30:51+00:00

Add session based HMAC authentication plus parameter decryption and response encryption using AES. The basic design is to segregate all the nasty crypto, hash and hmac code into tpm2-sessions.c and export a usable API. The API first of all starts off by gaining a session with tpm2_start_auth_session() which initiates a session with the TPM and allocates an opaque tpm2_auth structure to handle the session parameters. The design is that session use will be single threaded from start to finish under the ops lock, so the tpm2_auth structure is stored in struct tpm2_chip to simpify the externally visible API. The session can be ended with tpm2_end_auth_session() which is designed only to be used in error legs. Ordinarily the further session API (future patches) will end or continue the session appropriately without having to call this. Signed-off-by: James Bottomley Reviewed-by: Ard Biesheuvel # crypto API parts Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

tpm: Add TCG mandated Key Derivation Functions (KDFs)

2024-05-09T19:30:51+00:00

The TCG mandates two Key derivation functions called KDFa and KDFe used to derive keys from seeds and elliptic curve points respectively. The definitions for these functions are found in the TPM 2.0 Library Specification Part 1 - Architecture Guide https://trustedcomputinggroup.org/resource/tpm-library-specification/ Implement a cut down version of each of these functions sufficient to support the key derivation needs of HMAC sessions. Signed-off-by: James Bottomley Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen

tpm: Add NULL primary creation

2024-05-09T19:30:51+00:00

The session handling code uses a "salted" session, meaning a session whose salt is encrypted to the public part of another TPM key so an observer cannot obtain it (and thus deduce the session keys). This patch creates and context saves in the tpm_chip area the primary key of the NULL hierarchy for this purpose. [jarkko@kernel.org: fixed documentation errors] Signed-off-by: James Bottomley Reviewed-by: Jarkko Sakkinen Tested-by: Jarkko Sakkinen Signed-off-by: Jarkko Sakkinen