b19239143e
These are the changes for the TPM driver with a single major new feature: TPM bus encryption and integrity protection. The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. Other than the pull request a few minor fixes and documentation for tpm_tis to clarify basics of TPM localities for future patch review discussions (will be extended and refined over times, just a seed). [1] https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/ BR, Jarkko -----BEGIN PGP SIGNATURE----- iJYEABYKAD4WIQRE6pSOnaBC00OEHEIaerohdGur0gUCZj0l2iAcamFya2tvLnNh a2tpbmVuQGxpbnV4LmludGVsLmNvbQAKCRAaerohdGur0m8yAP4hBjMtpgAJZ4eZ 5o9tEQJrh/1JFZJ+8HU5IKPc4RU8BAEAyyYOCtxtS/C5B95iP+LvNla0KWi0pprU HsCLULnV2Aw= =RTXJ -----END PGP SIGNATURE----- Merge tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd Pull TPM updates from Jarkko Sakkinen: "These are the changes for the TPM driver with a single major new feature: TPM bus encryption and integrity protection. The key pair on TPM side is generated from so called null random seed per power on of the machine [1]. This supports the TPM encryption of the hard drive by adding layer of protection against bus interposer attacks. Other than that, a few minor fixes and documentation for tpm_tis to clarify basics of TPM localities for future patch review discussions (will be extended and refined over times, just a seed)" Link: https://lore.kernel.org/linux-integrity/20240429202811.13643-1-James.Bottomley@HansenPartnership.com/ [1] * tag 'tpmdd-next-6.10-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/jarkko/linux-tpmdd: (28 commits) Documentation: tpm: Add TPM security docs toctree entry tpm: disable the TPM if NULL name changes Documentation: add tpm-security.rst tpm: add the null key name as a sysfs export KEYS: trusted: Add session encryption protection to the seal/unseal path tpm: add session encryption protection to tpm2_get_random() tpm: add hmac checks to tpm2_pcr_extend() tpm: Add the rest of the session HMAC API tpm: Add HMAC session name/handle append tpm: Add HMAC session start and end functions tpm: Add TCG mandated Key Derivation Functions (KDFs) tpm: Add NULL primary creation tpm: export the context save and load commands tpm: add buffer function to point to returned parameters crypto: lib - implement library version of AES in CFB mode KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers tpm: Add tpm_buf_read_{u8,u16,u32} tpm: TPM2B formatted buffers tpm: Store the length of the tpm_buf data separately. tpm: Update struct tpm_buf documentation comments ... |
||
---|---|---|
.. | ||
ABI | ||
accel | ||
accounting | ||
admin-guide | ||
arch | ||
block | ||
bpf | ||
cdrom | ||
core-api | ||
cpu-freq | ||
crypto | ||
dev-tools | ||
devicetree | ||
doc-guide | ||
driver-api | ||
fault-injection | ||
fb | ||
features | ||
filesystems | ||
firmware_class | ||
firmware-guide | ||
fpga | ||
gpu | ||
hid | ||
hwmon | ||
i2c | ||
iio | ||
images | ||
infiniband | ||
input | ||
isdn | ||
kbuild | ||
kernel-hacking | ||
leds | ||
litmus-tests | ||
livepatch | ||
locking | ||
maintainer | ||
mhi | ||
misc-devices | ||
mm | ||
netlabel | ||
netlink | ||
networking | ||
nvdimm | ||
nvme | ||
PCI | ||
pcmcia | ||
peci | ||
power | ||
process | ||
RCU | ||
rust | ||
scheduler | ||
scsi | ||
security | ||
sound | ||
sphinx | ||
sphinx-static | ||
spi | ||
staging | ||
target | ||
tee | ||
timers | ||
tools | ||
trace | ||
translations | ||
usb | ||
userspace-api | ||
virt | ||
w1 | ||
watchdog | ||
wmi | ||
.gitignore | ||
atomic_bitops.txt | ||
atomic_t.txt | ||
Changes | ||
CodingStyle | ||
conf.py | ||
docutils.conf | ||
dontdiff | ||
index.rst | ||
Kconfig | ||
Makefile | ||
memory-barriers.txt | ||
SubmittingPatches | ||
subsystem-apis.rst |