linux_dsm_epyc7002/security/integrity/ima
Linus Torvalds 5af7f11588 Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull tpm updates from James Morris:

 - Clean up the transmission flow

   Cleaned up the whole transmission flow. Locking of the chip is now
   done in the level of tpm_try_get_ops() and tpm_put_ops() instead
   taking the chip lock inside tpm_transmit(). The nested calls inside
   tpm_transmit(), used with the resource manager, have been refactored
   out.

   Should make easier to perform more complex transactions with the TPM
   without making the subsystem a bigger mess (e.g. encrypted channel
   patches by James Bottomley).

 - PPI 1.3 support

   TPM PPI 1.3 introduces an additional optional command parameter that
   may be needed for some commands. Display the parameter if the command
   requires such a parameter. Only command 23 (SetPCRBanks) needs one.

   The PPI request file will show output like this then:

      # echo "23 16" > request
      # cat request
      23 16

      # echo "5" > request
      # cat request
      5

 - Extend all PCR banks in IMA

   Instead of static PCR banks array, the array of available PCR banks
   is now allocated dynamically. The digests sizes are determined
   dynamically using a probe PCR read without relying crypto's static
   list of hash algorithms.

   This should finally make sealing of measurements in IMA safe and
   secure.

 - TPM 2.0 selftests

   Added a test suite to tools/testing/selftests/tpm2 previously outside
   of the kernel tree: https://github.com/jsakkine-intel/tpm2-scripts

* 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (37 commits)
  tpm/ppi: Enable submission of optional command parameter for PPI 1.3
  tpm/ppi: Possibly show command parameter if TPM PPI 1.3 is used
  tpm/ppi: Display up to 101 operations as define for version 1.3
  tpm/ppi: rename TPM_PPI_REVISION_ID to TPM_PPI_REVISION_ID_1
  tpm/ppi: pass function revision ID to tpm_eval_dsm()
  tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend()
  KEYS: trusted: explicitly use tpm_chip structure from tpm_default_chip()
  tpm: move tpm_chip definition to include/linux/tpm.h
  tpm: retrieve digest size of unknown algorithms with PCR read
  tpm: rename and export tpm2_digest and tpm2_algorithms
  tpm: dynamically allocate the allocated_banks array
  tpm: remove @flags from tpm_transmit()
  tpm: take TPM chip power gating out of tpm_transmit()
  tpm: introduce tpm_chip_start() and tpm_chip_stop()
  tpm: remove TPM_TRANSMIT_UNLOCKED flag
  tpm: use tpm_try_get_ops() in tpm-sysfs.c.
  tpm: remove @space from tpm_transmit()
  tpm: move TPM space code out of tpm_transmit()
  tpm: move tpm_validate_commmand() to tpm2-space.c
  tpm: clean up tpm_try_transmit() error handling flow
  ...
2019-03-10 17:37:29 -07:00
..
ima_api.c Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2018-12-27 12:04:52 -08:00
ima_appraise.c security: mark expected switch fall-throughs and add a missing break 2019-02-22 09:56:09 -08:00
ima_crypto.c tpm: retrieve digest size of unknown algorithms with PCR read 2019-02-13 09:48:51 +02:00
ima_fs.c security: audit and remove any unnecessary uses of module.h 2018-12-12 14:58:51 -08:00
ima_init.c tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() 2019-02-13 09:48:52 +02:00
ima_kexec.c mm: convert totalram_pages and totalhigh_pages variables to atomic 2018-12-28 12:11:47 -08:00
ima_main.c ima: define ima_post_create_tmpfile() hook and add missing call 2019-02-04 17:36:01 -05:00
ima_mok.c KEYS: Use structure to capture key restriction function and data 2017-04-04 14:10:10 -07:00
ima_policy.c audit/stable-5.1 PR 20190305 2019-03-07 12:20:11 -08:00
ima_queue.c tpm: pass an array of tpm_extend_digest structures to tpm_pcr_extend() 2019-02-13 09:48:52 +02:00
ima_template_lib.c security: mark expected switch fall-throughs and add a missing break 2019-02-22 09:56:09 -08:00
ima_template_lib.h ima: introduce ima_parse_buf() 2017-06-21 14:37:12 -04:00
ima_template.c security/integrity: constify some read-only data 2018-10-10 12:56:15 -04:00
ima.h Merge branch 'next-tpm' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2019-03-10 17:37:29 -07:00
Kconfig x86/ima: define arch_get_ima_policy() for x86 2018-12-11 07:13:41 -05:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00