On Fri, Nov 17, 2017 at 11:07:24AM +0100, Javier Martinez Canillas wrote: > This patch is an RFC because I'm not sure if this is the correct way to fix this > issue. I'm not that familiar with the TPM driver so may had missed some details. > > And example of user-space getting confused by the TPM chardev returning -EINVAL > when sending a not supported TPM command can be seen in this tpm2-tools issue: > > https://github.com/intel/tpm2-tools/issues/621 I think this is a user space bug, unfortunately. We talked about this when the spaces code was first written and it seemed the best was to just return EINVAL to indicate that the kernel could not accept the request. This result is semantically different from the TPM could not execute or complete the request. Regarding your specific issue, can you make the command you want to use validate? Would that make sense? > + /* > + * If command validation fails, sent it to the TPM anyways so it can > + * report a proper error to user-space. Just don't do any TPM space > + * management in this case. > + */ > + cmd_validated = tpm_validate_command(chip, space, buf, bufsiz); And sending a command that failed to validate to the TPM cannot be done, as it violates our security model Jason
