On Mon, 29 Oct 2018, Safford, David (GE Global Research, US) wrote:
Hello
I'm trying to issue TPM2.0 PPI commands (operation > 22) with no success.
Is there any known issue with it?
Is there a reason PPI_TPM_REQ_MAX is set to 22? Could it be set to 127 so
we can check in tcg_operations which commands are implemented or not?
Thanks
-Víctor Gonzalo
The current tpm_ppi.c driver is a bit dated.
It does not recognize v 1.3 correctly, it does not support commands with arguments,
(23 requires the bank bitmask as an argument), and it limits the display to < 23.
I'm working on a patch, and have successfully issued 23 (PCR_Allocate).
Note that not all vendors implement 23 as it could lock users out of Bitlocker systems.
My HP Spectre does, but apparently Dell's don't in general. I was planning on
sampling different systems once the driver update is working.
dave
Dave, I would suggest to document the PPI interface under while you
refine the interface:
Documentation/security/tpm/
Would be very useful to have a simple plain text document there that
explains how to use the sysfs interface and what each command do
rather than having to always look them up from TCG specs.
This would be a good time as this will add more complexity to the
interface.
/Jarkko
