On 8/18/20 5:25 PM, Stefan Berger wrote:
On 8/18/20 2:54 PM, Stefan Berger wrote:
On 8/18/20 11:36 AM, Jarkko Sakkinen wrote:
Stefan, are you concerned of not having this in 4.14 and 4.19?
Yes. The problematic scenario is when libtpms is updated to a
version (future v0.8.0) that supports 3072 bit RSA keys and software
inside a VM is using /dev/tpmrm0 and things start failing because of
this. My hope would be that the distro run inside the VM has a way
forward and the long term stable kernels seem to help here. Because
of this scenario I have to delay the release of libtpms v0.8.0 for
several months.
I just ported it to 4.19.139 and will try to do the port to 4.14.191++
as well. I will post it here once I ran some (basic) tests with it.
The porting is done and I tested the changes. The problem on these
kernel versions is that I cannot recreate the problem (inside a VM).
On a host with libtpms-0.8.0 (tip of master) running a VM with attached
vTPM and the guest running kernel 5.6.18-300.fc2 the following command
line just hangs:
echo test | clevis encrypt tpm2 '{"key":"rsa"}' | clevis decrypt
dmesg shows:
tpm tpm0: tpm2_save_context: out of backing store
tpm2_commit_space: error -12
On these 4.14 and 4.19 kernels the expected output of 'test' just
appears on the screen. The context swapping behavior seems to be different.
Though based on the benefits of the larger buffer size that may prevent
unnecessary problems, if context swapping somehow kicks in, we should
apply the patches there as well.
Stefan
