On 8/18/20 5:25 PM, Stefan Berger wrote:
On 8/18/20 2:54 PM, Stefan Berger wrote:
On 8/18/20 11:36 AM, Jarkko Sakkinen wrote:
Stefan, are you concerned of not having this in 4.14 and 4.19?
Yes. The problematic scenario is when libtpms is updated to a version (future v0.8.0) that supports 3072 bit RSA keys and software inside a VM is using /dev/tpmrm0 and things start failing because of this. My hope would be that the distro run inside the VM has a way forward and the long term stable kernels seem to help here. Because of this scenario I have to delay the release of libtpms v0.8.0 for several months.
I just ported it to 4.19.139 and will try to do the port to 4.14.191++ as well. I will post it here once I ran some (basic) tests with it.
The porting is done and I tested the changes. The problem on these kernel versions is that I cannot recreate the problem (inside a VM).
On a host with libtpms-0.8.0 (tip of master) running a VM with attached vTPM and the guest running kernel 5.6.18-300.fc2 the following command line just hangs:
echo test | clevis encrypt tpm2 '{"key":"rsa"}' | clevis decrypt
dmesg shows:
tpm tpm0: tpm2_save_context: out of backing store
tpm2_commit_space: error -12
On these 4.14 and 4.19 kernels the expected output of 'test' just appears on the screen. The context swapping behavior seems to be different.
Though based on the benefits of the larger buffer size that may prevent unnecessary problems, if context swapping somehow kicks in, we should apply the patches there as well.
Stefan