linux/drivers/char/tpm
Mario Limonciello f1324bbc40 tpm: disable hwrng for fTPM on some AMD designs
AMD has issued an advisory indicating that having fTPM enabled in
BIOS can cause "stuttering" in the OS.  This issue has been fixed
in newer versions of the fTPM firmware, but it's up to system
designers to decide whether to distribute it.

This issue has existed for a while, but is more prevalent starting
with kernel 6.1 because commit b006c439d5 ("hwrng: core - start
hwrng kthread also for untrusted sources") started to use the fTPM
for hwrng by default. However, all uses of /dev/hwrng result in
unacceptable stuttering.

So, simply disable registration of the defective hwrng when detecting
these faulty fTPM versions.  As this is caused by faulty firmware, it
is plausible that such a problem could also be reproduced by other TPM
interactions, but this hasn't been shown by any user's testing or reports.

It is hypothesized to be triggered more frequently by the use of the RNG
because userspace software will fetch random numbers regularly.

Intentionally continue to register other TPM functionality so that users
that rely upon PCR measurements or any storage of data will still have
access to it.  If it's found later that another TPM functionality is
exacerbating this problem a module parameter it can be turned off entirely
and a module parameter can be introduced to allow users who rely upon
fTPM functionality to turn it on even though this problem is present.

Link: https://www.amd.com/en/support/kb/faq/pa-410
Link: https://bugzilla.kernel.org/show_bug.cgi?id=216989
Link: https://lore.kernel.org/all/20230209153120.261904-1-Jason@zx2c4.com/
Fixes: b006c439d5 ("hwrng: core - start hwrng kthread also for untrusted sources")
Cc: stable@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>
Cc: Thorsten Leemhuis <regressions@leemhuis.info>
Cc: James Bottomley <James.Bottomley@hansenpartnership.com>
Tested-by: reach622@mailcuk.com
Tested-by: Bell <1138267643@qq.com>
Co-developed-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Signed-off-by: Mario Limonciello <mario.limonciello@amd.com>
Reviewed-by: Jarkko Sakkinen <jarkko@kernel.org>
Signed-off-by: Jarkko Sakkinen <jarkko@kernel.org>
2023-03-12 23:28:10 +02:00
..
eventlog tpm/eventlog: Don't abort tpm_read_log on faulty ACPI address 2023-03-12 23:28:10 +02:00
st33zp24 tpm: st33zp24: Convert to i2c's .probe_new() 2023-02-13 10:11:20 +02:00
Kconfig tpm: Add tpm_tis_i2c backend for tpm_tis_core 2022-08-03 23:56:20 +03:00
Makefile tpm: Add tpm_tis_i2c backend for tpm_tis_core 2022-08-03 23:56:20 +03:00
tpm1-cmd.c tpm: Add upgrade/reduced mode support for TPM1.2 modules 2022-08-03 23:56:19 +03:00
tpm2-cmd.c tpm: add vendor flag to command code validation 2023-02-13 10:11:20 +02:00
tpm2-space.c tpm: use try_get_ops() in tpm-space.c 2022-03-10 01:47:25 +02:00
tpm_atmel.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
tpm_atmel.h treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
tpm_crb.c tpm_crb: Add support for CRB devices based on Pluton 2023-02-13 10:10:52 +02:00
tpm_ftpm_tee.c tpm/tpm_ftpm_tee: Fix error handling in ftpm_mod_init() 2022-12-08 16:20:47 +00:00
tpm_ftpm_tee.h tpm/tpm_ftpm_tee: A driver for firmware TPM running inside TEE 2019-09-02 17:08:35 +03:00
tpm_i2c_atmel.c tpm: tpm_i2c_atmel: Convert to i2c's .probe_new() 2023-02-13 10:11:20 +02:00
tpm_i2c_infineon.c tpm: tpm_i2c_infineon: Convert to i2c's .probe_new() 2023-02-13 10:11:20 +02:00
tpm_i2c_nuvoton.c tpm: tpm_i2c_nuvoton: Convert to i2c's .probe_new() 2023-02-13 10:11:20 +02:00
tpm_ibmvtpm.c tpm: ibmvtpm: Correct the return value in tpm_ibmvtpm_probe() 2022-05-23 18:47:49 +03:00
tpm_ibmvtpm.h tpm: ibmvtpm: Avoid error message when process gets signal while waiting 2021-08-23 19:55:42 +03:00
tpm_infineon.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
tpm_nsc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
tpm_ppi.c char: move from strlcpy with unused retval to strscpy 2022-10-05 00:25:56 +03:00
tpm_tis_core.c tpm: Add flag to use default cancellation policy 2022-12-08 16:20:47 +00:00
tpm_tis_core.h tpm: Add flag to use default cancellation policy 2022-12-08 16:20:47 +00:00
tpm_tis_i2c_cr50.c i2c: Make remove callback return void 2022-08-16 12:46:26 +02:00
tpm_tis_i2c.c tpm: tis_i2c: Convert to i2c's .probe_new() 2023-02-13 10:11:20 +02:00
tpm_tis_spi_cr50.c tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops 2022-05-23 18:47:49 +03:00
tpm_tis_spi_main.c tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops 2022-05-23 18:47:49 +03:00
tpm_tis_spi.h tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops 2022-05-23 18:47:49 +03:00
tpm_tis_synquacer.c tpm: Remove read16/read32/write32 calls from tpm_tis_phy_ops 2022-05-23 18:47:49 +03:00
tpm_tis.c tpm: tpm_tis: Add the missed acpi_put_table() to fix memory leak 2022-12-08 16:20:47 +00:00
tpm_vtpm_proxy.c tpm: vtpm_proxy: Check length to avoid compiler warning 2022-02-27 10:58:04 -08:00
tpm-chip.c tpm: disable hwrng for fTPM on some AMD designs 2023-03-12 23:28:10 +02:00
tpm-dev-common.c timers: Get rid of del_singleshot_timer_sync() 2022-11-24 15:09:10 +01:00
tpm-dev.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
tpm-dev.h tpm: Handle negative priv->response_len in tpm_common_read() 2020-01-08 18:11:09 +02:00
tpm-interface.c tpm: Allow system suspend to continue when TPM suspend fails 2023-01-06 14:25:19 -08:00
tpm-sysfs.c tpm: Add Upgrade/Reduced mode support for TPM2 modules 2022-01-09 00:18:47 +02:00
tpm.h tpm: disable hwrng for fTPM on some AMD designs 2023-03-12 23:28:10 +02:00
tpmrm-dev.c tpm: Unify the mismatching TPM space buffer sizes 2020-07-24 09:26:23 +03:00
xen-tpmfront.c xen: make remove callback of xen driver void returned 2022-12-15 16:06:10 +01:00