Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8cc748aa authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull security layer updates from James Morris:
 "Highlights:

   - Smack adds secmark support for Netfilter
   - /proc/keys is now mandatory if CONFIG_KEYS=y
   - TPM gets its own device class
   - Added TPM 2.0 support
   - Smack file hook rework (all Smack users should review this!)"

* 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: (64 commits)
  cipso: don't use IPCB() to locate the CIPSO IP option
  SELinux: fix error code in policydb_init()
  selinux: add security in-core xattr support for pstore and debugfs
  selinux: quiet the filesystem labeling behavior message
  selinux: Remove unused function avc_sidcmp()
  ima: /proc/keys is now mandatory
  Smack: Repair netfilter dependency
  X.509: silence asn1 compiler debug output
  X.509: shut up about included cert for silent build
  KEYS: Make /proc/keys unconditional if CONFIG_KEYS=y
  MAINTAINERS: email update
  tpm/tpm_tis: Add missing ifdef CONFIG_ACPI for pnp_acpi_device
  smack: fix possible use after frees in task_security() callers
  smack: Add missing logging in bidirectional UDS connect check
  Smack: secmark support for netfilter
  Smack: Rework file hooks
  tpm: fix format string error in tpm-chip.c
  char/tpm/tpm_crb: fix build error
  smack: Fix a bidirectional UDS connect check typo
  smack: introduce a special case for tmpfs in smack_d_instantiate()
  ...
parents 7184487f 04f81f01

Documentation/ABI/stable/sysfs-class-tpm

+11 −11
Original line number Diff line number Diff line 
What:		/sys/class/misc/tpmX/device/

What:		/sys/class/tpm/tpmX/device/

Date:		April 2005

KernelVersion:	2.6.12

Contact:	tpmdd-devel@lists.sf.net
@@ -6,7 +6,7 @@ Description: The device/ directory under a specific TPM instance exposes 
		the properties of that TPM chip





What:		/sys/class/misc/tpmX/device/active

What:		/sys/class/tpm/tpmX/device/active

Date:		April 2006

KernelVersion:	2.6.17

Contact:	tpmdd-devel@lists.sf.net
@@ -18,7 +18,7 @@ Description: The "active" property prints a '1' if the TPM chip is accepting 
		section 17 for more information on which commands are

		available.



What:		/sys/class/misc/tpmX/device/cancel

What:		/sys/class/tpm/tpmX/device/cancel

Date:		June 2005

KernelVersion:	2.6.13

Contact:	tpmdd-devel@lists.sf.net
@@ -26,7 +26,7 @@ Description: The "cancel" property allows you to cancel the currently 
		pending TPM command. Writing any value to cancel will call the

		TPM vendor specific cancel operation.



What:		/sys/class/misc/tpmX/device/caps

What:		/sys/class/tpm/tpmX/device/caps

Date:		April 2005

KernelVersion:	2.6.12

Contact:	tpmdd-devel@lists.sf.net
@@ -43,7 +43,7 @@ Description: The "caps" property contains TPM manufacturer and version info. 
		the chip supports. Firmware version is that of the chip and

		is manufacturer specific.



What:		/sys/class/misc/tpmX/device/durations

What:		/sys/class/tpm/tpmX/device/durations

Date:		March 2011

KernelVersion:	3.1

Contact:	tpmdd-devel@lists.sf.net
@@ -66,7 +66,7 @@ Description: The "durations" property shows the 3 vendor-specific values 
		scaled to be displayed in usecs. In this case "[adjusted]"

		will be displayed in place of "[original]".



What:		/sys/class/misc/tpmX/device/enabled

What:		/sys/class/tpm/tpmX/device/enabled

Date:		April 2006

KernelVersion:	2.6.17

Contact:	tpmdd-devel@lists.sf.net
@@ -75,7 +75,7 @@ Description: The "enabled" property prints a '1' if the TPM chip is enabled, 
		may be visible but produce a '0' after some operation that

		disables the TPM.



What:		/sys/class/misc/tpmX/device/owned

What:		/sys/class/tpm/tpmX/device/owned

Date:		April 2006

KernelVersion:	2.6.17

Contact:	tpmdd-devel@lists.sf.net
@@ -83,7 +83,7 @@ Description: The "owned" property produces a '1' if the TPM_TakeOwnership 
		ordinal has been executed successfully in the chip. A '0'

		indicates that ownership hasn't been taken.



What:		/sys/class/misc/tpmX/device/pcrs

What:		/sys/class/tpm/tpmX/device/pcrs

Date:		April 2005

KernelVersion:	2.6.12

Contact:	tpmdd-devel@lists.sf.net
@@ -106,7 +106,7 @@ Description: The "pcrs" property will dump the current value of all Platform 
		1.2 chips, PCRs represent SHA-1 hashes, which are 20 bytes

		long. Use the "caps" property to determine TPM version.



What:		/sys/class/misc/tpmX/device/pubek

What:		/sys/class/tpm/tpmX/device/pubek

Date:		April 2005

KernelVersion:	2.6.12

Contact:	tpmdd-devel@lists.sf.net
@@ -158,7 +158,7 @@ Description: The "pubek" property will return the TPM's public endorsement 
		Modulus Length: 256 (bytes)

		Modulus:	The 256 byte Endorsement Key modulus



What:		/sys/class/misc/tpmX/device/temp_deactivated

What:		/sys/class/tpm/tpmX/device/temp_deactivated

Date:		April 2006

KernelVersion:	2.6.17

Contact:	tpmdd-devel@lists.sf.net
@@ -167,7 +167,7 @@ Description: The "temp_deactivated" property returns a '1' if the chip has 
		cycle. Whether a warm boot (reboot) will clear a TPM chip

		from a temp_deactivated state is platform specific.



What:		/sys/class/misc/tpmX/device/timeouts

What:		/sys/class/tpm/tpmX/device/timeouts

Date:		March 2011

KernelVersion:	3.1

Contact:	tpmdd-devel@lists.sf.net

Documentation/devicetree/bindings/security/tpm/st33zp24-i2c.txt

0 → 100644
+36 −0
Original line number Diff line number Diff line 
* STMicroelectronics SAS. ST33ZP24 TPM SoC



Required properties:

- compatible: Should be "st,st33zp24-i2c".

- clock-frequency: I²C work frequency.

- reg: address on the bus



Optional ST33ZP24 Properties:

- interrupt-parent: phandle for the interrupt gpio controller

- interrupts: GPIO interrupt to which the chip is connected

- lpcpd-gpios: Output GPIO pin used for ST33ZP24 power management D1/D2 state.

If set, power must be present when the platform is going into sleep/hibernate mode.



Optional SoC Specific Properties:

- pinctrl-names: Contains only one value - "default".

- pintctrl-0: Specifies the pin control groups used for this controller.



Example (for ARM-based BeagleBoard xM with ST33ZP24 on I2C2):



&i2c2 {



        status = "okay";



        st33zp24: st33zp24@13 {



                compatible = "st,st33zp24-i2c";



                reg = <0x13>;

                clock-frequency = <400000>;



                interrupt-parent = <&gpio5>;

                interrupts = <7 IRQ_TYPE_LEVEL_HIGH>;



                lpcpd-gpios = <&gpio5 15 GPIO_ACTIVE_HIGH>;

        };

};

Documentation/security/keys.txt

+0 −2
Original line number Diff line number Diff line
@@ -323,8 +323,6 @@ about the status of the key service: 
	U	Under construction by callback to userspace

	N	Negative key



     This file must be enabled at kernel configuration time as it allows anyone

     to list the keys database.



 (*) /proc/key-users

MAINTAINERS

+10 −2
Original line number Diff line number Diff line
@@ -4917,7 +4917,7 @@ F: drivers/ipack/ 


INTEGRITY MEASUREMENT ARCHITECTURE (IMA)

M:	Mimi Zohar <zohar@linux.vnet.ibm.com>

M:	Dmitry Kasatkin <d.kasatkin@samsung.com>

M:	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>

L:	linux-ima-devel@lists.sourceforge.net

L:	linux-ima-user@lists.sourceforge.net

L:	linux-security-module@vger.kernel.org
@@ -9817,13 +9817,21 @@ F: drivers/media/pci/tw68/ 


TPM DEVICE DRIVER

M:	Peter Huewe <peterhuewe@gmx.de>

M:	Ashley Lai <ashley@ashleylai.com>

M:	Marcel Selhorst <tpmdd@selhorst.net>

W:	http://tpmdd.sourceforge.net

L:	tpmdd-devel@lists.sourceforge.net (moderated for non-subscribers)

Q:	git git://github.com/PeterHuewe/linux-tpmdd.git

T:	https://github.com/PeterHuewe/linux-tpmdd

S:	Maintained

F:	drivers/char/tpm/



TPM IBM_VTPM DEVICE DRIVER

M:	Ashley Lai <ashleydlai@gmail.com>

W:	http://tpmdd.sourceforge.net

L:	tpmdd-devel@lists.sourceforge.net (moderated for non-subscribers)

S:	Maintained

F:	drivers/char/tpm/tpm_ibmvtpm*



TRACING

M:	Steven Rostedt <rostedt@goodmis.org>

M:	Ingo Molnar <mingo@redhat.com>

drivers/char/tpm/Kconfig

+12 −3
Original line number Diff line number Diff line
@@ -100,15 +100,15 @@ config TCG_IBMVTPM 
	  will be accessible from within Linux.  To compile this driver

	  as a module, choose M here; the module will be called tpm_ibmvtpm.



config TCG_ST33_I2C

	tristate "STMicroelectronics ST33 I2C TPM"

config TCG_TIS_I2C_ST33

	tristate "TPM Interface Specification 1.2 Interface (I2C - STMicroelectronics)"

	depends on I2C

	depends on GPIOLIB

	---help---

	  If you have a TPM security chip from STMicroelectronics working with

	  an I2C bus say Yes and it will be accessible from within Linux.

	  To compile this driver as a module, choose M here; the module will be

	  called tpm_stm_st33_i2c.

	  called tpm_i2c_stm_st33.



config TCG_XEN

	tristate "XEN TPM Interface"
@@ -122,4 +122,13 @@ config TCG_XEN 
	  To compile this driver as a module, choose M here; the module

	  will be called xen-tpmfront.



config TCG_CRB

	tristate "TPM 2.0 CRB Interface"

	depends on X86 && ACPI

	---help---

	  If you have a TPM security chip that is compliant with the

	  TCG CRB 2.0 TPM specification say Yes and it will be accessible

	  from within Linux.  To compile this driver as a module, choose

	  M here; the module will be called tpm_crb.



endif # TCG_TPM