[Feature] TPM2.0 kernel support

Do we references for the upstream commits to confirm we have this in our Vivid 15.04 kernel?

For tpm 2.0 basic kernel support, it has landed into 4.0 kenrel.
aec04cb tpm: TPM 2.0 FIFO Interface
30fc8d1 tpm: TPM 2.0 CRB Interface
7a1d7e6 tpm: TPM 2.0 baseline support
313d21e tpm: device class for tpm
71ed848 tpm: rename chip->dev to chip->pdev
0dc5536 tpm: fix raciness of PPI interface lookup
afb5abc tpm: two-phase chip management functions
87155b7 tpm: merge duplicate transmit_cmd() functions
1a0f1b2 tpm_ibmvtpm: Update email address in maintainers list and ibmvtpm driver
67fe941 tpm/tpm_i2c_stm_st33: Fix coccinelle warnings. Possible NULL pointer dereference
f2f083b tpm/tpm_i2c_stm_st33: Increment driver version to 1.2.1.
00820e8 tpm/tpm_i2c_stm_st33: Remove useless i2c read on interrupt registers
c3804b8 tpm/tpm_i2c_stm_st33: Interrupt management improvement
8dcd198 tpm/tpm_i2c_stm_st33: Few code cleanup
e8f6f3b tpm/tpm_i2c_stm_st33/dts/st33zp24_i2c: Add DTS Documentation
c36b1b2 tpm/tpm_i2c_stm_st33: Add devicetree structure
875edad tpm/tpm_i2c_stm_st33: Replace tpm_st33_* function with tpm_stm_*
ca16b76 tpm/tpm_i2c_stm_st33: Replace err/rc/ret by ret for a function return code
76182b6 tpm/tpm_i2c_stm_st33: Remove reference to io_serirq
b9626f3 tpm/tpm_i2c_stm_st33: Add new tpm_stm_dev structure and remove tpm_i2c_buffer[0], [1] buffer.
2dbca75 tpm/tpm_i2c_stm_st33: Move tpm registers to tpm_i2c_stm_st33.c
7500c4b tpm/tpm_i2c_stm_st33: Fix few coding style error reported by scripts/checkpatch.pl
642d2be tpm/tpm_i2c_stm_st33: Change License header to have up to date address information
578aa13 tpm/tpm_i2c_stm_st33: Update Kconfig in order to be inline to other similar product
1ba3b0b tpm/tpm_i2c_stm_st33: Fix potential bug in tpm_stm_i2c_send
2dfc2de char: tpm: Deletion of unnecessary checks before the function call "tpm_dev_vendor_release"
9fd8e5a tpm: remove unnecessary sizeof(u8)
84eb186 tpm: Fix NULL return in tpm_ibmvtpm_get_desired_dma
448e9c5 tpm_tis: verify interrupt during init
bb95cd3 char: tpm: Add missing error check for devm_kzalloc
398a1e7 TPM: Add new TPMs to the tail of the list to prevent inadvertent change of dev

Thanks Xiong,

Given the amount of patches required to backport and enable TPM 2.0 support, I'd prefer if we could postpone this feature until 15.10. Especially since I don't believe this is a hard requirement for some of our partners.

Actually we have had OEM requests for TPM 2.0 support with SKL. Would it be possible to target 15.04?

Since currently user space tools as TSS2/tpm2-tools isn't ready and the plan for this tools is late Q2, without this user space components, we really don't have a TPM 2.0 solution. So I agree with Leann to postpone TPM 2.0 support to 15.10.

Any recent status updates for TPM 2.0?

response I received when asking if there is any status update:
>The honest answer: no . There is only one active maintainer:
>Peter Hüwe. I haven't heard about him for a while now. He doesn't do
>the maintaining on paid time. That's why things are not progressing.
>
>And yes, this is a real problem because we cannot plan and schedule
>anything properly.

For sysfs attributes in 4.4:
b8e98dc tpm: update PPI documentation to address the location change.
9b774d5 tpm: move the PPI attributes to character device directory.
37c1c04 sysfs: added __compat_only_sysfs_link_entry_to_kobj()

For trusted keys in v4.5
5beb0c4 keys, trusted: seal with a TPM2 authorization policy
5ca4c20 keys, trusted: select hash algorithm for TPM2 chips
5208cc8 keys, trusted: fix: *do not* allow duplicate key options

This bug was fixed in the package linux - 4.4.0-2.16

---------------
linux (4.4.0-2.16) xenial; urgency=low

  [ Andy Whitcroft ]

  * Release Tracking Bug
    - LP: #1539090
  * SAUCE: hv: hv_set_ifconfig -- convert to python3
    - LP: #1506521
  * SAUCE: dm: introduce a target_ioctl op to allow target specific ioctls
    - LP: #1538618

  [ Colin Ian King ]

  * SAUCE: ACPI / tables: Add acpi_force_32bit_fadt_addr option to force 32
    bit FADT addresses (LP: #1529381)
    - LP: #1529381

  [ John Johansen ]

  * SAUCE: (no-up): apparmor: fix for failed mediation of socket that is
    being shutdown
    - LP: #1446906

  [ Mahesh Salgaonkar ]

  * SAUCE: Powernv: Remove the usage of PACAR1 from opal wrappers
    - LP: #1537881
  * SAUCE: powerpc/book3s: Fix TB corruption in guest exit path on HMI
    interrupt.
    - LP: #1537881
  * SAUCE: KVM: PPC: Book3S HV: Fix soft lockups in KVM on HMI for time
    base errors
    - LP: #1537881

  [ Paolo Pisati ]

  * SAUCE: arm64: errata: Add -mpc-relative-literal-loads to erratum
    #843419 build flags
    - LP: #1533009
  * [Config] MFD_TPS65217=y && REGULATOR_TPS65217=y
  * [Config] disable ARCH_ZX (ZTE ZX Soc)

  [ Tim Gardner ]

  * Revert "SAUCE: (noup) cxlflash: a couple off by one bugs"
  * SAUCE: (no-up) Update bnx2x firmware to 7.12.30.0
    - LP: #1536719
  * SAUCE: drop obsolete bnx2x firmware
  * SAUCE: i40e: Silence 'may be used uninitialized' warnings
    - LP: #1536474
  * [Config] CONFIG_ZONE_DMA=y for amd64 lowlatency
    - LP: #1534647
  * [Config] Add pvpanic to virtual flavour
    - LP: #1537923
  * [Config] CONFIG_INTEL_PUNIT_IPC=m, CONFIG_INTEL_TELEMETRY=m
    - LP: #1520457

  [ Upstream Kernel Changes ]

  * i40evf: fix compiler warning of unused variable
    - LP: #1536474
  * intel: i40e: fix confused code
    - LP: #1536474
  * i40e/i40evf: remove unused tunnel parameter
    - LP: #1536474
  * i40e: Change BUG_ON to WARN_ON in service event complete
    - LP: #1536474
  * i40e: remove BUG_ON from feature string building
    - LP: #1536474
  * i40e: remove BUG_ON from FCoE setup
    - LP: #1536474
  * i40e: Workaround fix for mss < 256 issue
    - LP: #1536474
  * i40e/i40evf: Add a stat to track how many times we have to do a force
    WB
    - LP: #1536474
  * i40e: Move the saving of old link info from handle_link_event to
    link_event
    - LP: #1536474
  * i40e/i40evf: Add comment to #endif
    - LP: #1536474
  * i40e/i40evf: clean up error messages
    - LP: #1536474
  * i40evf: handle many MAC filters correctly
    - LP: #1536474
  * i40e: return the number of enabled queues for ETHTOOL_GRXRINGS
    - LP: #1536474
  * i40e: rework the functions to configure RSS with similar parameters
    - LP: #1536474
  * i40e: create a generic configure rss function
    - LP: #1536474
  * i40e: Bump version to 1.4.2
    - LP: #1536474
  * i40e: add new fields to store user configuration
    - LP: #1536474
  * i40e: rename rss_size to alloc_rss_size in i40e_pf
    - LP: #1536474
  * i40e/i40evf: Fix RS bit update in Tx path and disable force WB
    workaround
    - LP: #1536474
  * i40e/i40evf: prefetch skb data on transmit
    - LP: #1536474
  * i40evf: rename VF adapter s...

Sorry, I have to add more commits for TPM 2.0 trusted keys.
In v4.5 kernel:
6674ff1 tpm_ibmvtpm: properly handle interrupted packet receptions
b8ba1e7 tpm_tis: Tighten IRQ auto-probing
e3837e7 tpm_tis: Refactor the interrupt setup
7ab4032 tpm_tis: Get rid of the duplicate IRQ probing code
2511204 tpm: rework tpm_get_timeouts()
036bb38 tpm_tis: Ensure interrupts are disabled when the driver starts
727f28b tpm_tis: Use devm_free_irq not free_irq
f728643 tpm_tis: further simplify calculation of ordinal duration

There are also some bug fixes patches queued in maintainer's tree for v4.6. Once 4.6-rc1 is released, we will give the commits.
If 16.04 couldn't wait for 4.6-rc1, 16.04 should pick this fixes at least which will be in 4.5.1 stable. https://git.kernel.org/cgit/linux/kernel/git/jmorris/linux-security.git/commit/?h=next&id=c0b5eed110dcf520aadafefbcc40658cbdd18b95

This bug was fixed in the package linux - 4.4.0-13.29

---------------
linux (4.4.0-13.29) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1556247

  * s390/mm: four page table levels vs. fork (LP: #1556141)
    - s390/mm: four page table levels vs. fork

  * [Hyper-V] network performance patches for Xenial 16.04 (LP: #1556037)
    - hv_netvsc: use skb_get_hash() instead of a homegrown implementation
    - hv_netvsc: cleanup netdev feature flags for netvsc

  * fails to boot on megaraid (LP: #1552903)
    - SAUCE: (noup) megaraid_sas: Don't issue kill adapter for MFI controllers in
      case of PD list DCMD failure

  * ALSA: hda - add codec support for Kabylake display audio codec (LP: #1556002)
    - ALSA: hda - add codec support for Kabylake display audio codec

  * Backport upstream bugfixes to ubuntu-16.04 (LP: #1555765)
    - cpufreq: powernv: Free 'chips' on module exit
    - cpufreq: powernv: Hot-plug safe the kworker thread
    - cpufreq: powernv: Remove cpu_to_chip_id() from hot-path
    - cpufreq: powernv/tracing: Add powernv_throttle tracepoint
    - cpufreq: powernv: Replace pr_info with trace print for throttle event
    - SAUCE: (noup) cpufreq: powernv: Fix bugs in powernv_cpufreq_{init/exit}

  * Linux netfilter IPT_SO_SET_REPLACE memory corruption (LP: #1555338)
    - SAUCE: [nf,v2] netfilter: x_tables: don't rely on well-behaving userspace

  * integer overflow in xt_alloc_table_info (LP: #1555353)
    - SAUCE: (noup) netfilter: x_tables: check for size overflow

  * linux: auto-generate the reconstruct information from the git tag (LP: #1555543)
    - [Packaging] reconstruct -- automatically reconstruct against base tag
    - [Config] reconstruct -- update to autoreconstruct output
    - [Packaging] reconstruct -- update when inserting final changes

  * Xenial update to v4.4.5 stable release (LP: #1555640)
    - use ->d_seq to get coherency between ->d_inode and ->d_flags
    - drivers: sh: Restore legacy clock domain on SuperH platforms
    - Btrfs: fix deadlock running delayed iputs at transaction commit time
    - btrfs: Fix no_space in write and rm loop
    - btrfs: async-thread: Fix a use-after-free error for trace
    - block: Initialize max_dev_sectors to 0
    - PCI: keystone: Fix MSI code that retrieves struct pcie_port pointer
    - parisc: Fix ptrace syscall number and return value modification
    - mips/kvm: fix ioctl error handling
    - kvm: x86: Update tsc multiplier on change.
    - fbcon: set a default value to blink interval
    - cifs: fix out-of-bounds access in lease parsing
    - CIFS: Fix SMB2+ interim response processing for read requests
    - Fix cifs_uniqueid_to_ino_t() function for s390x
    - vfio: fix ioctl error handling
    - KVM: x86: fix root cause for missed hardware breakpoints
    - arm/arm64: KVM: Fix ioctl error handling
    - iommu/amd: Apply workaround for ATS write permission check
    - iommu/amd: Fix boot warning when device 00:00.0 is not iommu covered
    - iommu/vt-d: Use BUS_NOTIFY_REMOVED_DEVICE in hotplug path
    - target: Fix WRITE_SAME/DISCARD conversion to linux 512b sectors
    - drm/ast: Fix incorrect register check for DRAM width
    - d...

Some tpm2.0 bug fix patches are missed v4.5 and delayed to v4.6:
2cb6d64 tpm_tis: fix build warning with tpm_tis_resume
99cda8c tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
30f9c8c tpm_crb/tis: fix: use dev_name() for /proc/iomem
186d124 tpm_eventlog.c: fix binary_bios_measurements
4f3b193 tpm: fix: return rc when devm_add_action() fails
c0b5eed tpm: fix: set continueSession attribute for the unseal operation
8e0ee3c tpm: fix the cleanup of struct tpm_chip
72c91ce tpm: fix the rollback in tpm_chip_register()
1bd047b tpm_crb: Use devm_ioremap_resource
1e3ed59 tpm_crb: Drop le32_to_cpu(ioread32(..))
0019482 tpm_tis: Clean up the force=1 module parameter
51dd43d tpm_tis: Use devm_ioremap_resource
4d627e6 tpm_tis: Do not fall back to a hardcoded address for TPM2
ef7b81d tpm_tis: Disable interrupt auto probing on a per-device basis
55a889c tpm_crb: Use the common ACPI definition of struct acpi_tpm2
f3c82ad tpm: fix checks for policy digest existence in tpm2_seal_trusted()
e5be990 tpm: remove unneeded include of actbl2.h

tpm: remove unneeded include of actbl2.h
tpm: fix checks for policy digest existence in tpm2_seal_trusted()
tpm_crb: Use the common ACPI definition of struct acpi_tpm2
tpm_tis: Disable interrupt auto probing on a per-device basis
tpm_tis: Do not fall back to a hardcoded address for TPM2
tpm_tis: Use devm_ioremap_resource
tpm_tis: Clean up the force=1 module parameter
tpm_crb: Drop le32_to_cpu(ioread32(..))
tpm_crb: Use devm_ioremap_resource
tpm: fix the rollback in tpm_chip_register()
tpm: fix the cleanup of struct tpm_chip
tpm: fix: set continueSession attribute for the unseal operation
tpm: fix: return rc when devm_add_action() fails
tpm_eventlog.c: fix binary_bios_measurements
tpm_crb/tis: fix: use dev_name() for /proc/iomem
tpm_crb: tpm2_shutdown() must be called before tpm_chip_unregister()
tpm_tis: fix build warning with tpm_tis_resume

This bug was fixed in the package linux - 4.4.0-18.34

---------------
linux (4.4.0-18.34) xenial; urgency=low

  [ Tim Gardner ]

  * Release Tracking Bug
    - LP: #1566868

  * [i915_bpo] Fix RC6 on SKL GT3 & GT4 (LP: #1564759)
    - SAUCE: i915_bpo: drm/i915/skl: Fix rc6 based gpu/system hang
    - SAUCE: i915_bpo: drm/i915/skl: Fix spurious gpu hang with gt3/gt4 revs

  * CONFIG_ARCH_ROCKCHIP not enabled in armhf generic kernel (LP: #1566283)
    - [Config] CONFIG_ARCH_ROCKCHIP=y

  * [Feature] Memory Bandwidth Monitoring (LP: #1397880)
    - perf/x86/cqm: Fix CQM handling of grouping events into a cache_group
    - perf/x86/cqm: Fix CQM memory leak and notifier leak
    - x86/cpufeature: Carve out X86_FEATURE_*
    - Merge branch 'timers-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
    - x86/topology: Create logical package id
    - perf/x86/mbm: Add Intel Memory B/W Monitoring enumeration and init
    - perf/x86/mbm: Add memory bandwidth monitoring event management
    - perf/x86/mbm: Implement RMID recycling
    - perf/x86/mbm: Add support for MBM counter overflow handling

  * User namespace mount updates (LP: #1566505)
    - SAUCE: quota: Require that qids passed to dqget() be valid and map into s_user_ns
    - SAUCE: fs: Allow superblock owner to change ownership of inodes with unmappable ids
    - SAUCE: fuse: Don't initialize user_id or group_id in mount options
    - SAUCE: cgroup: Use a new super block when mounting in a cgroup namespace
    - SAUCE: fs: fix a posible leak of allocated superblock

  * [arm64] kernel BUG at /build/linux-StrpB2/linux-4.4.0/fs/ext4/inode.c:2394!
    (LP: #1566518)
    - arm64: Honour !PTE_WRITE in set_pte_at() for kernel mappings
    - arm64: Update PTE_RDONLY in set_pte_at() for PROT_NONE permission

  * [Feature]USB core and xHCI tasks for USB 3.1 SuperSpeedPlus (SSP) support
    for Alpine Ridge on SKL (LP: #1519623)
    - usb: define USB_SPEED_SUPER_PLUS speed for SuperSpeedPlus USB3.1 devices
    - usb: set USB 3.1 roothub device speed to USB_SPEED_SUPER_PLUS
    - usb: show speed "10000" in sysfs for USB 3.1 SuperSpeedPlus devices
    - usb: add device descriptor for usb 3.1 root hub
    - usb: Support USB 3.1 extended port status request
    - xhci: Make sure xhci handles USB_SPEED_SUPER_PLUS devices.
    - xhci: set roothub speed to USB_SPEED_SUPER_PLUS for USB3.1 capable controllers
    - xhci: USB 3.1 add default Speed Attributes to SuperSpeedPlus device capability
    - xhci: set slot context speed field to SuperSpeedPlus for USB 3.1 SSP devices
    - usb: Add USB3.1 SuperSpeedPlus Isoc Endpoint Companion descriptor
    - usb: Parse the new USB 3.1 SuperSpeedPlus Isoc endpoint companion descriptor
    - usb: Add USB 3.1 Precision time measurement capability descriptor support
    - xhci: refactor and cleanup endpoint initialization.
    - xhci: Add SuperSpeedPlus high bandwidth isoc support to xhci endpoints
    - xhci: cleanup isoc tranfers queuing code
    - xhci: Support extended burst isoc TRB structure used by xhci 1.1 for USB 3.1
    - SAUCE: (noup) usb: fix regression in SuperSpeed endpoint descriptor parsing

  * wrong/missing permissions for device f...