diff for duplicates of <1525793785.3672.12.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index 5756dc9..9ad3e7f 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -10,29 +10,29 @@ On Tue, 2018-05-08 at 10:29 -0500, David R. Bild wrote: > > > > The platform hierarchy is essentially the "root" account of the > > > > TPM, so it's critical that those credentials be set before the > > > > TPM -> > > > is exposed to user-space. (The platform credentials aren't +> > > > is exposed to user-space. (The platform credentials aren't > > > > persisted in the TPM and must be set by the platform on every -> > > > boot.) If the driver registers the TPM before doing +> > > > boot.) If the driver registers the TPM before doing > > > > initialization, there's a chance that something else could > > > > access > > > > the TPM before the platform credentials get set. > > > > I don't see any reason to set an unreachable password for the > > platform -> > hierarchy if the UEFI didn't. If the desire is to disable the +> > hierarchy if the UEFI didn't. If the desire is to disable the > > platform > > hierarchy, then it should be disabled, not have a random password > > set. > > "Set random password and throw away the key" was my way of disabling -> the platform hierarchy. Is there a better way of doing that? +> the platform hierarchy. Is there a better way of doing that? Well, yes, use TPM2_HierarchyControl to set phEnable to CLEAR. > > I'd also say this is probably the job of early boot based on > > policy. > -> Agreed. And since this card has no "early boot", the driver/kernel +> Agreed. And since this card has no "early boot", the driver/kernel > need to do it. Early boot means userspace. for a hot pluggable device, this would @@ -40,3 +40,7 @@ probably be something in udev if you follow the no-daemon model and the daemon could do it if you do follow the daemon model. James +--- +To unsubscribe from this list: send the line "unsubscribe linux-usb" in +the body of a message to majordomo@vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index d60c21f..9fe40ae 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,12 +1,5 @@ - "ref\020180430125418.31344-1-david.bild@xaptum.com\0" - "ref\020180504130022.5231-3-david.bild@xaptum.com\0" - "ref\020180504190638.ikqhdvcqccakzdjd@ziepe.ca\0" - "ref\0CAAi9uDvyzk1vnQVXkJxRCATy85g4nwMLJjqu6rr1YZn9NV_TYw@mail.gmail.com\0" - "ref\020180508105515.GB6132@linux.intel.com\0" - "ref\01525793148.3672.8.camel@HansenPartnership.com\0" - "ref\0CAAi9uDvgd5+d5fNbSGEeEVvdHLzwid6SqC0BVA3BPXkFWR4ooQ@mail.gmail.com\0" "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" - "Subject\0Re: [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM\0" + "Subject\0[v3,2/2] usb: misc: xapea00x: perform platform initialization of TPM\0" "Date\0Tue, 08 May 2018 08:36:25 -0700\0" "To\0David R. Bild <david.bild@xaptum.com>\0" "Cc\0Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>" @@ -30,35 +23,39 @@ "> > > > The platform hierarchy is essentially the \"root\" account of the\n" "> > > > TPM, so it's critical that those credentials be set before the\n" "> > > > TPM\n" - "> > > > is exposed to user-space. (The platform credentials aren't\n" + "> > > > is exposed to user-space.\302\240\302\240(The platform credentials aren't\n" "> > > > persisted in the TPM and must be set by the platform on every\n" - "> > > > boot.) If the driver registers the TPM before doing\n" + "> > > > boot.)\302\240\302\240If the driver registers the TPM before doing\n" "> > > > initialization, there's a chance that something else could\n" "> > > > access\n" "> > > > the TPM before the platform credentials get set.\n" "> > \n" "> > I don't see any reason to set an unreachable password for the\n" "> > platform\n" - "> > hierarchy if the UEFI didn't. If the desire is to disable the\n" + "> > hierarchy if the UEFI didn't.\302\240\302\240If the desire is to disable the\n" "> > platform\n" "> > hierarchy, then it should be disabled, not have a random password\n" "> > set.\n" "> \n" "> \"Set random password and throw away the key\" was my way of disabling\n" - "> the platform hierarchy. Is there a better way of doing that?\n" + "> the platform hierarchy.\302\240\302\240Is there a better way of doing that?\n" "\n" "Well, yes, use TPM2_HierarchyControl to set phEnable to CLEAR.\n" "\n" "> > I'd also say this is probably the job of early boot based on\n" "> > policy.\n" "> \n" - "> Agreed. And since this card has no \"early boot\", the driver/kernel\n" + "> Agreed.\302\240\302\240And since this card has no \"early boot\", the driver/kernel\n" "> need to do it.\n" "\n" "Early boot means userspace. for a hot pluggable device, this would\n" "probably be something in udev if you follow the no-daemon model and the\n" "daemon could do it if you do follow the daemon model.\n" "\n" - James + "James\n" + "---\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-usb\" in\n" + "the body of a message to majordomo@vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -a77e11b7779d92c8c6520430897948677821db45e604faf8067f2713776ae5ef +e6a29cdf132356db0aca63e619388e88f31aa66d9daa467ae2014afc49df1642
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.