From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: Daniel De Graaf <dgdegra@tycho.nsa.gov>
Cc: tpmdd-devel@lists.sourceforge.net,
Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, Rajiv Andrade <mail@srajiv.net>,
Sirrix AG <tpmdd@sirrix.com>
Subject: Re: [tpmdd-devel] [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c
Date: Mon, 23 Sep 2013 16:23:24 -0600 [thread overview]
Message-ID: <20130923222324.GA9533@obsidianresearch.com> (raw)
In-Reply-To: <5240BA0E.3000304@tycho.nsa.gov>
On Mon, Sep 23, 2013 at 06:00:46PM -0400, Daniel De Graaf wrote:
> In a PC client TPM, normal OS code (as opposed to firmware or microcode)
> is already restricted to locality 0-2. It may make sense to restrict
> locality 2 to the kernel, which would allow an in-kernel TPM seal
> command to be able to bind data so that userspace cannot unseal it.
> However, only allowing localities 0 and 1 to userspace may be too
> restrictive if userspace also wishes to use locality for separation,
> since locality 1 does not have the ability to reset any PCRs that
> locality 0 cannot also reset.
> The kernel could reserve only locality 1 for its own use, giving it the
> ability to seal data but not interfering with the ability to reset PCRs.
> This would be my preference, although it is less intuitive to allow code
> of lower privilege (userspace) to control the higher numbered locality
> 2.
This matches my vague understanding (we don't use localities here)
>> Perhaps a .config option would be useful to allow the system designer to
>> choose what, if any, locality to reserve for kernel use?
A runtime sysfs seems reasonable..
Would:
user_default_locality
kernel_default_locality
user_allowed_localities (bitmask)
supported_localities (bitmask)
a GET_LOCALITY/SET_LOCALITY IOCTL to change localities of an open'd
/dev/tpmX
Do the job?
At first glance anyhow. I wonder what in-kernel users would be
impacted by localities..
Any thoughts on root vs not-root? Would middelware want to use
localities?
Do you know anyone on the userspace SW side who could look at this?
Jason
next prev parent reply other threads:[~2013-09-23 22:23 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 18:14 [PATCH 00/13] TPM cleanup Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 01/13] tpm: ibmvtpm: Use %zd formatting for size_t format arguments Jason Gunthorpe
2013-10-01 21:58 ` Peter Hüwe
2013-10-02 19:37 ` [tpmdd-devel] " Ashley D Lai
2013-09-23 18:14 ` [PATCH 02/13] tpm atmel: Call request_region with the correct base Jason Gunthorpe
[not found] ` <201310020000.13490.PeterHuewe@gmx.de>
2013-10-03 0:11 ` [tpmdd-devel] " Ashley D Lai
2013-10-03 4:36 ` Jason Gunthorpe
2013-10-04 17:21 ` Joel Schopp
2013-09-23 18:14 ` [PATCH 03/13] tpm: xen-tpmfront: Fix default durations Jason Gunthorpe
2013-09-23 18:51 ` Konrad Rzeszutek Wilk
2013-09-23 18:57 ` Daniel De Graaf
2013-09-23 18:14 ` [PATCH 04/13] tpm: Store devname in the tpm_chip Jason Gunthorpe
2013-10-04 15:57 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 05/13] tpm: Use container_of to locate the tpm_chip in tpm_open Jason Gunthorpe
2013-10-05 1:47 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 06/13] tpm: Remove redundant dev_set_drvdata Jason Gunthorpe
2013-10-05 2:14 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 07/13] tpm: Remove tpm_show_caps_1_2 Jason Gunthorpe
[not found] ` <201310020009.22952.PeterHuewe@gmx.de>
2013-10-01 22:21 ` Jason Gunthorpe
2013-10-01 22:38 ` [tpmdd-devel] " Peter Hüwe
2013-09-23 18:14 ` [PATCH 08/13] tpm: Pull everything related to /dev/tpmX into tpm-dev.c Jason Gunthorpe
2013-10-01 22:52 ` Peter Hüwe
2013-10-01 22:57 ` Jason Gunthorpe
2013-10-01 23:14 ` Peter Hüwe
2013-10-01 23:23 ` Jason Gunthorpe
2013-10-03 5:05 ` Jason Gunthorpe
2013-10-04 15:50 ` TPM.ko module rename (was tpm: Pull everything related to /dev/tpmX into tpm-dev.c) Peter Hüwe
2013-10-04 16:28 ` Jason Gunthorpe
2013-10-04 16:45 ` Ashley Lai
2013-09-23 18:14 ` [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c Jason Gunthorpe
2013-09-23 18:54 ` [tpmdd-devel] " Daniel De Graaf
2013-09-23 19:36 ` Jason Gunthorpe
2013-09-23 20:20 ` Daniel De Graaf
2013-09-23 20:42 ` Jason Gunthorpe
2013-09-23 22:00 ` Daniel De Graaf
2013-09-23 22:23 ` Jason Gunthorpe [this message]
2013-09-24 14:28 ` Daniel De Graaf
2013-09-30 18:10 ` Jason Gunthorpe
2013-09-30 20:36 ` Daniel De Graaf
2013-09-30 21:20 ` Jason Gunthorpe
2013-09-30 22:09 ` Joel Schopp
2013-10-04 17:08 ` Jason Gunthorpe
2013-10-04 19:17 ` Stefan Berger
2013-10-04 22:02 ` Peter Hüwe
2013-10-07 15:06 ` Daniel De Graaf
2013-10-08 9:15 ` AW: [TrouSerS-tech] " Fuchs, Andreas
2013-10-09 17:38 ` Jason Gunthorpe
2013-10-10 7:42 ` AW: " Fuchs, Andreas
2013-10-10 16:50 ` Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 10/13] tpm: Create a tpm_class_ops structure and use it in the drivers Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 11/13] tpm: Use the ops structure instead of a copy in tpm_vendor_specific Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 12/13] tpm: st33: Remove chip->data_buffer access from this driver Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 13/13] tpm: Make tpm-dev allocate a per-file structure Jason Gunthorpe
2013-09-23 21:27 ` [tpmdd-devel] [PATCH 00/13] TPM cleanup Joel Schopp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20130923222324.GA9533@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=dgdegra@tycho.nsa.gov \
--cc=leosilva@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@srajiv.net \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@sirrix.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.