From: Jason Gunthorpe <jgunthorpe-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
To: "Fuchs,
Andreas"
<andreas.fuchs-iXjGqz/onsDSyEMIgutvibNAH6kLmebB@public.gmane.org>
Cc: Ken Goldman <kgoldman-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>,
"tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org"
<tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org>
Subject: Re: Question on Linux TSS architecture design (kernel vs. user space access)
Date: Tue, 5 Jan 2016 10:39:11 -0700 [thread overview]
Message-ID: <20160105173911.GC16269@obsidianresearch.com> (raw)
In-Reply-To: <9F48E1A823B03B4790B7E6E69430724DA58784A8-wI35/lLZEdRyXeJKmmMAp2SU2VBt9E6NG9Ur7JDdleE@public.gmane.org>
On Tue, Jan 05, 2016 at 09:43:04AM +0000, Fuchs, Andreas wrote:
> The current semantics of a ResoureManager does not include the concept of
> dup()'ing application contexts or concurrent access to session or
> key objects
Don't worry about this. The singleton context is the struct file in
the kernel, and it is never copied or dup'd.
How user space uses the struct file from multiple threads/processes
sanely is a different question the kernel doesn't have to answer.
> Side-Question: how does the current tpm-fd handle fork() and dup() ? Since it is
> single access only as well ?
It is not really single access.
>From a uapi perspective the question is how do you design the char dev
to be useful in a threaded scenario.
The current uapi is write,poll,read which cannot be run concurrently,
but does allow a multiplex'd sleep for long operations.
An alternative would be a synchronous ioctl which would be safe in a
multi-threaded environment but not no longer pollable.
In any event, it is up to the application to ensure different
threads/processes do not step on each other from a TPM spec
perspective. That is not something the kernel need to worry about.
As I've said to Ken, the starting place for any work, and the natural
first patch, should be a new uapi that allows unprivileged access to
the TPMs. An obvious trivial starting point is to enable the obviously
safe commands like get capability and get random. Progressively build
up more capabilities from that point.
Jason
------------------------------------------------------------------------------
next prev parent reply other threads:[~2016-01-05 17:39 UTC|newest]
Thread overview: 40+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-13 15:42 [PATCH v2 0/3] TPM 2.0 trusted key features for v4.5 Jarkko Sakkinen
2015-12-13 15:42 ` Jarkko Sakkinen
2015-12-13 15:42 ` Jarkko Sakkinen
2015-12-13 15:42 ` [PATCH v2 1/3] keys, trusted: fix: *do not* allow duplicate key options Jarkko Sakkinen
2015-12-14 13:46 ` Mimi Zohar
2015-12-14 14:54 ` Jarkko Sakkinen
2015-12-13 15:42 ` [PATCH v2 2/3] keys, trusted: select hash algorithm for TPM2 chips Jarkko Sakkinen
2015-12-13 15:42 ` Jarkko Sakkinen
2015-12-13 15:42 ` [PATCH v2 3/3] keys, trusted: seal with a TPM2 authorization policy Jarkko Sakkinen
2015-12-14 13:49 ` Mimi Zohar
2015-12-14 14:56 ` Jarkko Sakkinen
[not found] ` <20151214095830.GA21291@intel.com>
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E682BF197@ABGEX74E.FSC.NET>
[not found] ` <20151214112501.GA26100@intel.com>
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E682BF19D@ABGEX74E.FSC.NET>
[not found] ` <20151215233237.GA31965@obsidianresearch.com>
[not found] ` <201512161652.tBGGqWPG019442@d03av04.boulder.ibm.com>
[not found] ` <20151216171633.GB32594@obsidianresearch.com>
[not found] ` <201512161721.tBGHLqXh009986@d03av03.boulder.ibm.com>
[not found] ` <20151216174523.GC32594@obsidianresearch.com>
[not found] ` <201512161804.tBGI47vu000331@d01av02.pok.ibm.com>
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E69407545@ABGEX74E.FSC.NET>
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA5864641@EXCH2010A.sit.fraunhofer.de>
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA5864641-wI35/lLZEdT5yyJIIHUSGGSU2VBt9E6NG9Ur7JDdleE@public.gmane.org>
2015-12-18 0:57 ` Question on Linux TSS architecture design (kernel vs. user space access) Jason Gunthorpe
[not found] ` <201512171523.tBHFNlJ6013434@d03av03.boulder.ibm.com>
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA58648F1@EXCH2010A.sit.fraunhofer.de>
[not found] ` <201512171620.tBHGK3GE030569@d03av04.boulder.ibm.com>
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA586493C@EXCH2010A.sit.fraunhofer.de>
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA586493C-wI35/lLZEdT5yyJIIHUSGGSU2VBt9E6NG9Ur7JDdleE@public.gmane.org>
2015-12-18 10:06 ` Wilck, Martin
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E6940754C-bIoXcEM4pvRAuK1PVaBULA@public.gmane.org>
2015-12-18 10:51 ` Jarkko Sakkinen
[not found] ` <20151218105148.GA12882-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-12-18 10:53 ` Jarkko Sakkinen
[not found] ` <20151218105323.GB12882-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-12-18 11:09 ` Wilck, Martin
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E6940754D-bIoXcEM4pvRAuK1PVaBULA@public.gmane.org>
2015-12-18 11:41 ` Jarkko Sakkinen
[not found] ` <20151218114131.GA3287-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-12-18 14:10 ` Ken Goldman
2015-12-21 13:22 ` Fuchs, Andreas
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA586A57C-wI35/lLZEdRyXeJKmmMAp2SU2VBt9E6NG9Ur7JDdleE@public.gmane.org>
2015-12-21 14:23 ` Stefan Berger
2015-12-22 21:23 ` Jason Gunthorpe
[not found] ` <20151222212348.GB9461-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2015-12-23 15:02 ` Ken Goldman
2015-12-24 11:42 ` Jarkko Sakkinen
[not found] ` <20151224114241.GA5119-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-12-24 15:09 ` Ken Goldman
2016-01-02 20:39 ` Jason Gunthorpe
[not found] ` <20160102203957.GA19490-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2016-01-03 13:53 ` Jarkko Sakkinen
[not found] ` <20160103135346.GA4047-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-01-04 16:22 ` Fuchs, Andreas
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA5877E95-wI35/lLZEdRyXeJKmmMAp2SU2VBt9E6NG9Ur7JDdleE@public.gmane.org>
2016-01-04 18:19 ` Jarkko Sakkinen
[not found] ` <20160104181915.GA15908-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-01-04 20:06 ` Mimi Zohar
2016-01-05 9:43 ` Fuchs, Andreas
[not found] ` <9F48E1A823B03B4790B7E6E69430724DA58784A8-wI35/lLZEdRyXeJKmmMAp2SU2VBt9E6NG9Ur7JDdleE@public.gmane.org>
2016-01-05 13:13 ` Mimi Zohar
2016-01-05 17:39 ` Jason Gunthorpe [this message]
2015-12-22 6:59 ` Jarkko Sakkinen
[not found] ` <20151222065917.GB7867-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2016-01-04 16:07 ` Fuchs, Andreas
2016-01-07 21:07 ` TPM2 resource manager vendor specific commands Ken Goldman
[not found] ` <201512171533.tBHFXn35003792@d03av02.boulder.ibm.com>
[not found] ` <201512171533.tBHFXn35003792-nNA/7dmquNI+UXBhvPuGgqsjOiXwFzmk@public.gmane.org>
2015-12-18 11:21 ` Question on Linux TSS architecture design (kernel vs. user space access) Wilck, Martin
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E6940754E-bIoXcEM4pvRAuK1PVaBULA@public.gmane.org>
2015-12-18 11:51 ` Jarkko Sakkinen
[not found] ` <20151218115137.GA4774-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2015-12-18 11:57 ` Jarkko Sakkinen
2015-12-18 13:40 ` Stefan Berger
[not found] ` <C5A28EF7B98F574C85C70238C8E9ECC04E69407545-bIoXcEM4pvRAuK1PVaBULA@public.gmane.org>
2015-12-18 15:03 ` Kenneth Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160105173911.GC16269@obsidianresearch.com \
--to=jgunthorpe-epgobjl8dl3ta4ec/59zmfatqe2ktcn/@public.gmane.org \
--cc=andreas.fuchs-iXjGqz/onsDSyEMIgutvibNAH6kLmebB@public.gmane.org \
--cc=kgoldman-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org \
--cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.