From: jarkko.sakkinen@linux.intel.com (Jarkko Sakkinen)
To: linux-security-module@vger.kernel.org
Subject: [tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed
Date: Sat, 2 Sep 2017 13:20:11 +0300 [thread overview]
Message-ID: <20170902102011.j77dpzuiabm2tn5l@linux.intel.com> (raw)
In-Reply-To: <d284fb46422f468cb2e5c70d3836be69@MUCSE603.infineon.com>
On Thu, Aug 31, 2017 at 04:18:42PM +0000, Alexander.Steffen at infineon.com wrote:
> > I guess Alexander should be able to propose such subset.
>
> For scenario #1 you could probably come up with a list of commands
> that are generally useful. But once you are restricted to those five
> commands, you block iterative debugging of the "I see where the
> problem might be, could you try to execute ..." fashion by requiring
> the other person to patch and rebuild their kernel.
If the subset turns out to be wrong, it can be revisited.
> For scenario #2 I see no chance to do that in a generic way. I could
> maybe tell you what the commands in this mode currently look like for
> Infineon TPMs, so that they can be whitelisted, but they might look
> different in the future and they are certainly different for other
> vendor's implementations.
It's easy to check whether a command is vendor specific and allow to
pass those through.
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
WARNING: multiple messages have this Message-ID (diff)
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Alexander.Steffen@infineon.com
Cc: msuchanek@suse.de, linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net
Subject: Re: [tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed
Date: Sat, 2 Sep 2017 13:20:11 +0300 [thread overview]
Message-ID: <20170902102011.j77dpzuiabm2tn5l@linux.intel.com> (raw)
In-Reply-To: <d284fb46422f468cb2e5c70d3836be69@MUCSE603.infineon.com>
On Thu, Aug 31, 2017 at 04:18:42PM +0000, Alexander.Steffen@infineon.com wrote:
> > I guess Alexander should be able to propose such subset.
>
> For scenario #1 you could probably come up with a list of commands
> that are generally useful. But once you are restricted to those five
> commands, you block iterative debugging of the "I see where the
> problem might be, could you try to execute ..." fashion by requiring
> the other person to patch and rebuild their kernel.
If the subset turns out to be wrong, it can be revisited.
> For scenario #2 I see no chance to do that in a generic way. I could
> maybe tell you what the commands in this mode currently look like for
> Infineon TPMs, so that they can be whitelisted, but they might look
> different in the future and they are certainly different for other
> vendor's implementations.
It's easy to check whether a command is vendor specific and allow to
pass those through.
/Jarkko
next prev parent reply other threads:[~2017-09-02 10:20 UTC|newest]
Thread overview: 42+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-08-24 8:37 [PATCH RESEND 0/3] Export broken TPMs to user space Alexander Steffen
[not found] ` <20170824083714.10016-1-Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w@public.gmane.org>
2017-08-24 8:37 ` [PATCH RESEND 1/3] tpm-chip: Move idr_replace calls to appropriate places Alexander Steffen
2017-08-25 17:25 ` Jarkko Sakkinen
2017-08-25 17:25 ` Jarkko Sakkinen
2017-08-28 17:18 ` Alexander.Steffen at infineon.com
2017-08-28 17:18 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-08-24 8:37 ` [PATCH RESEND 2/3] tpm-chip: Return TPM error codes from auto_startup functions Alexander Steffen
[not found] ` <20170824083714.10016-3-Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w@public.gmane.org>
2017-08-25 17:06 ` Jarkko Sakkinen
[not found] ` <20170825170607.wfnr5y5zres2n42r-VuQAYsv1563Yd54FQh9/CA@public.gmane.org>
2017-08-29 12:11 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-08-24 8:37 ` [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed Alexander Steffen
2017-08-25 17:20 ` Jarkko Sakkinen
2017-08-25 17:20 ` Jarkko Sakkinen
2017-08-28 17:15 ` Alexander.Steffen at infineon.com
2017-08-28 17:15 ` Alexander.Steffen-d0qZbvYSIPpWk0Htik3J/w
2017-08-29 12:55 ` Jarkko Sakkinen
2017-08-29 12:55 ` Jarkko Sakkinen
2017-08-29 13:17 ` [tpmdd-devel] " Michal Suchánek
2017-08-29 13:17 ` Michal Suchánek
2017-08-29 13:53 ` Peter Huewe
2017-08-29 13:53 ` Peter Huewe
2017-08-30 10:26 ` [tpmdd-devel] " Jarkko Sakkinen
2017-08-30 10:26 ` Jarkko Sakkinen
2017-08-30 10:15 ` Jarkko Sakkinen
2017-08-30 10:15 ` Jarkko Sakkinen
2017-08-30 10:20 ` [tpmdd-devel] " Jarkko Sakkinen
2017-08-30 10:20 ` Jarkko Sakkinen
2017-08-30 10:34 ` Michal Suchánek
2017-08-30 10:34 ` Michal Suchánek
2017-08-30 11:07 ` Jarkko Sakkinen
2017-08-30 11:07 ` Jarkko Sakkinen
2017-08-31 16:18 ` Alexander.Steffen at infineon.com
2017-08-31 16:18 ` Alexander.Steffen
2017-09-02 10:20 ` Jarkko Sakkinen [this message]
2017-09-02 10:20 ` Jarkko Sakkinen
2017-08-30 10:41 ` Peter Huewe
2017-08-30 10:41 ` Peter Huewe
2017-08-30 11:10 ` [tpmdd-devel] " Jarkko Sakkinen
2017-08-30 11:10 ` Jarkko Sakkinen
2017-08-31 16:26 ` Alexander.Steffen at infineon.com
2017-08-31 16:26 ` Alexander.Steffen
2017-09-02 10:24 ` Jarkko Sakkinen
2017-09-02 10:24 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170902102011.j77dpzuiabm2tn5l@linux.intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=linux-security-module@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.