Re: TPM 2.0 Linux sysfs interface

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Petr Vorel <pvorel@suse.cz>
To: "Piotr Król" <piotr.krol@3mdeb.com>
Cc: Mimi Zohar <zohar@linux.ibm.com>,
	linux-integrity@vger.kernel.org,
	Ken Goldman <kgold@linux.ibm.com>
Subject: Re: TPM 2.0 Linux sysfs interface
Date: Thu, 29 Aug 2019 09:32:46 +0200	[thread overview]
Message-ID: <20190829073246.GA28007@dell5510> (raw)
In-Reply-To: <e8b2496b-7d53-f9d7-f2b7-779b87a4132a@3mdeb.com>

Hi Piotr,

...
> >> Why is this important?
> >> - there seem to be no default method to distinguish if we dealing with
> >> TPM 1.2 or 2.0 in the system. 

> > Agreed, this affects both the LTP IMA tests and ima-evm-utils package,
> > which need to support both TPM 1.2 and 2.0 for the forseeable future.
> > The LTP IMA tests check different sysfs files to determine if it is
> > TPM 1.2 or TPM 2.0 (eg. /sys/class/tpm/tpm0/device/description,
> > /sys/class/tpm/tpm0/device/pcrs and /sys/class/misc/tpm0/device/pcrs),
> > but the "description" file is not defined by all TPM 2.0's.  It
> > shouldn't be that difficult to define a single common sysfs file.

> Thank you for that use cases I will point to that during LPC discussion.
Thanks.

> Jarkko said that what he potential can cope with is:
> /sys/class/tpm/tpm0/protocol_major

> But maybe version file is also good to go, depends what it should return
> and how that information should be obtained for various TPM versions.

...
> I'm still looking into use case to provide correct examples. I'm
> thinking about edge computing devices e.g. Azure IoT Edge, AWS IoT and
> Greengrass and its ability to perform trusted boot, but do not have
> something well exercised yet.

> Definitely there is automatic validation of hardware modules which is
> time sensitive and faster access to basic functions verification, then
> more savings to manufacturer.

> For research purposes I tried couple queries on GitHub to check who use
> pcrs throughs sysfs [1][2]. Among others you can find CoreOS, Android,
> already mentioned LTP, some google projects. Quite a lot of user space
> code to be fixed. Maybe if I will have enough time I will prepare
> statistics about usage of given endpoints to quantify how those affect
> system.
BTW: codesearch.debian.net shows nothing using pcrs in whole
Debian distro [3] [4], nothing is on gitlab either.

> [1]
> https://github.com/search?q=%22%2Fsys%2Fclass%2Ftpm%2Ftpm0%2Fdevice%2Fpcrs%22&type=Code
> [2]
> https://github.com/search?q=%22%2Fsys%2Fclass%2Fmisc%2Ftpm0%2Fdevice%2Fpcrs%22&type=Code
[3] https://codesearch.debian.net/search?q=%2Fsys%2Fclass%2Ftpm%2Ftpm0%2Fdevice%2Fpcrs&literal=1
[4] https://codesearch.debian.net/search?q=%2Fsys%2Fclass%2Fmisc%2Ftpm0%2Fdevice%2Fpcrs&literal=1

Kind regards,
Petr

     prev parent reply	other threads:[~2019-08-29  7:32 UTC|newest]

Thread overview: 24+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2019-08-26 23:24 TPM 2.0 Linux sysfs interface Piotr Król
2019-08-27  1:05 ` Jason Gunthorpe
2019-08-28 15:53   ` Mimi Zohar
2019-08-28 16:15     ` Jason Gunthorpe
2019-08-30 21:20       ` Tadeusz Struk
2019-09-02 19:26         ` Jason Gunthorpe
2019-09-02 21:35           ` Mimi Zohar
2019-09-03  5:55             ` Jason Gunthorpe
2019-09-03 11:49               ` Mimi Zohar
2019-09-03 13:07                 ` Jason Gunthorpe
2019-09-03 13:23                   ` Mimi Zohar
2019-09-03 16:21                     ` Jarkko Sakkinen
2019-09-03 16:23               ` Tadeusz Struk
2019-09-03 22:40                 ` Jordan Hand
2019-09-03 23:29                   ` Mimi Zohar
2019-09-04  5:58                     ` Jason Gunthorpe
2019-09-04 11:30                       ` Mimi Zohar
2019-09-04 19:43                         ` Jason Gunthorpe
2019-09-04 20:26                           ` Mimi Zohar
2019-09-06 17:53                           ` Serge E. Hallyn
2019-08-28 15:03 ` Mimi Zohar
2019-08-28 17:15   ` Petr Vorel
2019-08-28 23:22   ` Piotr Król
2019-08-29  7:32     ` Petr Vorel [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20190829073246.GA28007@dell5510 \
    --to=pvorel@suse.cz \
    --cc=kgold@linux.ibm.com \
    --cc=linux-integrity@vger.kernel.org \
    --cc=piotr.krol@3mdeb.com \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.