From: "Serge E. Hallyn" <serge@hallyn.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>
Cc: Jason Gunthorpe <jgg@nvidia.com>,
Mimi Zohar <zohar@linux.ibm.com>,
Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>,
linux-integrity@vger.kernel.org
Subject: Re: [PATCH v4 1/1] tpm: add sysfs exports for all banks of PCR registers
Date: Thu, 20 Aug 2020 11:55:35 -0500 [thread overview]
Message-ID: <20200820165535.GA972@mail.hallyn.com> (raw)
In-Reply-To: <1597940084.3864.35.camel@HansenPartnership.com>
On Thu, Aug 20, 2020 at 09:14:44AM -0700, James Bottomley wrote:
> On Wed, 2020-08-19 at 20:21 -0300, Jason Gunthorpe wrote:
> > On Wed, Aug 19, 2020 at 01:09:16PM -0700, James Bottomley wrote:
> > I went to try to make a python implementation.. After about 10mins I
> > came up with this approximate thing:
> >
> > select = struct.pack(">BBB", 1, 0, 0) # PCR 1
> > pcrread_in = struct.pack(">IHB", 1, TPM2_ALG_SHA1, len(select)) +
> > select
> > msg = struct.pack(">HII", TPM2_ST_NO_SESSIONS, 10 + len(pcrread_in),
> > TPM2_CC_PCR_READ) + pcrread_in
> >
> > with open("/dev/tpm","wb") as tpm:
> > tpm.write(msg)
> > resp = tpm.read(msg)
> >
> > tag, length, return_code = struct.unpack(">HII",res[:10])
> > if not return_code:
> > raise Error()
> >
> > return res[10+20:] # digest
> >
> > Which is hopefully quite close to being something working - at least
> > it looks fairly close to what the kernel implementation does.
> >
> > Fortunately no Phd was required! I think Go would be about similar,
> > right?
>
> I could do the same with perl, but not bash. In the same way I could
> construct an anomalous SO(3) higgs model as a party trick.
>
> the point is that when you ask users would they rather do the above or
> cat /sys/class/tpm/tpm0/pcr-sha1/1 they'll universally opt for the
> latter because it's way simpler.
>
> Now perhaps if the mechanism that services this in the kernel were
> thousands of lines long and unmaintainable you'd think twice, but it's
> not, it's under 200 lines. So the maintainability bar to us providing
> this is low and the user convenience quite high ... that's what makes
> it look like a good interface.
>
> James
I'd also point out that this is the fundamental thing you do with the
pcrs. There is no other way that some library would want to do it, and
everything builds on it. We're exporting the core functionality as a
simpler file read/write. I know that after taking filesystem interfaces
to an extreme, over the past 20 years we've turned back a bit, but in
this case it seems the right way to do it.
next prev parent reply other threads:[~2020-08-20 16:55 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-08-17 21:35 [PATCH v4 0/1] add sysfs exports for TPM 2 PCR registers James Bottomley
2020-08-17 21:35 ` [PATCH v4 1/1] tpm: add sysfs exports for all banks of " James Bottomley
2020-08-18 16:12 ` Jarkko Sakkinen
2020-08-18 16:19 ` Jarkko Sakkinen
2020-08-18 16:26 ` Jarkko Sakkinen
2020-08-18 16:46 ` Jason Gunthorpe
2020-08-18 18:26 ` Mimi Zohar
2020-08-18 18:36 ` Jason Gunthorpe
2020-08-18 18:55 ` Mimi Zohar
2020-08-19 12:02 ` Jason Gunthorpe
2020-08-19 13:27 ` Mimi Zohar
2020-08-19 14:09 ` Jason Gunthorpe
2020-08-19 14:53 ` Mimi Zohar
2020-08-19 14:55 ` Mimi Zohar
2020-08-19 22:16 ` Jarkko Sakkinen
2020-08-19 22:48 ` Jerry Snitselaar
2020-08-19 23:26 ` Jason Gunthorpe
2020-08-20 15:46 ` Jarkko Sakkinen
2020-08-19 14:56 ` Serge E. Hallyn
2020-08-19 22:15 ` Jarkko Sakkinen
2020-08-19 15:17 ` James Bottomley
2020-08-19 16:18 ` Jason Gunthorpe
2020-08-19 16:57 ` Mimi Zohar
2020-08-19 17:17 ` Jason Gunthorpe
2020-08-19 20:09 ` James Bottomley
2020-08-19 23:21 ` Jason Gunthorpe
2020-08-20 16:14 ` James Bottomley
2020-08-20 16:55 ` Serge E. Hallyn [this message]
2020-08-21 17:41 ` Jarkko Sakkinen
2020-08-21 19:38 ` Jason Gunthorpe
2020-08-24 19:44 ` Jarkko Sakkinen
2020-08-24 20:20 ` James Bottomley
2020-08-25 15:27 ` Jarkko Sakkinen
2020-08-25 15:33 ` James Bottomley
2020-08-26 13:15 ` Jarkko Sakkinen
2020-08-26 13:19 ` Jarkko Sakkinen
2020-08-24 21:57 ` Jason Gunthorpe
2020-08-19 22:14 ` Jarkko Sakkinen
2020-08-18 19:03 ` James Bottomley
2020-08-19 22:13 ` Jarkko Sakkinen
2020-08-19 22:01 ` Jarkko Sakkinen
2020-08-18 16:44 ` James Bottomley
2020-08-18 17:17 ` Jason Gunthorpe
2020-08-18 18:49 ` James Bottomley
2020-08-19 21:53 ` Jarkko Sakkinen
2020-08-19 22:46 ` James Bottomley
2020-08-20 15:22 ` Jarkko Sakkinen
2020-08-19 21:33 ` Jarkko Sakkinen
2020-09-14 17:41 ` Jarkko Sakkinen
2020-09-14 19:19 ` James Bottomley
2020-09-15 11:22 ` Jarkko Sakkinen
2020-10-08 11:45 ` Petr Vorel
2020-10-08 14:29 ` James Bottomley
2020-10-09 16:12 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200820165535.GA972@mail.hallyn.com \
--to=serge@hallyn.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=jarkko.sakkinen@linux.intel.com \
--cc=jgg@nvidia.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.