From: "Daniel P. Smith" <dpsmith@apertussolutions.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
Ard Biesheuvel <ardb@kernel.org>
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
x86@kernel.org, Ross Philipson <ross.philipson@oracle.com>,
Thomas Gleixner <tglx@linutronix.de>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
"open list:TPM DEVICE DRIVER" <linux-integrity@vger.kernel.org>,
open list <linux-kernel@vger.kernel.org>,
trenchboot-devel@googlegroups.com
Subject: Re: [RFC PATCH 0/4] Alternative TPM patches for Trenchboot
Date: Mon, 4 Nov 2024 19:13:13 -0500 [thread overview]
Message-ID: <3f7bb7d6-3410-4e04-b6fc-6fdc26274cfa@apertussolutions.com> (raw)
In-Reply-To: <11eb20711f597b355c38abfce54ccff7f68fa5c9.camel@HansenPartnership.com>
On 11/4/24 15:36, James Bottomley wrote:
> On Mon, 2024-11-04 at 11:34 -0500, Daniel P. Smith wrote:
> [...]
>> In case the question comes up from those not familiar, the kexec does
>> an GETSEC[SEXIT] which closes off access to Localities 1 and 2, thus
>> locking the DRTM PCR values. It brings the CPUs out of SMX mode so
>> the target kernel does not require to have any knowledge about
>> running in that mode.
>
> So, to repeat the question: why a sysfs interface for setting the
> default locality? If I understand correctly from what you say above,
> it can't be used in any kernel except the SL one, and that one could
> run permanently in it, so there's no requirement at all for user space
> to be able to change this, is there?
I responded to Ard this morning that, "If the slmodule is able to set
the locality for all PCR extends coming from user space to be Locality
2, that removes the current need for it." Where "it" is the sysfs node
for default locality. This series does just that, so in a more direct
response, no, a writable sysfs node is no longer needed with this series.
v/r
dps
next prev parent reply other threads:[~2024-11-05 0:13 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-02 15:22 [RFC PATCH 0/4] Alternative TPM patches for Trenchboot Jarkko Sakkinen
2024-11-02 15:22 ` [RFC PATCH 1/4] tpm, tpm_tis: Close all localities Jarkko Sakkinen
2024-11-02 15:22 ` [RFC PATCH 2/4] tpm, tpm_tis: Address positive localities in tpm_tis_request_locality() Jarkko Sakkinen
2024-11-02 15:22 ` [RFC PATCH 3/4] tpm, tpm_tis: allow to set locality to a different value Jarkko Sakkinen
2024-11-02 15:22 ` [RFC PATCH 4/4] tpm: sysfs: Show locality used by kernel Jarkko Sakkinen
2024-11-02 18:00 ` [RFC PATCH 0/4] Alternative TPM patches for Trenchboot Jarkko Sakkinen
2024-11-04 10:57 ` Daniel P. Smith
2024-11-04 11:18 ` Jarkko Sakkinen
2024-11-04 11:19 ` Jarkko Sakkinen
2024-11-04 11:29 ` Jarkko Sakkinen
2024-11-04 11:27 ` Ard Biesheuvel
2024-11-04 11:47 ` Jarkko Sakkinen
2024-11-04 11:52 ` Daniel P. Smith
2024-11-04 11:55 ` Ard Biesheuvel
2024-11-04 12:06 ` Jarkko Sakkinen
2024-11-04 12:19 ` Daniel P. Smith
2024-11-04 13:21 ` James Bottomley
2024-11-04 16:34 ` Daniel P. Smith
2024-11-04 20:36 ` James Bottomley
2024-11-05 0:13 ` Daniel P. Smith [this message]
2024-11-04 15:03 ` Jarkko Sakkinen
2024-11-04 20:40 ` ross.philipson
2024-11-05 0:51 ` ross.philipson
2024-11-05 16:24 ` Ard Biesheuvel
2024-11-05 18:21 ` ross.philipson
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3f7bb7d6-3410-4e04-b6fc-6fdc26274cfa@apertussolutions.com \
--to=dpsmith@apertussolutions.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=ross.philipson@oracle.com \
--cc=tglx@linutronix.de \
--cc=trenchboot-devel@googlegroups.com \
--cc=x86@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox