From mboxrd@z Thu Jan 1 00:00:00 1970 From: James Bottomley Subject: Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM Date: Mon, 18 Mar 2019 17:24:40 -0700 Message-ID: <1552955080.2785.26.camel@linux.ibm.com> References: <155295271345.1945351.6465460744078693578.stgit@dwillia2-desk3.amr.corp.intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <155295271345.1945351.6465460744078693578.stgit-p8uTFz9XbKj2zm6wflaqv1nYeNYlB/vhral2JQCrhuEAvxtiuMwx3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: linux-nvdimm-bounces-hn68Rpc1hR1g9hUCZPvPmw@public.gmane.org Sender: "Linux-nvdimm" To: Dan Williams , jarkko.sakkinen-VuQAYsv1563Yd54FQh9/CA@public.gmane.org Cc: linux-nvdimm-hn68Rpc1hR1g9hUCZPvPmw@public.gmane.org, Roberto Sassu , linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Mimi Zohar , David Howells , keyrings-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: linux-nvdimm@lists.01.org On Mon, 2019-03-18 at 16:45 -0700, Dan Williams wrote: > Rather than fail initialization of the trusted.ko module, arrange for > the module to load, but rely on trusted_instantiate() to fail > trusted-key operations. What actual problem is this fixing? To me it would seem like an enhancement to make the trusted module fail at load time if there's no TPM rather than waiting until first use to find out it can never work. Is there some piece of user code that depends on the successful insertion of trusted.ko? James