From: "Peter Hüwe" <PeterHuewe@gmx.de>
To: tpmdd-devel@lists.sourceforge.net, Ashley Lai <ashley@ashleylai.com>
Cc: Stefan Berger <stefanb@linux.vnet.ibm.com>,
Jason Gunthorpe <jgunthorpe@obsidianresearch.com>,
Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>,
linux-kernel@vger.kernel.org, Rajiv Andrade <mail@srajiv.net>,
Richard Maciel Costa <richardm@br.ibm.com>,
"trousers-tech@lists.sourceforge.net"
<trousers-tech@lists.sourceforge.net>,
Sirrix AG <tpmdd@sirrix.com>
Subject: Re: [tpmdd-devel] [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c
Date: Sat, 5 Oct 2013 00:02:09 +0200 [thread overview]
Message-ID: <201310050002.09320.PeterHuewe@gmx.de> (raw)
In-Reply-To: <524F1450.6060406@linux.vnet.ibm.com>
Am Freitag, 4. Oktober 2013, 21:17:36 schrieb Stefan Berger:
> On 10/04/2013 01:08 PM, Jason Gunthorpe wrote:
> > On Mon, Sep 30, 2013 at 05:09:51PM -0500, Joel Schopp wrote:
> >>> So far, nobody I have talked to has offered any strong opinions on
> >>> what locality should be used or how it should be set. I think finding
> >>> a developer of trousers may be the most useful to talk about how the
> >>> ioctl portion of this would need to be set up - if someone is actually
> >>> needed.
> >>
> >> I am a TrouSerS developer and am ccing Richard, another TrouSerS
> >> developer, and ccing the trousers-tech list. It would be good if you
> >> could elaborate on the question and context for those not following the
> >> entire thread, myself included.
> >
> > Two questions:
> >
> > Is userspace interested in using the TPM Locality feature, and if so
> > is there any thoughts on what the interface should be?
>
> In terms of interface it should probably be an ioctl so that whoever
> holds the fd to /dev/tpm0 gets to choose the locality.
>
> Locality allows the resetting of certain PCRs. See section 3.7 in
>
> http://www.trustedcomputinggroup.org/files/static_page_files/8E45D739-1A4B-> B294-D06274E7047730FD/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_032
> 12013.pdf
>
> Locality 4 can only be used by the hardware (section 2.2).
Afaik Locality 3 (and sometimes 2) is often also "locked down"/filtered after
the bios phase.
>From
http://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf
"The storage spaces accessible within a TPM device are grouped by a locality
attribute and are a separate set of address ranges from the Intel TXT Public
and Private spaces.
The following localities are defined:
Locality 0 : Non trusted and legacy TPM operation
Locality 1 : An environment for use by the Trusted Operating System
Locality 2 : Trusted OS
Locality 3 : Authenticated Code Module
Locality 4 : Intel TXT hardware use only"
(I know that's "only" Intel's view and not a TCG spec)
Thanks,
Peter
next prev parent reply other threads:[~2013-10-04 22:00 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 18:14 [PATCH 00/13] TPM cleanup Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 01/13] tpm: ibmvtpm: Use %zd formatting for size_t format arguments Jason Gunthorpe
2013-10-01 21:58 ` Peter Hüwe
2013-10-02 19:37 ` [tpmdd-devel] " Ashley D Lai
2013-09-23 18:14 ` [PATCH 02/13] tpm atmel: Call request_region with the correct base Jason Gunthorpe
[not found] ` <201310020000.13490.PeterHuewe@gmx.de>
2013-10-03 0:11 ` [tpmdd-devel] " Ashley D Lai
2013-10-03 4:36 ` Jason Gunthorpe
2013-10-04 17:21 ` Joel Schopp
2013-09-23 18:14 ` [PATCH 03/13] tpm: xen-tpmfront: Fix default durations Jason Gunthorpe
2013-09-23 18:51 ` Konrad Rzeszutek Wilk
2013-09-23 18:57 ` Daniel De Graaf
2013-09-23 18:14 ` [PATCH 04/13] tpm: Store devname in the tpm_chip Jason Gunthorpe
2013-10-04 15:57 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 05/13] tpm: Use container_of to locate the tpm_chip in tpm_open Jason Gunthorpe
2013-10-05 1:47 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 06/13] tpm: Remove redundant dev_set_drvdata Jason Gunthorpe
2013-10-05 2:14 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 07/13] tpm: Remove tpm_show_caps_1_2 Jason Gunthorpe
[not found] ` <201310020009.22952.PeterHuewe@gmx.de>
2013-10-01 22:21 ` Jason Gunthorpe
2013-10-01 22:38 ` [tpmdd-devel] " Peter Hüwe
2013-09-23 18:14 ` [PATCH 08/13] tpm: Pull everything related to /dev/tpmX into tpm-dev.c Jason Gunthorpe
2013-10-01 22:52 ` Peter Hüwe
2013-10-01 22:57 ` Jason Gunthorpe
2013-10-01 23:14 ` Peter Hüwe
2013-10-01 23:23 ` Jason Gunthorpe
2013-10-03 5:05 ` Jason Gunthorpe
2013-10-04 15:50 ` TPM.ko module rename (was tpm: Pull everything related to /dev/tpmX into tpm-dev.c) Peter Hüwe
2013-10-04 16:28 ` Jason Gunthorpe
2013-10-04 16:45 ` Ashley Lai
2013-09-23 18:14 ` [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c Jason Gunthorpe
2013-09-23 18:54 ` [tpmdd-devel] " Daniel De Graaf
2013-09-23 19:36 ` Jason Gunthorpe
2013-09-23 20:20 ` Daniel De Graaf
2013-09-23 20:42 ` Jason Gunthorpe
2013-09-23 22:00 ` Daniel De Graaf
2013-09-23 22:23 ` Jason Gunthorpe
2013-09-24 14:28 ` Daniel De Graaf
2013-09-30 18:10 ` Jason Gunthorpe
2013-09-30 20:36 ` Daniel De Graaf
2013-09-30 21:20 ` Jason Gunthorpe
2013-09-30 22:09 ` Joel Schopp
2013-10-04 17:08 ` Jason Gunthorpe
2013-10-04 19:17 ` Stefan Berger
2013-10-04 22:02 ` Peter Hüwe [this message]
2013-10-07 15:06 ` Daniel De Graaf
2013-10-08 9:15 ` AW: [TrouSerS-tech] " Fuchs, Andreas
2013-10-09 17:38 ` Jason Gunthorpe
2013-10-10 7:42 ` AW: " Fuchs, Andreas
2013-10-10 16:50 ` Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 10/13] tpm: Create a tpm_class_ops structure and use it in the drivers Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 11/13] tpm: Use the ops structure instead of a copy in tpm_vendor_specific Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 12/13] tpm: st33: Remove chip->data_buffer access from this driver Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 13/13] tpm: Make tpm-dev allocate a per-file structure Jason Gunthorpe
2013-09-23 21:27 ` [tpmdd-devel] [PATCH 00/13] TPM cleanup Joel Schopp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=201310050002.09320.PeterHuewe@gmx.de \
--to=peterhuewe@gmx.de \
--cc=ashley@ashleylai.com \
--cc=jgunthorpe@obsidianresearch.com \
--cc=leosilva@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@srajiv.net \
--cc=richardm@br.ibm.com \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@sirrix.com \
--cc=trousers-tech@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox