From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: "Fuchs, Andreas" <andreas.fuchs@sit.fraunhofer.de>
Cc: Joel Schopp <jschopp@linux.vnet.ibm.com>,
Leonidas Da Silva Barbosa <leosilva@linux.vnet.ibm.com>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
Rajiv Andrade <mail@srajiv.net>,
"tpmdd-devel@lists.sourceforge.net"
<tpmdd-devel@lists.sourceforge.net>,
Richard Maciel Costa <richardm@br.ibm.com>,
"trousers-tech@lists.sourceforge.net"
<trousers-tech@lists.sourceforge.net>,
Daniel De Graaf <dgdegra@tycho.nsa.gov>,
Sirrix AG <tpmdd@sirrix.com>
Subject: Re: [TrouSerS-tech] [tpmdd-devel] [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c
Date: Thu, 10 Oct 2013 10:50:24 -0600 [thread overview]
Message-ID: <20131010165024.GA19997@obsidianresearch.com> (raw)
In-Reply-To: <9F48E1A823B03B4790B7E6E69430724D2E99FB07@EXCH2010A.sit.fraunhofer.de>
On Thu, Oct 10, 2013 at 07:42:49AM +0000, Fuchs, Andreas wrote:
> In any case, I like your idea to split trousers IPC to two distinct
> unix sockets for localities. In this case, we could also split tcsd
> into two processes along with it for accessing the distinct
> char-devices and thereby make it more robust against bugs for
> "locality-escalation".
You still have to somehow manage cross locality state between the two
daemons..
> Also remember that many people have developed alternative stacks
> that don't use trousers but operate directly on the char-device.
> They would also benefit from char-device access control for localities.
I am one of those people, we actually don't use any middleware at
all. But to make that work I've had to carry the multi-open patch for
years :|
> Even with only a single trousers, I see no harm in two devices. For
> backwards compatibility, the current /dev/tpm0 could be exported (with
> highest level access control) along with tpm0l1, tpm0l2, ... and/or
> trousers could open both char-devices if it wanted to.
Well, we could start with a 'no way out IOCTL'. So trousers can open
/dev/tpm twice and lock the two FDs to a specific locality then drop
privileges and fork priv-sep style sub processes.
The current kernel code is not ready for multiple char devices, it
will need a device class first..
> The kernel may want to use localityAtRelease OS in order to protect sealed
> data (trusted keyrings) such that user-space could not even unseal
It seems reasonable to have TPM data that will only live in the kernel
to be only releasable by the kernel..
Jason
next prev parent reply other threads:[~2013-10-10 16:50 UTC|newest]
Thread overview: 54+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-09-23 18:14 [PATCH 00/13] TPM cleanup Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 01/13] tpm: ibmvtpm: Use %zd formatting for size_t format arguments Jason Gunthorpe
2013-10-01 21:58 ` Peter Hüwe
2013-10-02 19:37 ` [tpmdd-devel] " Ashley D Lai
2013-09-23 18:14 ` [PATCH 02/13] tpm atmel: Call request_region with the correct base Jason Gunthorpe
[not found] ` <201310020000.13490.PeterHuewe@gmx.de>
2013-10-03 0:11 ` [tpmdd-devel] " Ashley D Lai
2013-10-03 4:36 ` Jason Gunthorpe
2013-10-04 17:21 ` Joel Schopp
2013-09-23 18:14 ` [PATCH 03/13] tpm: xen-tpmfront: Fix default durations Jason Gunthorpe
2013-09-23 18:51 ` Konrad Rzeszutek Wilk
2013-09-23 18:57 ` Daniel De Graaf
2013-09-23 18:14 ` [PATCH 04/13] tpm: Store devname in the tpm_chip Jason Gunthorpe
2013-10-04 15:57 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 05/13] tpm: Use container_of to locate the tpm_chip in tpm_open Jason Gunthorpe
2013-10-05 1:47 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 06/13] tpm: Remove redundant dev_set_drvdata Jason Gunthorpe
2013-10-05 2:14 ` [tpmdd-devel] " Ashley Lai
2013-09-23 18:14 ` [PATCH 07/13] tpm: Remove tpm_show_caps_1_2 Jason Gunthorpe
[not found] ` <201310020009.22952.PeterHuewe@gmx.de>
2013-10-01 22:21 ` Jason Gunthorpe
2013-10-01 22:38 ` [tpmdd-devel] " Peter Hüwe
2013-09-23 18:14 ` [PATCH 08/13] tpm: Pull everything related to /dev/tpmX into tpm-dev.c Jason Gunthorpe
2013-10-01 22:52 ` Peter Hüwe
2013-10-01 22:57 ` Jason Gunthorpe
2013-10-01 23:14 ` Peter Hüwe
2013-10-01 23:23 ` Jason Gunthorpe
2013-10-03 5:05 ` Jason Gunthorpe
2013-10-04 15:50 ` TPM.ko module rename (was tpm: Pull everything related to /dev/tpmX into tpm-dev.c) Peter Hüwe
2013-10-04 16:28 ` Jason Gunthorpe
2013-10-04 16:45 ` Ashley Lai
2013-09-23 18:14 ` [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c Jason Gunthorpe
2013-09-23 18:54 ` [tpmdd-devel] " Daniel De Graaf
2013-09-23 19:36 ` Jason Gunthorpe
2013-09-23 20:20 ` Daniel De Graaf
2013-09-23 20:42 ` Jason Gunthorpe
2013-09-23 22:00 ` Daniel De Graaf
2013-09-23 22:23 ` Jason Gunthorpe
2013-09-24 14:28 ` Daniel De Graaf
2013-09-30 18:10 ` Jason Gunthorpe
2013-09-30 20:36 ` Daniel De Graaf
2013-09-30 21:20 ` Jason Gunthorpe
2013-09-30 22:09 ` Joel Schopp
2013-10-04 17:08 ` Jason Gunthorpe
2013-10-04 19:17 ` Stefan Berger
2013-10-04 22:02 ` Peter Hüwe
2013-10-07 15:06 ` Daniel De Graaf
2013-10-08 9:15 ` AW: [TrouSerS-tech] " Fuchs, Andreas
2013-10-09 17:38 ` Jason Gunthorpe
2013-10-10 7:42 ` AW: " Fuchs, Andreas
2013-10-10 16:50 ` Jason Gunthorpe [this message]
2013-09-23 18:14 ` [PATCH 10/13] tpm: Create a tpm_class_ops structure and use it in the drivers Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 11/13] tpm: Use the ops structure instead of a copy in tpm_vendor_specific Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 12/13] tpm: st33: Remove chip->data_buffer access from this driver Jason Gunthorpe
2013-09-23 18:14 ` [PATCH 13/13] tpm: Make tpm-dev allocate a per-file structure Jason Gunthorpe
2013-09-23 21:27 ` [tpmdd-devel] [PATCH 00/13] TPM cleanup Joel Schopp
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20131010165024.GA19997@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=andreas.fuchs@sit.fraunhofer.de \
--cc=dgdegra@tycho.nsa.gov \
--cc=jschopp@linux.vnet.ibm.com \
--cc=leosilva@linux.vnet.ibm.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mail@srajiv.net \
--cc=richardm@br.ibm.com \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@sirrix.com \
--cc=trousers-tech@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox