From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751392AbdBXUwc (ORCPT ); Fri, 24 Feb 2017 15:52:32 -0500 Received: from quartz.orcorp.ca ([184.70.90.242]:33636 "EHLO quartz.orcorp.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751296AbdBXUw0 (ORCPT ); Fri, 24 Feb 2017 15:52:26 -0500 Date: Fri, 24 Feb 2017 13:52:01 -0700 From: Jason Gunthorpe To: James Bottomley Cc: Jarkko Sakkinen , tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org, dhowells@redhat.com, Peter Huewe , Marcel Selhorst , open list Subject: Re: [PATCH v2 6/7] tpm: expose spaces via a device link /dev/tpms Message-ID: <20170224205200.GA26547@obsidianresearch.com> References: <20170216192529.25467-1-jarkko.sakkinen@linux.intel.com> <20170216192529.25467-7-jarkko.sakkinen@linux.intel.com> <20170223090917.jq7thil5ggjmagil@intel.com> <1487941328.2249.23.camel@HansenPartnership.com> <20170224173922.qwuhfxeitbyct52o@intel.com> <20170224181126.GC22491@obsidianresearch.com> <1487968155.2190.14.camel@HansenPartnership.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1487968155.2190.14.camel@HansenPartnership.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.156 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Feb 24, 2017 at 03:29:15PM -0500, James Bottomley wrote: > On Fri, 2017-02-24 at 11:11 -0700, Jason Gunthorpe wrote: > > On Fri, Feb 24, 2017 at 07:39:22PM +0200, Jarkko Sakkinen wrote: > > > > > > I think therefore that tpmns for TPM Namespace would be very > > > > appropriate. > > > > > > Makes sense. We can go with tpmns. > > > > When we have talked about TPM namespaces in the past it has been > > around the idea of restricting which TPMs the namespace has access > > too and changing the 'kernel tpm' for that namespace. > > Well, you know, nothing in the TPM Space code prevents us from exposing > the namespace so that it could be shared. However, I think the > namespace follows connect (device open) paradigm is pretty much the > behaviour everyone (including the kernel) wants, mostly because TPM2 > has such a tiny amount of resources that you're always dealing with > loadable keys meaning you don't really want to see anyone else's > volatile state. I'm not arguing with that use model, I am asking what do you want to call the future feature that restricts which TPMs a process can view if you want to use the word namespace for the resource manager? This is something Stephen B has been exploring in conjunction with vtpm. (eg restrict a container to only use a single vtpm and ban it from the system tpm) Jason