From: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
To: James Bottomley <James.Bottomley@HansenPartnership.com>,
Stefan Berger <stefanb@linux.vnet.ibm.com>
Cc: dhowells@redhat.com, linux-security-module@vger.kernel.org,
tpmdd-devel@lists.sourceforge.net,
open list <linux-kernel@vger.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH v2 6/7] tpm: expose spaces via a device link /dev/tpms<n>
Date: Mon, 27 Feb 2017 10:28:34 -0700 [thread overview]
Message-ID: <20170227172834.GH5891@obsidianresearch.com> (raw)
In-Reply-To: <1488042289.2250.22.camel@HansenPartnership.com>
On Sat, Feb 25, 2017 at 12:04:49PM -0500, James Bottomley wrote:
> > device cgroup blocks access to the cdevs of tpm0 but not to the
> > sysfs files.
>
> What the device cgroup currently does for us and what it could do are
> two different things. It seems if it exported
> __devcgroup_check_permission, we could use that as a check to gate the
> sysfs file access.
Make sense, maybe we should be doing that..
Stefan, are you still interested in this? This seems like a fairly
simple solution to your problem???
> > I am talking about using a situation like kernel IMA or keyring in
> > the container with a tpm that is not tpm0, eg a vtpm.
>
> a vtpm appears as a tpm device so it can be controlled by the device
> cgroup ... I think I'm not seeing the issue.
When an in-kernel call opens the TPM it does not go through the cdev,
it does something like this:
extern int tpm_pcr_read(u32 chip_num, int pcr_idx, u8 *res_buf);
And hardwires 'chip_num' to TPM_ANY_NUM. Keyring does the same (see
trusted_instantiate)
Practically speaking this means in-kernel callers pretty much always
operate on tpm0.
I think we need to change TPM_ANY_NUM to something more container
friendly, but I'm not sure what that should be.
> be done at all) it's usually better to start with use cases. So
> instead of saying we need to virtualize the PCRs we should start with X
> container has this requirement for attestation of its Y state. Often
> the best way simply is an extension of the multi user model for the
> resource ... in this case no-one's really come up with one for PCRs, so
> that might be the place to begin.
Broadly makes sense to me.
Maybe kernel keyring is a better example, it already has a multi-user
model.
Jason
next prev parent reply other threads:[~2017-02-27 17:30 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-16 19:25 [PATCH v2 0/7] in-kernel resource manager Jarkko Sakkinen
2017-02-16 19:25 ` [PATCH v2 1/7] tpm: move length validation to tpm_transmit() Jarkko Sakkinen
2017-02-16 19:25 ` [PATCH v2 2/7] tpm: validate TPM 2.0 commands Jarkko Sakkinen
2017-02-16 19:25 ` [PATCH v2 3/7] tpm: export tpm2_flush_context_cmd Jarkko Sakkinen
2017-02-16 19:25 ` [PATCH v2 4/7] tpm: infrastructure for TPM spaces Jarkko Sakkinen
2017-02-21 18:24 ` [tpmdd-devel] " Nayna
2017-02-22 17:08 ` Ken Goldman
2017-02-22 17:39 ` James Bottomley
2017-02-22 20:56 ` Ken Goldman
2017-03-22 20:09 ` Ken Goldman
2017-03-23 15:56 ` Jarkko Sakkinen
2017-02-22 21:08 ` Jarkko Sakkinen
2017-02-24 12:53 ` James Bottomley
2017-02-24 17:02 ` Jarkko Sakkinen
2017-02-16 19:25 ` [PATCH v2 5/7] tpm: split out tpm-dev.c into tpm-dev.c and tpm-common-dev.c Jarkko Sakkinen
2017-02-23 9:04 ` Jarkko Sakkinen
2017-02-16 19:25 ` [PATCH v2 6/7] tpm: expose spaces via a device link /dev/tpms<n> Jarkko Sakkinen
2017-02-23 9:09 ` Jarkko Sakkinen
2017-02-24 13:02 ` James Bottomley
2017-02-24 17:39 ` Jarkko Sakkinen
2017-02-24 18:11 ` Jason Gunthorpe
2017-02-24 20:29 ` James Bottomley
2017-02-24 20:52 ` Jason Gunthorpe
2017-02-24 23:01 ` [tpmdd-devel] " James Bottomley
2017-02-24 23:23 ` Jason Gunthorpe
2017-02-24 23:43 ` James Bottomley
2017-02-25 0:25 ` Jason Gunthorpe
2017-02-25 17:04 ` James Bottomley
2017-02-27 17:28 ` Jason Gunthorpe [this message]
2017-02-26 11:44 ` Jarkko Sakkinen
2017-02-26 18:30 ` Dr. Greg Wettstein
2017-02-28 17:22 ` Ken Goldman
2017-02-27 17:33 ` Jason Gunthorpe
2017-02-24 6:59 ` [tpmdd-devel] " Nayna
2017-02-24 12:53 ` James Bottomley
2017-02-27 11:46 ` Nayna
2017-02-27 14:55 ` James Bottomley
2017-02-16 19:25 ` [PATCH v2 7/7] tpm2: add session handle context saving and restoring to the space code Jarkko Sakkinen
2017-02-23 9:04 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170227172834.GH5891@obsidianresearch.com \
--to=jgunthorpe@obsidianresearch.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=dhowells@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=stefanb@linux.vnet.ibm.com \
--cc=tpmdd-devel@lists.sourceforge.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox