From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932409AbdJZREg (ORCPT <rfc822;w@1wt.eu>);
        Thu, 26 Oct 2017 13:04:36 -0400
Received: from mga14.intel.com ([192.55.52.115]:18486 "EHLO mga14.intel.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932137AbdJZREc (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 26 Oct 2017 13:04:32 -0400
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.44,301,1505804400"; 
   d="scan'208";a="165375919"
Date: Thu, 26 Oct 2017 19:03:59 +0200
From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Michal =?iso-8859-1?Q?Such=E1nek?= <msuchanek@suse.de>
Cc: Peter Huewe <peterhuewe@gmx.de>, Matthew Garrett <mjg59@google.com>,
        linux-integrity <linux-integrity@vger.kernel.org>,
        Kari Hiitola <kari@varaani.com>, linux-kernel@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        Alexander Steffen <Alexander.Steffen@infineon.com>
Subject: Re: Fixing CVE-2017-15361
Message-ID: <20171026170359.v3f7od6hagrt2pv7@linux.intel.com>
References: <20171025134438.vgh6tzkups2tujps@linux.intel.com>
 <CACdnJus6=3XJEVsQEVY-sxqcUm2At4fKi5Ya+w0Hf==yq7ubKQ@mail.gmail.com>
 <20171025185349.ocptudim3g35j6im@linux.intel.com>
 <F1DA2BF7-4A3D-4934-9C45-4DAC4FD33659@gmx.de>
 <20171026111632.g6a3bkhe4nxorfbm@linux.intel.com>
 <20171026145902.2e7dbb06@kitsune.suse.cz>
 <20171026140602.syifqbrgysvq7ciy@linux.intel.com>
 <20171026165748.265e6dcf@kitsune.suse.cz>
 <20171026170237.6q43xsenbzrw6hi4@linux.intel.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20171026170237.6q43xsenbzrw6hi4@linux.intel.com>
Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo
User-Agent: NeoMutt/20170609 (1.8.3)
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Thu, Oct 26, 2017 at 07:02:37PM +0200, Jarkko Sakkinen wrote:
> On Thu, Oct 26, 2017 at 04:57:48PM +0200, Michal Suchánek wrote:
> > On Thu, 26 Oct 2017 16:06:02 +0200
> > Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> wrote:
> > 
> > > On Thu, Oct 26, 2017 at 02:59:02PM +0200, Michal Suchánek wrote:
> > > > It does not really matter. People ignore the messages unless looking
> > > > for something specific as you already noticed. Warn seems adequate
> > > > because the cipher is weaker than expected but not known to
> > > > be compromised. People who care can look up the message. People who
> > > > don't care will ignore it even if it's crit.  
> > > 
> > > Is it worth of trouble to do any driver changes then (open question to
> > > everyone)? I'm not sure it is worth of trouble to add cruft to the
> > > driver code for a warning that will likely be ignored anyway.
> > 
> > If the kernel can reliably detect the affected TPMs it saves the
> > user the work of figuring out where the firmware revision is accessible
> > on the running machine and what firmware revisions are affected.
> > 
> > Thanks
> > 
> > Michal
> 
> Just giving the warning does not require any kernel functionality. If
> nothing proactive is required from the kernel I'd move the
> responsibility to the user space. Nothing in the kernel is broken an
> kernel cannot workaround the issue by ay means.
> 
> /Jarkko

I.e. I'm not going to fix a bug if there is no bug to fix.

/Jarkko