lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 3 Nov 2009 21:27:17 -0700 From: Jason Gunthorpe <jgunthorpe@...idianresearch.com> To: Valdis.Kletnieks@...edu Cc: Hal Finney <hal.finney@...il.com>, tpmdd-devel@...ts.sourceforge.net, linux-kernel@...r.kernel.org, srajiv@...ux.vnet.ibm.com Subject: Re: [tpmdd-devel] [PATCH] TPM: Let the tpm char device be openable multiple times On Tue, Nov 03, 2009 at 10:24:29PM -0500, Valdis.Kletnieks@...edu wrote: > A number of other things under drivers/ implement "only one open" semantics, > but those are hard-coded into the driver. But for the TPM, it's unclear if > exclusive or non-exclusive is the right model. The underlying hardware already supports multiplexing multiple clients in the same command stream - I'm not sure why this shouldn't be exported to user space as-is. The kernel already accesses the TPM without going through the middleware for in kernel features.. > Maybe the right answer is to default to multiple opens, but have an > ioctl() that turns on exclusive mode. If you have a 'tcsd' daemon, > it will need to get launched early enough to do the open/ioctl Why is this an issue? /dev/tpm is root only accessible. There are a lot of things that can go horribly wrong if root does improper things, and you can create quite reasonable multi-process tpm using applications without the middleware. Even if another root process does open /dev/tpm - what is the worst it can do? Jason -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists