| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Oct 2013 10:50:24 -0600 From: Jason Gunthorpe <jgunthorpe@...idianresearch.com> To: "Fuchs, Andreas" <andreas.fuchs@....fraunhofer.de> Cc: Joel Schopp <jschopp@...ux.vnet.ibm.com>, Leonidas Da Silva Barbosa <leosilva@...ux.vnet.ibm.com>, "linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>, Rajiv Andrade <mail@...jiv.net>, "tpmdd-devel@...ts.sourceforge.net" <tpmdd-devel@...ts.sourceforge.net>, Richard Maciel Costa <richardm@...ibm.com>, "trousers-tech@...ts.sourceforge.net" <trousers-tech@...ts.sourceforge.net>, Daniel De Graaf <dgdegra@...ho.nsa.gov>, Sirrix AG <tpmdd@...rix.com> Subject: Re: [TrouSerS-tech] [tpmdd-devel] [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c On Thu, Oct 10, 2013 at 07:42:49AM +0000, Fuchs, Andreas wrote: > In any case, I like your idea to split trousers IPC to two distinct > unix sockets for localities. In this case, we could also split tcsd > into two processes along with it for accessing the distinct > char-devices and thereby make it more robust against bugs for > "locality-escalation". You still have to somehow manage cross locality state between the two daemons.. > Also remember that many people have developed alternative stacks > that don't use trousers but operate directly on the char-device. > They would also benefit from char-device access control for localities. I am one of those people, we actually don't use any middleware at all. But to make that work I've had to carry the multi-open patch for years :| > Even with only a single trousers, I see no harm in two devices. For > backwards compatibility, the current /dev/tpm0 could be exported (with > highest level access control) along with tpm0l1, tpm0l2, ... and/or > trousers could open both char-devices if it wanted to. Well, we could start with a 'no way out IOCTL'. So trousers can open /dev/tpm twice and lock the two FDs to a specific locality then drop privileges and fork priv-sep style sub processes. The current kernel code is not ready for multiple char devices, it will need a device class first.. > The kernel may want to use localityAtRelease OS in order to protect sealed > data (trusted keyrings) such that user-space could not even unseal It seems reasonable to have TPM data that will only live in the kernel to be only releasable by the kernel.. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists