| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 22 Feb 2017 12:08:28 -0500
From: Ken Goldman <kgold@...ux.vnet.ibm.com>
To: tpmdd-devel@...ts.sourceforge.net
Cc: linux-security-module@...r.kernel.org,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH v2 4/7] tpm: infrastructure for TPM spaces
On 2/21/2017 1:24 PM, Nayna wrote:
>
> [snip]
>>
>> 1. Take locks.
>> 2. Load transient objects from the backing storage by using ContextLoad
>> and map virtual handles to physical handles.
>> 3. Perform the transaction.
>> 4. Save transient objects to backing storage by using ContextSave and
>> map resulting physical handle to virtual handle if there is such.
>>
>> This commit does not implement virtualization support for hmac and
>> policy sessions.
>>
>
> If I have understood discussions correctly, I assume, that kernel TPM
> operations will also be routed via RM. And I think that is not happening
> now with these patches.
There is one corner case that requires kernel operations to go through
the RM, and that's the session context regapping. If the kernel did not
go through the RM, it could not handle TPM_RC_CONTEXT_GAP.
I believe that kernel operations such as PCR extend, that don't require
sessions, do not have to go through the RM.
Kernel operations that use objects perhaps can bypass the RM as long as
there is a lock and the kernel also context saves objects and returns
the TPM to the empty state before it releases the lock.
Finally, I suspect that the RM should reserve 3 sessions for kernel
operations, so the kernel can't block because user space applications
have filled all the session slots.
Powered by blists - more mailing lists