lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20080815221714.50d709ee@lxorguk.ukuu.org.uk>
Date:	Fri, 15 Aug 2008 22:17:14 +0100
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Kenneth Goldman <kgoldman@...ibm.com>
Cc:	"Peter Dolding" <oiaohm@...il.com>, linux-kernel@...r.kernel.org,
	linux-security-module@...r.kernel.org
Subject: Re: [PATCH 1/4] integrity: TPM internel kernel interface

On Fri, 15 Aug 2008 14:50:01 -0400
Kenneth Goldman <kgoldman@...ibm.com> wrote:

> "Peter Dolding" <oiaohm@...il.com> wrote on 08/15/2008 06:37:27 AM:
> 
> > Remember even soldered on stuff can fail.   How linux handles the
> > death of the TPM module needs to be covered.
> 
> Is fault tolerance a requirement just for the TPM, or is it a general>
> Linux requirement?  Has it always been there, or is it new?

We try very very hard to not crash on failure.

> For example, does kernel software have to gracefully handle
> failures in the disk controller, processor, memory controller, BIOS
> flash memory, etc?

Our disk layer will retry, reset, change cable speeds and if that fails
and you are running raid with multipaths or sufficient mirrors continue.
We capture processor exceptions and when possible log and continue
although most CPU failures report with the context corrupt. We log and
the EDAC layer handles as much as it possible can for memory errors
(actually we could be a bit more selective here and there are proposals
to go  further)

> I'd think it would be quite hard to code around motherboard
> failures in a commodity platform not designed for fault tolerance.

The Linux userbase ranges from fault tolerant systems like Stratus to
dodgy cheapo boards from iffy cheap and cheerful computer merchants so it
makes sense to try and be robust.

In your TPM case being robust against the TPM ceasing to respond
certainly is worthwhile so that at least you return an error on failure
rather than the box dying. You may well not be able to get the chip back
in order without a hardware change/reboot.

Alan
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ