lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20100504150026.907f3ed3.randy.dunlap@oracle.com>
Date:	Tue, 4 May 2010 15:00:26 -0700
From:	Randy Dunlap <randy.dunlap@...cle.com>
To:	Rajiv Andrade <srajiv@...ux.vnet.ibm.com>
Cc:	linux-kernel@...r.kernel.org, zohar@...ux.vnet.ibm.com,
	jmorris@...ei.org
Subject: Re: [PATCH] TPM: ACPI/PNP dependency removal

On Tue, 04 May 2010 18:49:20 -0300 Rajiv Andrade wrote:

> This patch pushes the ACPI dependency into the device driver code
> itself. Now, even without ACPI/PNP enabled, the device can be registered
> using the TIS specified memory space. This will however result in the
> lack of access to the bios event log, being the only implication of such
> ACPI removal.
> 
> Signed-off-by: Rajiv Andrade <srajiv@...ux.vnet.ibm.com>
> Acked-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
> ---
>  drivers/char/tpm/Kconfig   |   14 +++++++++++---
>  drivers/char/tpm/tpm_tis.c |   42 ++++++++++++++++++++++--------------------
>  2 files changed, 33 insertions(+), 23 deletions(-)
> 
> diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
> index f5fc64f..0a9ec0b 100644
> --- a/drivers/char/tpm/Kconfig
> +++ b/drivers/char/tpm/Kconfig
> @@ -17,20 +17,28 @@ menuconfig TCG_TPM
>  	  obtained at: <http://sourceforge.net/projects/trousers>.  To 
>  	  compile this driver as a module, choose M here; the module 
>  	  will be called tpm. If unsure, say N.
> -	  Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
> -	  and CONFIG_PNPACPI.
> +	  Note: For more TPM drivers and BIOS LOG access enable 
> +	  CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI.
>  
>  if TCG_TPM
>  
>  config TCG_TIS
>  	tristate "TPM Interface Specification 1.2 Interface"
> -	depends on PNP
>  	---help---
>  	  If you have a TPM security chip that is compliant with the
>  	  TCG TIS 1.2 TPM specification say Yes and it will be accessible
>  	  from within Linux.  To compile this driver as a module, choose
>  	  M here; the module will be called tpm_tis.
>  
> +config TCG_BIOS_LOG
> +	bool "TPM bios mesurement log"

	          BIOS measurement

> +	depends on X86
> +	select ACPI
> +	---help---
> +	  ACPI is required for access to bios measurements lists and therefore

	                                 BIOS

and if I had any say-so, I would Nack this part of the patch.
Selecting ACPI adds a huge amount of code, so it should just depend on ACPI IMO.

Also, ACPI depends on PCI and PM, so if this "select" part remains,
this should be more like:

	  depends on X86 && PCI && PM

(unless that's already enforced somewhere else).

> +	  to validate the PCR[0] value. So say Yes in case you want this
> +	  feature and, consequently, ACPI will be enabled.
> +
>  config TCG_NSC
>  	tristate "National Semiconductor TPM Interface"
>  	---help---


---
~Randy
*** Remember to use Documentation/SubmitChecklist when testing your code ***
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ