lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1273012255.2530.11.camel@localhost.localdomain>
Date:	Tue, 04 May 2010 18:30:55 -0400
From:	Mimi Zohar <zohar@...ux.vnet.ibm.com>
To:	Randy Dunlap <randy.dunlap@...cle.com>
Cc:	Rajiv Andrade <srajiv@...ux.vnet.ibm.com>,
	linux-kernel@...r.kernel.org, jmorris@...ei.org
Subject: Re: [PATCH] TPM: ACPI/PNP dependency removal

On Tue, 2010-05-04 at 15:00 -0700, Randy Dunlap wrote:
> On Tue, 04 May 2010 18:49:20 -0300 Rajiv Andrade wrote:
> 
> > This patch pushes the ACPI dependency into the device driver code
> > itself. Now, even without ACPI/PNP enabled, the device can be registered
> > using the TIS specified memory space. This will however result in the
> > lack of access to the bios event log, being the only implication of such
> > ACPI removal.
> > 
> > Signed-off-by: Rajiv Andrade <srajiv@...ux.vnet.ibm.com>
> > Acked-by: Mimi Zohar <zohar@...ux.vnet.ibm.com>
> > ---
> >  drivers/char/tpm/Kconfig   |   14 +++++++++++---
> >  drivers/char/tpm/tpm_tis.c |   42 ++++++++++++++++++++++--------------------
> >  2 files changed, 33 insertions(+), 23 deletions(-)
> > 
> > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig
> > index f5fc64f..0a9ec0b 100644
> > --- a/drivers/char/tpm/Kconfig
> > +++ b/drivers/char/tpm/Kconfig
> > @@ -17,20 +17,28 @@ menuconfig TCG_TPM
> >  	  obtained at: <http://sourceforge.net/projects/trousers>.  To 
> >  	  compile this driver as a module, choose M here; the module 
> >  	  will be called tpm. If unsure, say N.
> > -	  Note: For more TPM drivers enable CONFIG_PNP, CONFIG_ACPI
> > -	  and CONFIG_PNPACPI.
> > +	  Note: For more TPM drivers and BIOS LOG access enable 
> > +	  CONFIG_PNP, CONFIG_ACPI and CONFIG_PNPACPI.
> >  
> >  if TCG_TPM
> >  
> >  config TCG_TIS
> >  	tristate "TPM Interface Specification 1.2 Interface"
> > -	depends on PNP
> >  	---help---
> >  	  If you have a TPM security chip that is compliant with the
> >  	  TCG TIS 1.2 TPM specification say Yes and it will be accessible
> >  	  from within Linux.  To compile this driver as a module, choose
> >  	  M here; the module will be called tpm_tis.
> >  
> > +config TCG_BIOS_LOG
> > +	bool "TPM bios mesurement log"
> 
> 	          BIOS measurement
> 
> > +	depends on X86
> > +	select ACPI
> > +	---help---
> > +	  ACPI is required for access to bios measurements lists and therefore
> 
> 	                                 BIOS
> 
> and if I had any say-so, I would Nack this part of the patch.
> Selecting ACPI adds a huge amount of code, so it should just depend on ACPI IMO.

Just posted a patch removing the ACPI dependency from IMA, as IMA can
run with/without ACPI or TPM enabled. However, without ACPI enabled, the
PCR values can not be verified against the BIOS measurement log.

> Also, ACPI depends on PCI and PM, so if this "select" part remains,
> this should be more like:
> 
> 	  depends on X86 && PCI && PM
> 
> (unless that's already enforced somewhere else).

Thanks.

> > +	  to validate the PCR[0] value. So say Yes in case you want this
> > +	  feature and, consequently, ACPI will be enabled.
> > +
> >  config TCG_NSC
> >  	tristate "National Semiconductor TPM Interface"
> >  	---help---

Mimi

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ