| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201310050002.09320.PeterHuewe@gmx.de> Date: Sat, 5 Oct 2013 00:02:09 +0200 From: Peter Hüwe <PeterHuewe@....de> To: tpmdd-devel@...ts.sourceforge.net, Ashley Lai <ashley@...leylai.com> Cc: Stefan Berger <stefanb@...ux.vnet.ibm.com>, Jason Gunthorpe <jgunthorpe@...idianresearch.com>, Leonidas Da Silva Barbosa <leosilva@...ux.vnet.ibm.com>, linux-kernel@...r.kernel.org, Rajiv Andrade <mail@...jiv.net>, Richard Maciel Costa <richardm@...ibm.com>, "trousers-tech@...ts.sourceforge.net" <trousers-tech@...ts.sourceforge.net>, Sirrix AG <tpmdd@...rix.com> Subject: Re: [tpmdd-devel] [PATCH 09/13] tpm: Pull everything related to sysfs into tpm-sysfs.c Am Freitag, 4. Oktober 2013, 21:17:36 schrieb Stefan Berger: > On 10/04/2013 01:08 PM, Jason Gunthorpe wrote: > > On Mon, Sep 30, 2013 at 05:09:51PM -0500, Joel Schopp wrote: > >>> So far, nobody I have talked to has offered any strong opinions on > >>> what locality should be used or how it should be set. I think finding > >>> a developer of trousers may be the most useful to talk about how the > >>> ioctl portion of this would need to be set up - if someone is actually > >>> needed. > >> > >> I am a TrouSerS developer and am ccing Richard, another TrouSerS > >> developer, and ccing the trousers-tech list. It would be good if you > >> could elaborate on the question and context for those not following the > >> entire thread, myself included. > > > > Two questions: > > > > Is userspace interested in using the TPM Locality feature, and if so > > is there any thoughts on what the interface should be? > > In terms of interface it should probably be an ioctl so that whoever > holds the fd to /dev/tpm0 gets to choose the locality. > > Locality allows the resetting of certain PCRs. See section 3.7 in > > http://www.trustedcomputinggroup.org/files/static_page_files/8E45D739-1A4B-> B294-D06274E7047730FD/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_032 > 12013.pdf > > Locality 4 can only be used by the hardware (section 2.2). Afaik Locality 3 (and sometimes 2) is often also "locked down"/filtered after the bios phase. >From http://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf "The storage spaces accessible within a TPM device are grouped by a locality attribute and are a separate set of address ranges from the Intel TXT Public and Private spaces. The following localities are defined: Locality 0 : Non trusted and legacy TPM operation Locality 1 : An environment for use by the Trusted Operating System Locality 2 : Trusted OS Locality 3 : Authenticated Code Module Locality 4 : Intel TXT hardware use only" (I know that's "only" Intel's view and not a TCG spec) Thanks, Peter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists