[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1413158605.14699.46.camel@dhcp-9-2-203-236.watson.ibm.com>
Date: Sun, 12 Oct 2014 20:03:25 -0400
From: Mimi Zohar <zohar@...ux.vnet.ibm.com>
To: Andy Lutomirski <luto@...capital.net>
Cc: Stefan Berger <stefanb@...ux.vnet.ibm.com>, keyrings@...ux-nfs.org,
jarkko.sakkinnen@...ux.intel.com,
"ksummit-discuss@...ts.linuxfoundation.org"
<ksummit-discuss@...ts.linuxfoundation.org>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
LSM List <linux-security-module@...r.kernel.org>,
tpmdd-devel@...ts.sourceforge.net,
James Morris <james.l.morris@...cle.com>,
linux-ima-devel@...ts.sourceforge.net,
trousers-tech@...ts.sourceforge.net,
Peter Huewe <PeterHuewe@....de>
Subject: Re: [tpmdd-devel] [TrouSerS-tech] [Ksummit-discuss] TPM MiniSummit
@ LinuxCon Europe
On Tue, 2014-10-07 at 11:59 -0700, Andy Lutomirski wrote:
> On Tue, Oct 7, 2014 at 11:47 AM, Stefan Berger
> <stefanb@...ux.vnet.ibm.com> wrote:
> > On 10/07/2014 02:02 PM, Jason Gunthorpe wrote:
> >>
> >> On Tue, Oct 07, 2014 at 01:54:41PM -0400, Stefan Berger wrote:
> >>
> >>> Why add the complexity of swapping of authenticated sessions and keys
> >>> into the kernel if you can handle this in userspace? You need a library
> >>> that is aware of the number of key slots and slots for sessions in the
> >>> TPM and swaps them in at out when applications need them. Trousers is
> >>> such a library that was designed to cope with the limitations of the
> >>> device and make its functionality available to all applications that
> >>> want to access it.
> >>
> >> How does trousers work with the kernel when the kernel is also using
> >> TPM key slots for IMA/keyring/whatever?
> >
> >
> > IIRC it only uses a single key slot and swaps all keys in and out of that
> > one. If the kernel was to fill up all key (and sessions) slots, TSS would
> > probably not work anymore.
> >
> > Another argument for the TSS is that you also wouldn't want applications to
> > swap out each others keys and sessions and leave them out or assume that
> > they would always cleanup if they do not currently need them.
>
> That argument seems backwards. If you're worried about applications
> (or trousers itself!) failing to clean up, then shouldn't the kernel
> driver clean up orphaned key slots itself?
As I understand it, this isn't an issue of "cleaning up", but of
mediating the limited resources, by "swapping" keys in and out as
needed.
Mimi
> Also, what protects the kernel from having slot 0 get stomped on or,
> worse, inappropriately used by a misbehaving or malicious user
> program? Is the authorization session mechanism really secure against
> intentional abuse by users of the same machine?
>
> --Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists