| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 16 Mar 2016 22:37:50 +0200 From: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com> To: Jason Gunthorpe <jgunthorpe@...idianresearch.com> Cc: Stefan Berger <stefanb@...ux.vnet.ibm.com>, tpmdd-devel@...ts.sourceforge.net, linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org, linux-doc@...r.kernel.org, linux-api@...r.kernel.org, dhowells@...hat.com Subject: Re: [PATCH v8 08/10] tpm: Proxy driver for supporting multiple emulated TPMs On Wed, Mar 16, 2016 at 11:49:04AM -0600, Jason Gunthorpe wrote: > On Wed, Mar 16, 2016 at 02:09:16PM +0200, Jarkko Sakkinen wrote: > > On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote: > > > Alternative to this would be to have /dev/vtpmx create: > > > > * /dev/vtpm0 for the server > > * /dev/tpm0 for the client > > > > This is how David Howell's PoC worked and that's why I want > > to make this alternative visible. > > > > The server could even respawn without container noticing it. > > This solution have better availability properties. > > Seriously, no, that doesn't make any sense. TPM is stateful, you can't > respawn the server side. > > If anyone is ever clever enough to make that workable then they just > go ahead and save the server fd with the other state. systemd for > instance already has everything needed to make that work. > > We don't need to have a server dev node and we certainly don't need > the leaking problem that leaves us with. Fair enough. > Jason /Jarkko
Powered by blists - more mailing lists