[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <1483472069.2464.24.camel@linux.vnet.ibm.com>
Date: Tue, 03 Jan 2017 11:34:29 -0800
From: James Bottomley <jejb@...ux.vnet.ibm.com>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: linux-security-module@...r.kernel.org,
tpmdd-devel@...ts.sourceforge.net,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager
On Tue, 2017-01-03 at 21:14 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 08:36:02PM +0200, Jarkko Sakkinen wrote:
> > On Tue, Jan 03, 2017 at 08:14:55AM -0800, James Bottomley wrote:
> > > On Tue, 2017-01-03 at 15:41 +0200, Jarkko Sakkinen wrote:
[...]
> > > > Just thinking how to split up the non-RFC patch set. This was
> > > > also what Jason suggested if I understood his remark correctly.
> > >
> > > SUre ... let's get agreement on how we move forward first. How
> > > the patch is activated by the user has to be sorted out as well
> > > before it can go in, but it doesn't have to be the first thing we
> > > do. I'm happy to continue playing with the interfaces to see
> > > what works and what doesn't. My main current feedback is that I
> > > think separate devices works way better than an ioctl becuase the
> > > separate devices approach allows differing system policies for
> > > who accesses the RM backed TPM vs who accesses the raw one.
> >
> > I think I see your point. I would rather name the device as tpms0
> > but otherwise I think we could do it in the way you suggest...
I'm not at all wedded to the name tpm0rm, so tpms0 is fine by me.
> I think one more stronger argument for tpms0 is that it keeps tpm0
> intact. Those who don't care about tpms0 don't have to worry about it
> causing regressions. Also it makes it cleaner to put the whole
> feature under a compilation flag, which would make to me because that
> gives distributions a choice to not enable in-kernel RM when it first
> hits the mainline.
I wouldn't go that far: one of the evils we cause for distros is too
many compile options. In this case, I can't think of a good reason to
have an option to disable this now the feature is segregated on to a
separate device. If we get a regression, only users of the new device
will notice. If it's a compile option, this is the same if the distro
enables it and if it's disabled, no user can test out the feature (and
distros eventually get complaints about it not working).
James
Powered by blists - more mailing lists