| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <alpine.LRH.2.20.1702010842220.28891@namei.org>
Date: Wed, 1 Feb 2017 08:46:32 +1100 (AEDT)
From: James Morris <jmorris@...ei.org>
To: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
cc: Kenneth Goldman <kgoldman@...ibm.com>,
"moderated list:TPM DEVICE DRIVER"
<tpmdd-devel@...ts.sourceforge.net>,
open list <linux-kernel@...r.kernel.org>,
linux-security-module@...r.kernel.org
Subject: Re: Fwd: Re: [tpmdd-devel] [PATCH v9 2/2] tpm: add securityfs
support,for TPM 2.0 firmware event log
On Tue, 31 Jan 2017, Jarkko Sakkinen wrote:
> James,
>
> The discussion is about two features:
>
> 1. Extension to tpm_pcr_extend() (used by IMA) to extend all PCR banks
> instead of just SHA-1 banks. It is recommended by TCG to do so in
> order to prevent malicious use of PCRs.
> 2. TPM 2.0 event log with backend support for OF device tree (for
> getting address where you can grab it).
>
> These are required as baseline to implement full TPM 2.0 support for
> IMA. The commits are fairly well baked and went through many iterations.
> I've tested tpm_pcr_extend() patches. I haven't tested event log patches
> but have extensively reviewed them and Ken Goldman has tested them with
> POWER hardware.
>
> I don't believe that there is major risk to put them already into 4.11
> but it is fairly late so I just want a second opinion before putting
> them into pull request.
>
I'll take this for 4.11. IMA + TPM 2.0 is still developmental and not in
wide use, afaik.
--
James Morris
<jmorris@...ei.org>
Powered by blists - more mailing lists