| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1487968155.2190.14.camel@HansenPartnership.com>
Date: Fri, 24 Feb 2017 15:29:15 -0500
From: James Bottomley <James.Bottomley@...senPartnership.com>
To: Jason Gunthorpe <jgunthorpe@...idianresearch.com>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>
Cc: tpmdd-devel@...ts.sourceforge.net,
linux-security-module@...r.kernel.org, dhowells@...hat.com,
Peter Huewe <peterhuewe@....de>,
Marcel Selhorst <tpmdd@...horst.net>,
open list <linux-kernel@...r.kernel.org>
Subject: Re: [PATCH v2 6/7] tpm: expose spaces via a device link /dev/tpms<n>
On Fri, 2017-02-24 at 11:11 -0700, Jason Gunthorpe wrote:
> On Fri, Feb 24, 2017 at 07:39:22PM +0200, Jarkko Sakkinen wrote:
>
> > > I think therefore that tpmns<n> for TPM Namespace would be very
> > > appropriate.
> >
> > Makes sense. We can go with tpmns.
>
> When we have talked about TPM namespaces in the past it has been
> around the idea of restricting which TPMs the namespace has access
> too and changing the 'kernel tpm' for that namespace.
Well, you know, nothing in the TPM Space code prevents us from exposing
the namespace so that it could be shared. However, I think the
namespace follows connect (device open) paradigm is pretty much the
behaviour everyone (including the kernel) wants, mostly because TPM2
has such a tiny amount of resources that you're always dealing with
loadable keys meaning you don't really want to see anyone else's
volatile state.
James
Powered by blists - more mailing lists