| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20171120180409.GB29075@ziepe.ca>
Date: Mon, 20 Nov 2017 11:04:09 -0700
From: Jason Gunthorpe <jgg@...pe.ca>
To: Javier Martinez Canillas <javierm@...hat.com>
Cc: "Roberts, William C" <william.c.roberts@...el.com>,
"linux-kernel@...r.kernel.org" <linux-kernel@...r.kernel.org>,
Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
Peter Huewe <peterhuewe@....de>,
"Tricca, Philip B" <philip.b.tricca@...el.com>,
"linux-integrity@...r.kernel.org" <linux-integrity@...r.kernel.org>
Subject: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation
fails
On Mon, Nov 20, 2017 at 10:26:01AM +0100, Javier Martinez Canillas wrote:
> I thought the TPM spaces was about exposing a virtualized TPM that didn't
> have the limitation of only allowing to store a small set of transient
> objects (so user-space didn't have to deal with the handles flushing and
> context save/load), rather than relaxing the access control to the TPM.
Somehow it became about both ..
The kernel defaults the tpmrm to root only, so the distro can decide
how to set it up. Some people are giving access to unpriv users.
> Having said that, I'm happy to implement the synthesized response when
> the command is not supported, if that's the correct way to resolve this.
It seems like it, from what I can see, but only if the command is not
supported..
You should double check with James of course.
Jason
Powered by blists - more mailing lists