lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Sun, 26 Nov 2017 16:06:46 +0200
From:   Jarkko Sakkinen <>
To:     "Roberts, William C" <>
Cc:     Javier Martinez Canillas <>,
        "" <>,
        Peter Huewe <>,
        "Tricca, Philip B" <>,
        Jason Gunthorpe <>,
        "" <>
Subject: Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation

On Tue, Nov 21, 2017 at 08:29:07PM +0000, Roberts, William C wrote:
> > TPM specification is not a formal specification AFAIK.
> The published parts are, granted many things are changing.

Yes, how it defines the protocol, you are correct. It does not have a
formal definition of RM behavior or at least I haven't found it.

> > > Yes, sorry for that. It wasn't clear to me that there was a sandbox
> > > and my lack of familiarity with the code was the reason why I posted
> > > as a RFC in the first place.
> > >
> > > Do you agree with Jason's suggestion to send a synthesized TPM command
> > > in the that the command isn't supported?
> > 
> > Nope.
> We should update the elf loader to make sure that ELF files don't contain
> Incorrect instructions. We shouldn't have this type of policy in the driver
> considering that the tpm is designed to handle it. Obviously you disagree,
> just understand you're wrong :-P

I think -EINVAL is better than synthetizing commands that are not really
from the TPM. And we would break backwards compatability by doing this.

As I said in an earlier response I would rather compare resource
manager to virtual memory than virtual machine.


Powered by blists - more mailing lists