| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Mar 2019 17:30:22 -0700
From: Dan Williams <dan.j.williams@...el.com>
To: James Bottomley <jejb@...ux.ibm.com>
Cc: Jarkko Sakkinen <jarkko.sakkinen@...ux.intel.com>,
"linux-nvdimm@...ts.01.org" <linux-nvdimm@...ts.01.org>,
Roberto Sassu <roberto.sassu@...wei.com>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
Mimi Zohar <zohar@...ux.ibm.com>,
David Howells <dhowells@...hat.com>, keyrings@...r.kernel.org
Subject: Re: [PATCH] security/keys/trusted: Allow operation without hardware TPM
On Mon, Mar 18, 2019 at 5:24 PM James Bottomley <jejb@...ux.ibm.com> wrote:
>
> On Mon, 2019-03-18 at 16:45 -0700, Dan Williams wrote:
> > Rather than fail initialization of the trusted.ko module, arrange for
> > the module to load, but rely on trusted_instantiate() to fail
> > trusted-key operations.
>
> What actual problem is this fixing? To me it would seem like an
> enhancement to make the trusted module fail at load time if there's no
> TPM rather than waiting until first use to find out it can never work.
> Is there some piece of user code that depends on the successful
> insertion of trusted.ko?
The module dependency chain relies on it. If that can be broken that
would also be an acceptable fix.
I found this through the following dependency chain: libnvdimm.ko ->
encrypted_keys.ko -> trusted.ko.
"key_type_trusted" is the symbol that encrypted_keys needs regardless
of whether the tpm is present.
Powered by blists - more mailing lists