lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 17 Apr 2019 14:23:13 +0200
From:   "Enrico Weigelt, metux IT consult" <lkml@...ux.net>
To:     Sasha Levin <sashal@...nel.org>, peterhuewe@....de,
        jarkko.sakkinen@...ux.intel.com, jgg@...pe.ca
Cc:     corbet@....net, linux-kernel@...r.kernel.org,
        linux-doc@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-kernel@...rosoft.com, thiruan@...rosoft.com,
        bryankel@...rosoft.com
Subject: Re: [PATCH v3 2/2] ftpm: add documentation for ftpm driver

On 15.04.19 17:56, Sasha Levin wrote:

Hi,

> +The driver acts as a thin layer that passes commands to and from a TPM> +implemented in firmware. The driver itself doesn't contain much logic
and is> +used more like a dumb pipe between firmware and kernel/userspace.
Is that TPM already used in production or yet an PoC ?
IOW: can the protocol be changed ?

If so, I'd prefer using 9P for that. This already proven well, not just
for grid computing (where it originally came from), but also in things
like virtio, etc.

In general, many of the hardware/chip interfaces out there basically
deal with either either passing around some data packets or streams,
or reading/setting some attributes. But everybody seems to do that part
in his own special way - that takes up a big share of the driver
development resources and final code - and that needs to be repeated
for each OS. In many, many cases a standard protocol like 9P could
already provide this - if folks would just use it :p

Therefore, I'm really a strong supporter of the idea of using 9P
for this.

In your case, you could design the highlevel TPM interface like with
a tcp stream / socket or a synthetic filesystem, and for the lowlevel
part just like kvm does w/ virtio.

In case you have no experience w/ 9P+friends, feel free to ask,
I'll to my best to explain it :)


--mtx

-- 
Enrico Weigelt, metux IT consult
Free software and Linux embedded engineering
info@...ux.net -- +49-151-27565287

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ