[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 12 Dec 2019 13:07:26 -0800
From: Tadeusz Struk <tadeusz.struk@...el.com>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
jarkko.sakkinen@...ux.intel.com
Cc: peterz@...radead.org, linux-kernel@...r.kernel.org, jgg@...pe.ca,
mingo@...hat.com, jeffrin@...agiritech.edu.in,
linux-integrity@...r.kernel.org, will@...nel.org, peterhuewe@....de
Subject: Re: [PATCH =v2 3/3] tpm: selftest: cleanup after unseal with wrong
auth/policy test
On 12/12/19 12:54 PM, James Bottomley wrote:
> Not in the modern kernel resource manager world: anyone who is in the
> tpm group can access the tpmrm device and we haven't added a dangerous
> command filter like we promised we would, so unless they have actually
> set lockout or platform authorization, they'll find they can execute it
The default for the tpm2_* tools with '-T device' switch is to talk to
/dev/tpm0.
If one would try to run it, by mistake, it would fail with:
$ tpm2_clear -T device
ERROR:tcti:src/tss2-tcti/tcti-device.c:439:Tss2_Tcti_Device_Init()
Failed to open device file /dev/tpm0: Permission denied
To point it to /dev/tpmrm0 it would need to be:
$ tpm2_clear -T device:/dev/tpmrm0
--
Tadeusz
Powered by blists - more mailing lists