| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20210827133011.GJ1200268@ziepe.ca>
Date: Fri, 27 Aug 2021 10:30:11 -0300
From: Jason Gunthorpe <jgg@...pe.ca>
To: Ross Philipson <ross.philipson@...cle.com>
Cc: linux-kernel@...r.kernel.org, x86@...nel.org,
iommu@...ts.linux-foundation.org, linux-integrity@...r.kernel.org,
linux-doc@...r.kernel.org, dpsmith@...rtussolutions.com,
tglx@...utronix.de, mingo@...hat.com, bp@...en8.de, hpa@...or.com,
luto@...capital.net, kanth.ghatraju@...cle.com,
trenchboot-devel@...glegroups.com
Subject: Re: [PATCH v4 14/14] tpm: Allow locality 2 to be set when
initializing the TPM for Secure Launch
On Fri, Aug 27, 2021 at 09:28:37AM -0400, Ross Philipson wrote:
> The Secure Launch MLE environment uses PCRs that are only accessible from
> the DRTM locality 2. By default the TPM drivers always initialize the
> locality to 0. When a Secure Launch is in progress, initialize the
> locality to 2.
>
> Signed-off-by: Ross Philipson <ross.philipson@...cle.com>
> ---
> drivers/char/tpm/tpm-chip.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
Global state like this seems quite dangerous, shouldn't the locality
be selected based on the PCR being accessed, or passed down from
higher up in the call chain?
Jason
Powered by blists - more mailing lists