lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <D5DHHX9C7FX0.3PDP9DT4CWNWY@kernel.org>
Date: Mon, 04 Nov 2024 17:03:05 +0200
From: "Jarkko Sakkinen" <jarkko@...nel.org>
To: "Jarkko Sakkinen" <jarkko@...nel.org>, "Daniel P. Smith"
 <dpsmith@...rtussolutions.com>
Cc: <x86@...nel.org>, "Ross Philipson" <ross.philipson@...cle.com>, "Ard
 Biesheuvel" <ardb@...nel.org>, "Thomas Gleixner" <tglx@...utronix.de>,
 "Peter Huewe" <peterhuewe@....de>, "Jason Gunthorpe" <jgg@...pe.ca>, "open
 list:TPM DEVICE DRIVER" <linux-integrity@...r.kernel.org>, "open list"
 <linux-kernel@...r.kernel.org>
Subject: Re: [RFC PATCH 0/4] Alternative TPM patches for Trenchboot

On Mon Nov 4, 2024 at 1:18 PM EET, Jarkko Sakkinen wrote:
> I don't categorically reject adding some code to early setup. We have
> some shared code EFI stub but you have to explain your changes
> proeprly. Getting rejection in some early version to some approach,
> and being still pissed about that years forward is not really way
> to go IMHO.

Still this sounds unrealistic given that this was tpm_tis only feature,
and even that driver spans to total three different types of drivers:
MMIO, SPI and I2C. It would be ridiculous amount of code pulled into
early setup.

If you still think that would make sense then you could migrate all the
functionality under lib/ which would be called by both tpm_tis_core's
drivers and Trenchboot.

Anyway, if past me did that call, honestly, I do actually get it. It's
not a counter-argument to a represented potential concurrency issue,
which can cause issues with at least one TPM2 command, or like
"it was caused by you because you thought it was a bad idea to accept
tons of code to early setup" ;-)

I can live with that concurrency issue as long as it is known decision
not to support TPM2_PolicyLocality in the in-kernel use cases. Then my
patches do address remaining issues and they can be picked given the
sob's.

If the concurrency issue is unacceptable, then I would merge slmodule
to tpm_tis_core. It does solve the concurrency bug.

I'm now done with this until new version or the series is applied with
my patches. I think I've done enough effort to get this merged and not
the contrary.

BR, Jarkko

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ