On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote: > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote: > > This patch set adds support for TPM spaces that provide a context > > for isolating and swapping transient objects. This patch set does > > not yet include support for isolating policy and HMAC sessions but > > it is trivial to add once the basic approach is settled (and that's > > why I created an RFC patch set). > > The approach looks fine to me. The only basic query I have is about > the default: shouldn't it be with resource manager on rather than off? > I can't really think of a use case that wants the RM off (even if > you're running your own, having another doesn't hurt anything, and it's > still required to share with in-kernel uses).
I haven't looked too closely at TPM 2.0 stuff, but at least for 1.2 we should have a kernel white-list of allowed commands within a RM context, so having the RM on by default would break all of the user space. I really think the only way forward here is a new char dev that is safe for unprivileged/concurrent use and migrate the user space stack to use it instead. > And with that, I've TPM 2 enabled both gnome-keyring and openssl: > > https://build.opensuse.org/package/show/home:jejb1:Tumbleweed/gnome-keyring > https://build.opensuse.org/package/show/home:jejb1:Tumbleweed/openssl_tpm_engine > I'm running them in production on my day to day laptop and so far > everything's working nicely (better than 1.2, in fact, since tcsd > periodically crashes necessitating a restart of everything). You granted your unprivileged user access to /dev/tpm0 then? FYI I think that is a dangerous idea.. Jason
