James Bottomley wrote on 01/04/2017 02:45:21 PM:
> > James is proposing using the Decrypt op to do this job.
>
> I believe the TCG has decided this is the only way to sign arbitrary
> data.
My suspicion is that this was an omission, not a decision. In fact,
Part 1 explicitly describes a caller
Jason Gunthorpe wrote on 01/04/2017
01:54:34 PM:
> We don't need the algorithm in the TPM. We just need to be able to RSA
> sign an arbitary OID + externally computed hash like TPM 1.2 could.
>
> What is the recommended way to create a key with a sign-only intent
> that can be used with arbitar
On Wed, 2017-01-04 at 11:54 -0700, Jason Gunthorpe wrote:
> On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote:
> >Jason Gunthorpe wrote on
> > 01/03/2017
> >07:42:17 PM:
> >> > ... but my current TPM doesn't understand
> >> > anything other than sha1 or sha256, so it
On Wed, Jan 04, 2017 at 10:57:51AM -0800, James Bottomley wrote:
> > You are doing all this work to get the user space side in shape, I'd
> > like to see matching kernel support. To me that means out-of-the-box
> > a user can just use your plugins, the plugins will access /dev/tmps
> > and everyth
James Bottomley wrote on 01/04/2017 02:05:35 PM:
> From: James Bottomley
> To: Stefan Berger/Watson/IBM@IBMUS
> Cc: Jarkko Sakkinen , tpmdd-
> de...@lists.sourceforge.net, Jason Gunthorpe
> Date: 01/04/2017 02:05 PM
> Subject: Re: [tpmdd-devel] [PATCH RFC 2/4] tpm: validate TPM 2.0
commands
>
On Wed, 2017-01-04 at 13:59 -0500, Stefan Berger wrote:
> [ 67.699811] WARNING: CPU: 12 PID: 870 at mm/page_alloc.c:3511
What's the code context around this line in your source? Or what
kernel version? If it's this
if (order >= MAX_ORDER) {
WARN_ON_ONCE(!(gfp_mask & _
James Bottomley wrote on 01/04/2017 01:19:36 PM:
> From: James Bottomley
> To: Stefan Berger/Watson/IBM@IBMUS, Jarkko Sakkinen
>
> Cc: linux-security-mod...@vger.kernel.org, tpmdd-
> de...@lists.sourceforge.net, open list
> Date: 01/04/2017 01:19 PM
> Subject: Re: [tpmdd-devel] [PATCH RFC 2/4
On Wed, 2017-01-04 at 11:31 -0700, Jason Gunthorpe wrote:
> On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote:
>
> > > > But this is not trousers, this is an in-kernel 0666 char dev
> > > > that will be active on basically every Linux system with a TPM.
> > > > I think we have a du
On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote:
>Jason Gunthorpe wrote on 01/03/2017
>07:42:17 PM:
>> > ... but my current TPM doesn't understand
>> > anything other than sha1 or sha256, so it wouldn't allow more state
>of
>> > the art algorithms like sha22
Jason Gunthorpe wrote on 01/03/2017
07:42:17 PM:
> > ... but my current TPM doesn't understand
> > anything other than sha1 or sha256, so it wouldn't allow more state of
> > the art algorithms like sha224, sha384 or sha512 either.
>
> Okay, yes, that is horrible :( If it is that bad it might no
On Wed, Jan 04, 2017 at 01:04:59PM -0500, Stefan Berger wrote:
>> @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
>> */
>> int tpm2_auto_startup(struct tpm_chip *chip)
>> {
>> + u32 nr_commands;
>> int rc;
>> + int i;
>>
>> rc = tpm_get_timeou
"Dr. Greg Wettstein" wrote on 01/04/2017 11:12:41
AM:
> The kernel needs a resource manager. Everyone needs to think VERY
> hard and VERY, VERY carefully about what gets put into the kernel. In
> making a decision, put the ABSOLUTE smallest amount of code into the
> kernel ...
If you're a TCG
On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote:
> > > But this is not trousers, this is an in-kernel 0666 char dev that
> > > will be active on basically every Linux system with a TPM. I think
> > > we have a duty to be very conservative here.
>
> Just to note on this that trou
On Wed, 2017-01-04 at 13:04 -0500, Stefan Berger wrote:
> Jarkko Sakkinen wrote on 01/02/2017
> 08:22:08 AM:
>
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> > */
> > int tpm2_auto_startup(struct tpm_chip *ch
Trimmed the CC list a bit. Where does this discussion really belong?
Trousers is for TPM 1.2,
and it's not a TSS or TPM device driver issue.
If you're all TCG members, the TCG's TPM WG is the real place to go if you
want to get
something fixed.
James Bottomley wrote on
01/03/2017 06:22:56 P
Jarkko Sakkinen wrote on 01/02/2017
08:22:08 AM:
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> */
> int tpm2_auto_startup(struct tpm_chip *chip)
> {
> + u32 nr_commands;
> int rc;
> + int i;
>
> rc
Jarkko Sakkinen wrote on 01/02/2017
08:22:10 AM:
>
> Added a ioctl for creating a TPM space. The space is isolated from the
> other users of the TPM. Only a process holding the file with the handle
> can access the objects and only objects that are created through that
> file handle can be acce
(Resending as no reply received, this time with CCs to TPM maintainers and
author of the original commit).
Hi all,
Commit 1107d065fdf1 (tpm_tis: Introduce intermediate layer for TPM access)
broke TPM support on ThinkPad X61S (and likely also on other machines which
use TPMs with a static burst co
On Wed, Jan 04, 2017 at 02:58:10PM +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote:
> > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> >
> > > OK, so I put a patch together that does this (see below). It all works
> > > nicely (wi
On Wed, 2017-01-04 at 14:50 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 05:17:32PM -0700, Jason Gunthorpe wrote:
> > On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
[...]
> > > > Even if TPM 2 has a stronger password based model, I still
> > > > think the kernel should
On Tue, Jan 03, 2017 at 09:47:21PM -0800, Andy Lutomirski wrote:
> On 01/02/2017 09:26 PM, James Bottomley wrote:
> > On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bot
On Wed, Jan 04, 2017 at 02:08:06PM +0530, Nayna wrote:
>
>
> On 01/03/2017 07:03 PM, Jarkko Sakkinen wrote:
> > On Tue, Jan 03, 2017 at 01:09:18PM +0530, Nayna wrote:
> > >
> > >
> > > On 01/03/2017 03:42 AM, Jarkko Sakkinen wrote:
> > > > On Sun, Dec 11, 2016 at 12:35:33AM -0500, Nayna Jain wr
On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote:
> On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
>
> > OK, so I put a patch together that does this (see below). It all works
> > nicely (with a udev script that sets the resource manager device to
> > 0666):
> >
>
On Tue, Jan 03, 2017 at 05:17:32PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
>
> > > I think we should also consider TPM 1.2 support in all of this, it is
> > > still a very popular peice of hardware and it is equally able to
> > > support a R
On Tue, Jan 03, 2017 at 02:47:02PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote:
>
> > > I'm not sure about this. Why you couldn't have a very thin daemon
> > > that prepares the file descriptor and sends it through UDS socket to
> > > a client.
On Tue, Jan 03, 2017 at 12:16:34PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote:
> > > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote:
> > > > Added a ioctl for c
On Tue, Jan 03, 2017 at 11:46:27AM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote:
> > > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote:
> > > > Added a ioctl for c
On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote:
> > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote:
> > > > Since there is only
On Tue, Jan 03, 2017 at 04:40:53PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 03:22:56PM -0800, James Bottomley wrote:
> > > I think it is very important to natively support the sign-only key
> > > usage restriction. TPM1.2 goes so far as to declare keys that can be
> > > used for arbi
On 01/03/2017 07:03 PM, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 01:09:18PM +0530, Nayna wrote:
>>
>>
>> On 01/03/2017 03:42 AM, Jarkko Sakkinen wrote:
>>> On Sun, Dec 11, 2016 at 12:35:33AM -0500, Nayna Jain wrote:
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
30 matches
Mail list logo