Jason Gunthorpe <[email protected]> wrote on 01/19/2016
05:48:51 PM:
> Date: 01/19/2016 05:49 PM
> Subject: Re: [tpmdd-devel] [RFC PATCH 0/4] Multi-instance vTPM driver
>
> On Tue, Jan 19, 2016 at 05:14:28PM -0500, Mimi Zohar wrote:
> > On Tue, 2016-01-19 at 11:08 -0700, Jason Gunthorpe wrote:
> > > On Tue, Jan 19, 2016 at 12:53:40PM -0500, Stefan Berger wrote:
> > > > This series has absolutely nothing to do with resource
> > > > management.
> > >
> > > Sure the patch doesn't, but the proposed application does.
> > >
> > > Linux namespaces is all about resource management.
> >
> > huh? namespacing is about isolation.
>
> isolation of what? Every namespace in linux has a defined set of
> kernel managed resources it contains.
- network namespace isolates a network namespace from all the other
network namespace through separate network interfaces and separate network
stack
- mount namespace isolates the mount points and filesystems from other
mount namespaces
- PID namespace isolates the process IDs of one container from those of
others
- IMA namespacing isolates the measurement lists between IMA namespaces;
alos each IMA namespace will have its own IMA policy
The goal is that each IMA namespace can have its own attached vTPM into
which IMA can do PCR extensions.
Stefan
>
> > > This is an interesting way to make a software TPM,
> >
> > That's the intention, not namespacing the TPM.
>
> Did you read the patch?
>
> The primary goal of this series of patches is enabling vTPM for
containers
> and hooking them up to a (future) namespaced IMA. However, the driver
can
> also be used for simulating a hardware TPM on the host.
>
> Jason
>
------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel