On 1/29/2017 10:25 AM, Jarkko Sakkinen wrote: > > We should probably block the following from /dev/tpms0 by default: > > 1. ContextLoad for sessions. > 2. ContextSave for sessions. > 3. Vendor specific commands.
This is reasonable to me. The only vendor specific commands I currently know of are for low level device configuration. It's done in OEM manufacturing and then locked. Eventually, we'll want to block extends to certain PCRs. E.g., the IMA PCR (10) should be accessibly to the kernel but not user space. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
