On Wed, Aug 30, 2017 at 12:34:16PM +0200, Michal Suchánek wrote: > On Wed, 30 Aug 2017 13:20:02 +0300 > Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote: > > > On Wed, Aug 30, 2017 at 01:15:10PM +0300, Jarkko Sakkinen wrote: > > > On Tue, Aug 29, 2017 at 03:17:39PM +0200, Michal Suchánek wrote: > > > > Hello, > > > > > > > > On Tue, 29 Aug 2017 15:55:09 +0300 > > > > Jarkko Sakkinen <jarkko.sakki...@linux.intel.com> wrote: > > > > > > > > > On Mon, Aug 28, 2017 at 05:15:58PM +0000, > > > > > alexander.stef...@infineon.com wrote: > > > > > > But is that just because nobody bothered to implement the > > > > > > necessary logic or for some other reason? > > > > > > > > > > We do not want user space to access broken hardware. It's a > > > > > huge risk for system stability and potentially could be used > > > > > for evil purposes. > > > > > > > > > > This is not going to mainline as it is not suitable for general > > > > > consumption. You must use a patched kernel if you want this. > > > > > > > > > > /Jarkko > > > > > > > > > > > > > It has been pointed out that userspace applications that use > > > > direct IO access exist for the purpose. So using a kernel driver > > > > is an improvement over that if the interface is otherwise sane. > > > > > > > > What do you expect is the potential for instability or evil use? > > > > > > By definition the use of broken hardware can have unpredictable > > > effects. Use a patched kernel if you want to do it. > > > > > > /Jarkko > > > > I.e. too many unknown unknowns for mainline. > > > > I could consider a solution for the TPM error case on self-test that > > allows only restricted subset of commands. > > > > The patch description did not go to *any* detail on how it is used so > > practically it's unreviewable at this point. There's a big burder of > > proof and now there's only hand waving. > > > Hello, > > there was a bug patched recently in which Linux was not sending the > shutdown command on system shutdown. Presumably with this bug some TPMs > consider being under attack and stop performing most functions. > However, you should be able to read the log if this is implemented > sanely. For that the TPM needs to be accessible. > > There are probably other cases when the TPM might be useless for system > use but it might be useful to access it. For example, does Linux handle > uninitialized TPMs? > > Thanks > > Michal
Agreed. I still think it would make sense to start with a limited subset of TPM commands, not with all-command-allowed. I guess Alexander should be able to propose such subset. /Jarkko ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
