On Tue, Oct 08, 2013 at 09:15:55AM +0000, Fuchs, Andreas wrote:
> Rather than an ioctl, why not provide a different tpm-device per > locality. This way, the access to the different localities can be > restricted via standard user/group of the device. i.e. /dev/tpm0l1, > /dev/tpm0l2, ... or similar approaches... The way the TPM architecture is setup you will need the middle ware to do the switching between localities and managing cross locality resources, so it doesn't make sense for the kernel to export a locality specific char device. You'd have to do the above by having trousers create unix domain sockets for each of the privilege levels and using the usual security mechanisms to protect access to those sockets. Jason ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
