[tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed

[Michal Suchánek]

Hello,

On Tue, 29 Aug 2017 15:55:09 +0300
Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com> wrote:

> On Mon, Aug 28, 2017 at 05:15:58PM +0000,
> Alexander.Steffen at infineon.com wrote:
> > But is that just because nobody bothered to implement the necessary
> > logic or for some other reason?  
> 
> We do not want user space to access broken hardware. It's a huge risk
> for system stability and potentially could be used for evil purposes.
> 
> This is not going to mainline as it is not suitable for general
> consumption. You must use a patched kernel if you want this.
> 
> /Jarkko
> 

It has been pointed out that userspace applications that use direct IO
access exist for the purpose. So using a kernel driver is an
improvement over that if the interface is otherwise sane.

What do you expect is the potential for instability or evil use?

With a kernel driver arbitrating the bus access as it would in any
other case I do not see much potential for instability. If there are
cases when the arbitration fails they can surely be more likely
triggered in cases other than userspace sending arbitrary requests to a
device which is in a state the kernel does not support but otherwise
responsive.

If you really think that accessing a device that is in unsupported
state at boot (as opposed to getting unto unsupported state during
device operation after boot) is a real problem it can be selectable as
compile time option so people who do not want the code do not get it.

Thanks

Michal
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html