[tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed

Jarkko Sakkinen jarkko.sakkinen at linux.intel.com
Wed Aug 30 10:15:10 UTC 2017


On Tue, Aug 29, 2017 at 03:17:39PM +0200, Michal Suchánek wrote:
> Hello,
> 
> On Tue, 29 Aug 2017 15:55:09 +0300
> Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com> wrote:
> 
> > On Mon, Aug 28, 2017 at 05:15:58PM +0000,
> > Alexander.Steffen at infineon.com wrote:
> > > But is that just because nobody bothered to implement the necessary
> > > logic or for some other reason?  
> > 
> > We do not want user space to access broken hardware. It's a huge risk
> > for system stability and potentially could be used for evil purposes.
> > 
> > This is not going to mainline as it is not suitable for general
> > consumption. You must use a patched kernel if you want this.
> > 
> > /Jarkko
> > 
> 
> It has been pointed out that userspace applications that use direct IO
> access exist for the purpose. So using a kernel driver is an
> improvement over that if the interface is otherwise sane.
> 
> What do you expect is the potential for instability or evil use?

By definition the use of broken hardware can have unpredictable effects.
Use a patched kernel if you want to do it.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html



More information about the Linux-security-module-archive mailing list