[tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Wed Aug 30 10:20:02 UTC 2017
On Wed, Aug 30, 2017 at 01:15:10PM +0300, Jarkko Sakkinen wrote:
> On Tue, Aug 29, 2017 at 03:17:39PM +0200, Michal Suchánek wrote:
> > Hello,
> >
> > On Tue, 29 Aug 2017 15:55:09 +0300
> > Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com> wrote:
> >
> > > On Mon, Aug 28, 2017 at 05:15:58PM +0000,
> > > Alexander.Steffen at infineon.com wrote:
> > > > But is that just because nobody bothered to implement the necessary
> > > > logic or for some other reason?
> > >
> > > We do not want user space to access broken hardware. It's a huge risk
> > > for system stability and potentially could be used for evil purposes.
> > >
> > > This is not going to mainline as it is not suitable for general
> > > consumption. You must use a patched kernel if you want this.
> > >
> > > /Jarkko
> > >
> >
> > It has been pointed out that userspace applications that use direct IO
> > access exist for the purpose. So using a kernel driver is an
> > improvement over that if the interface is otherwise sane.
> >
> > What do you expect is the potential for instability or evil use?
>
> By definition the use of broken hardware can have unpredictable effects.
> Use a patched kernel if you want to do it.
>
> /Jarkko
I.e. too many unknown unknowns for mainline.
I could consider a solution for the TPM error case on self-test that
allows only restricted subset of commands.
The patch description did not go to *any* detail on how it is used so
practically it's unreviewable at this point. There's a big burder of
proof and now there's only hand waving.
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list