[tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed

[Jarkko Sakkinen]

On Wed, Aug 30, 2017 at 12:41:51PM +0200, Peter Huewe wrote:
> 
> 
> Am 30. August 2017 12:15:10 MESZ schrieb Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com>:
> >On Tue, Aug 29, 2017 at 03:17:39PM +0200, Michal Suchánek wrote:
> >> Hello,
> >> 
> >> On Tue, 29 Aug 2017 15:55:09 +0300
> >> Jarkko Sakkinen <jarkko.sakkinen at linux.intel.com> wrote:
> >> 
> >> > On Mon, Aug 28, 2017 at 05:15:58PM +0000,
> >> > Alexander.Steffen at infineon.com wrote:
> >> > > But is that just because nobody bothered to implement the
> >necessary
> >> > > logic or for some other reason?  
> >> > 
> >> > We do not want user space to access broken hardware. It's a huge
> >risk
> >> > for system stability and potentially could be used for evil
> >purposes.
> >> > 
> >> > This is not going to mainline as it is not suitable for general
> >> > consumption. You must use a patched kernel if you want this.
> >> > 
> >> > /Jarkko
> >> > 
> >> 
> >> It has been pointed out that userspace applications that use direct
> >IO
> >> access exist for the purpose. So using a kernel driver is an
> >> improvement over that if the interface is otherwise sane.
> >> 
> >> What do you expect is the potential for instability or evil use?
> >
> >By definition the use of broken hardware can have unpredictable
> >effects.
> >Use a patched kernel if you want to do it.
> 
> If the s.m.a.r.t selftest of your hard disk fails, you can still
> access it, even though the hw selftest says it is broken.
> Same situation.

Not sure if you can compare these directly although I get your point.

Waiting for more comments on this. At the moment I'm still dilated to
restricted access because it gives more variables for the future.

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html