[tpmdd-devel] [PATCH RESEND 3/3] tpm-chip: Export TPM device to user space even when startup failed
Jarkko Sakkinen
jarkko.sakkinen at linux.intel.com
Sat Sep 2 10:20:11 UTC 2017
On Thu, Aug 31, 2017 at 04:18:42PM +0000, Alexander.Steffen at infineon.com wrote:
> > I guess Alexander should be able to propose such subset.
>
> For scenario #1 you could probably come up with a list of commands
> that are generally useful. But once you are restricted to those five
> commands, you block iterative debugging of the "I see where the
> problem might be, could you try to execute ..." fashion by requiring
> the other person to patch and rebuild their kernel.
If the subset turns out to be wrong, it can be revisited.
> For scenario #2 I see no chance to do that in a generic way. I could
> maybe tell you what the commands in this mode currently look like for
> Infineon TPMs, so that they can be whitelisted, but they might look
> different in the future and they are certainly different for other
> vendor's implementations.
It's easy to check whether a command is vendor specific and allow to
pass those through.
/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
More information about the Linux-security-module-archive
mailing list