[PATCH v10 00/17] Remove nested TPM operations
James Bottomley
James.Bottomley at HansenPartnership.com
Thu Jan 31 00:28:42 UTC 2019
On Tue, 2019-01-29 at 14:31 +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 23, 2019 at 01:53:44PM -0500, Stefan Berger wrote:
> > On 1/23/19 1:20 PM, Jarkko Sakkinen wrote:
> > > On Wed, Jan 16, 2019 at 11:23:25PM +0200, Jarkko Sakkinen wrote:
> > > > Make the changes necessary to detach TPM space code and TPM
> > > > activation
> > > > code out of the tpm_transmit() flow because of both of these
> > > > can cause
> > > > nested tpm_transmit() calls. The nesteds calls make the whole
> > > > flow hard
> > > > to maintain, and thus, it is better to just fix things now
> > > > before this
> > > > turns into a bigger mess.
> > >
> > > Any reasons not to merge this soon?
> >
> > I suppose v10 hasn't changed anything signinficat. So, not from my
> > perspective. Were you waiting for more Reviewed-by's?
>
> Yeah, for example TPM space touching changes would be good to peer
> check with James. I could have easily forgotten some implementation
> detail, and it has been very stable piece off code, so don't want
> to break it. Guess won't yet try to put this v5.1.
So the implementation detail I was looking for: internal kernel use of
tpm_transmit_cmd() without tpm_find/try_get_ops() doesn't seem to
exist, so I think this is all safe. You can add my
Reviewed-by: James Bottomley <James.Bottomley at HansenPartnership.com>
But I've got to say I can't test this yet because you've made a huge
problem for me in the tpm security patches: they introduce a kernel
space which now becomes somewhat problematic because the space handling
moved into the device common code. To get both these things to work
together so I can test it, space handling is going to have to come
slightly down from device common code so the kernel can use it.
James
More information about the Linux-security-module-archive
mailing list