From: Mario Six <mario.six@gdsys.cc>
To: u-boot@lists.denx.de
Subject: [U-Boot] [PATCH 3/3] lib: tpm: Add command to list resources
Date: Fri, 24 Mar 2017 10:54:40 +0100 [thread overview]
Message-ID: <CAN1kZoqWHvwzzGTgahfYT2694Vs_Pv34-azdja5CdGsAN6ga-Q@mail.gmail.com> (raw)
In-Reply-To: <CAPnjgZ1Yx+t4ePtXdVt9-xSgONY4sM23iGnXRkgYMz4QFENaWA@mail.gmail.com>
On Wed, Mar 22, 2017 at 2:05 PM, Simon Glass <sjg@chromium.org> wrote:
> On 20 March 2017 at 03:28, Mario Six <mario.six@gdsys.cc> wrote:
>> It is sometimes convenient to know how many and/or which resources are
>> currently loaded into a TPG, e.g. to test is a flush operation succeeded.
>>
>> Hence, we add a command that lists the resources of a given type currently
>> loaded into the TPM.
>>
>> Signed-off-by: Mario Six <mario.six@gdsys.cc>
>> ---
>> cmd/tpm.c | 76 ++++++++++++++++++++++++++++++++++++++++++++++++++++-
>> drivers/tpm/Kconfig | 7 +++++
>> 2 files changed, 82 insertions(+), 1 deletion(-)
>
> Reviewed-by: Simon Glass <sjg@chromium.org>
>
> Again I wonder if we need the CONFIG.
>
Thanks for the review!
As for the CONFIG option, well, there is the trivial symmetry reason that the
flush command is deactivatable, so this should be too (since they are,
essentially, complementary functions, one view, one deletion).
Also, the list function is really more of a debug tool than a function that
should be in a production environment.
And, the most important reason why I think the CONFIG is justified is this:
should a embedded device with a TPM that's using U-Boot as a boot loader be
subjected to a security evaluation (e.g. Common Criteria), an evaluator might
ask why a function like this, which, essentially has no real purpose aside from
providing debug information, is part of the TOE (especially if the TPM is used
as a fundamental security mechanism in the design). It enables an attacker that
gains access to the U-Boot console to, for example, read the handles of the
keys stored in the TPM, which is already one part of the data needed to access
them. Granted, it's not a huge advantage, but the best answer you can give an
evaluator is always "That's not possible" :-).
So, from a user perspective, I think it's desirable to have to option to
deactivate this function.
Best regards,
Mario
next prev parent reply other threads:[~2017-03-24 9:54 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-03-20 9:28 [U-Boot] [PATCH 0/3] tpm: Add and fix commands Mario Six
2017-03-20 9:28 ` [U-Boot] [PATCH 1/3] tpm: Add function to load keys via their parent's SHA1 hash Mario Six
2017-03-22 13:05 ` Simon Glass
2017-03-22 13:20 ` Mario Six
2017-03-22 13:27 ` Simon Glass
2017-03-22 14:07 ` Mario Six
2017-03-22 14:47 ` Simon Glass
2017-03-27 2:27 ` Simon Glass
2017-03-20 9:28 ` [U-Boot] [PATCH 2/3] cmd: tpm: Fix flush command Mario Six
2017-03-22 13:05 ` Simon Glass
2017-03-27 2:27 ` Simon Glass
2017-03-20 9:28 ` [U-Boot] [PATCH 3/3] lib: tpm: Add command to list resources Mario Six
2017-03-22 13:05 ` Simon Glass
2017-03-24 9:54 ` Mario Six [this message]
2017-03-27 2:27 ` Simon Glass
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAN1kZoqWHvwzzGTgahfYT2694Vs_Pv34-azdja5CdGsAN6ga-Q@mail.gmail.com \
--to=mario.six@gdsys.cc \
--cc=u-boot@lists.denx.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.