From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S965837AbdADQ5B (ORCPT ); Wed, 4 Jan 2017 11:57:01 -0500 Received: from quartz.orcorp.ca ([184.70.90.242]:33642 "EHLO quartz.orcorp.ca" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751011AbdADQz5 (ORCPT ); Wed, 4 Jan 2017 11:55:57 -0500 Date: Wed, 4 Jan 2017 09:55:51 -0700 From: Jason Gunthorpe To: Jarkko Sakkinen Cc: James Bottomley , linux-security-module@vger.kernel.org, tpmdd-devel@lists.sourceforge.net, open list Subject: Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager Message-ID: <20170104165550.GB783@obsidianresearch.com> References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <1483374980.2458.13.camel@HansenPartnership.com> <20170102193320.trawto65nkjccbao@intel.com> <1483393248.2458.32.camel@HansenPartnership.com> <1483421218.19261.4.camel@linux.vnet.ibm.com> <20170103215445.GD29656@obsidianresearch.com> <20170104125810.3qkkfe72cnb76ige@intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20170104125810.3qkkfe72cnb76ige@intel.com> User-Agent: Mutt/1.5.24 (2015-08-30) X-Broken-Reverse-DNS: no host name found for IP address 10.0.0.156 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jan 04, 2017 at 02:58:10PM +0200, Jarkko Sakkinen wrote: > On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote: > > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote: > > > > > OK, so I put a patch together that does this (see below). It all works > > > nicely (with a udev script that sets the resource manager device to > > > 0666): > > > > > > jejb@jarvis:~> ls -l /dev/tpm* > > > crw------- 1 root root 10, 224 Jan 2 20:54 /dev/tpm0 > > > crw-rw-rw- 1 root root 246, 65536 Jan 2 20:54 /dev/tpm0rm > > > > > > I've modified the tss to connect to /dev/tpm0rm by default and it all > > > seems to work. > > > > > > The patch applies on top of your tabrm branch, by the way. > > > > If we are making a new /dev/ node we should think more carefully about > > the design. > > > > - Do we need a cdev node for every chip? What about just '/dev/tpm' and > > we encode the chip number in the message. Since the exclusive > > locking is gone this is very doable. > > What about backwards compatiblity? Or would this be just for /dev/tpms? > We can consider this. Yes, just for the new char dev. > > - Should we get rid of the read/write protocol and use ioctl instead? > > As I understand it ioctl is more usable with seccomp and related > > schemes? I could see passing a TPM FD into a sandbox and wanting the > > sandbox only able to do do decrypt/encrypt operations, for instance. > > Are you suggesting that command/response transaction would be handled > by ioctl instead of read/write pair. Would make sense looking at how > read/write is managed now (it is more or less of a hack because it > actually is a transction). Yes. > > - Something to identify tpm chips and help match key data with the > > proper chip. > > Hey, here's what I propose. I take some of the ideas (not all there > have been so many) and bake a v2 of the RFC. Lets see where we are > at then. I won't add any reviewed/tested-by's before we are in the > same line with "big ideas" nor do I create a non-RFC patch set. Usually with something like this there will be lots of dicussion around the uapi portion - that is the portion we have to reatin backwards compatability with forever - so there is a natural need to make sure it is sane. This is why I'm so cautious to limit what is possible because it is easier to add new stuff then take stuff away. So design your patch set to keep the uapi stuff as distinct and well-described as possible - the other parts are much easier to review and agree on. Jason From mboxrd@z Thu Jan 1 00:00:00 1970 From: Jason Gunthorpe Subject: Re: [PATCH RFC 0/4] RFC: in-kernel resource manager Date: Wed, 4 Jan 2017 09:55:51 -0700 Message-ID: <20170104165550.GB783@obsidianresearch.com> References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <1483374980.2458.13.camel@HansenPartnership.com> <20170102193320.trawto65nkjccbao@intel.com> <1483393248.2458.32.camel@HansenPartnership.com> <1483421218.19261.4.camel@linux.vnet.ibm.com> <20170103215445.GD29656@obsidianresearch.com> <20170104125810.3qkkfe72cnb76ige@intel.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: Content-Disposition: inline In-Reply-To: <20170104125810.3qkkfe72cnb76ige-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: Jarkko Sakkinen Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org, James Bottomley , open list List-Id: tpmdd-devel@lists.sourceforge.net On Wed, Jan 04, 2017 at 02:58:10PM +0200, Jarkko Sakkinen wrote: > On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote: > > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote: > > > > > OK, so I put a patch together that does this (see below). It all works > > > nicely (with a udev script that sets the resource manager device to > > > 0666): > > > > > > jejb@jarvis:~> ls -l /dev/tpm* > > > crw------- 1 root root 10, 224 Jan 2 20:54 /dev/tpm0 > > > crw-rw-rw- 1 root root 246, 65536 Jan 2 20:54 /dev/tpm0rm > > > > > > I've modified the tss to connect to /dev/tpm0rm by default and it all > > > seems to work. > > > > > > The patch applies on top of your tabrm branch, by the way. > > > > If we are making a new /dev/ node we should think more carefully about > > the design. > > > > - Do we need a cdev node for every chip? What about just '/dev/tpm' and > > we encode the chip number in the message. Since the exclusive > > locking is gone this is very doable. > > What about backwards compatiblity? Or would this be just for /dev/tpms? > We can consider this. Yes, just for the new char dev. > > - Should we get rid of the read/write protocol and use ioctl instead? > > As I understand it ioctl is more usable with seccomp and related > > schemes? I could see passing a TPM FD into a sandbox and wanting the > > sandbox only able to do do decrypt/encrypt operations, for instance. > > Are you suggesting that command/response transaction would be handled > by ioctl instead of read/write pair. Would make sense looking at how > read/write is managed now (it is more or less of a hack because it > actually is a transction). Yes. > > - Something to identify tpm chips and help match key data with the > > proper chip. > > Hey, here's what I propose. I take some of the ideas (not all there > have been so many) and bake a v2 of the RFC. Lets see where we are > at then. I won't add any reviewed/tested-by's before we are in the > same line with "big ideas" nor do I create a non-RFC patch set. Usually with something like this there will be lots of dicussion around the uapi portion - that is the portion we have to reatin backwards compatability with forever - so there is a natural need to make sure it is sane. This is why I'm so cautious to limit what is possible because it is easier to add new stuff then take stuff away. So design your patch set to keep the uapi stuff as distinct and well-described as possible - the other parts are much easier to review and agree on. Jason ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot