* Permissions on binary_runtime_measurements and tpm0/binary_bios_measurements
@ 2022-05-03 19:23 William Roberts
0 siblings, 0 replies; only message in thread
From: William Roberts @ 2022-05-03 19:23 UTC (permalink / raw)
To: linux-integrity
Currently the tpm2-tools and other userspace processes cannot access
the system measurement logs for users even if they are in the group
tss:
crw-rw---- 1 tss root 10, 224 Mai 3 17:22 /dev/tpm0
-r--r----- 1 root root 0 Mai 3 17:22
/sys/kernel/security/ima/binary_runtime_measurements
-r--r----- 1 root root 0 Mai 3 17:22
/sys/kernel/security/tpm0/binary_bios_measurements
So with tss2_quote a quote can be computed but not the pcrLog for the
sytem PCRs.
The problem could be solved if the log files would be owned by tss.
But that could create privacy issues because the pcrLog would e.g.
contain executables in user home directories.
Do you have any suggestions how the problem could be addressed or is
there a privacy concern here?
Thanks,
Bill
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-03 19:23 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-03 19:23 Permissions on binary_runtime_measurements and tpm0/binary_bios_measurements William Roberts
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.