From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S940235AbdAJTMe (ORCPT ); Tue, 10 Jan 2017 14:12:34 -0500 Received: from [195.159.176.226] ([195.159.176.226]:34725 "EHLO blaine.gmane.org" rhost-flags-FAIL-FAIL-OK-OK) by vger.kernel.org with ESMTP id S934584AbdAJTKT (ORCPT ); Tue, 10 Jan 2017 14:10:19 -0500 X-Injected-Via-Gmane: http://gmane.org/ To: linux-kernel@vger.kernel.org From: Ken Goldman Subject: Re: [PATCH RFC 0/4] RFC: in-kernel resource manager Date: Tue, 10 Jan 2017 14:03:08 -0500 Message-ID: References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <9F48E1A823B03B4790B7E6E69430724DC7C149F6@exch2010c.sit.fraunhofer.de> <20170105172726.GA11680@obsidianresearch.com> <1483641223.2515.62.camel@linux.vnet.ibm.com> <20170105192025.GB12587@obsidianresearch.com> Mime-Version: 1.0 Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@blaine.gmane.org User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0 In-Reply-To: <20170105192025.GB12587@obsidianresearch.com> Cc: tpmdd-devel@lists.sourceforge.net, linux-security-module@vger.kernel.org Cc: tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 1/5/2017 2:20 PM, Jason Gunthorpe wrote: > > I'd rather give up features (eg policy sessions, if necessary) for the > unpriv fd than give up security of the unpriv fd. Please don't give up policy. Nearly every use case of that we think of for TPM 2.0 uses policy sessions. E.g., In 1.2, PCR authorization was built in to the object. In 2.0, it's a policy. In 1.2, key types were restricted to certain commands. In 2.0, it's a policy. Then there are all the new use cases - time restricted keys, use count restricted keys, keys with a PIN, etc., all use policy. Even use of the EK primary key requires a policy, and that's needed for salt (getting the first password in securely) and attestation (proof that the TPM is authentic). From mboxrd@z Thu Jan 1 00:00:00 1970 From: Ken Goldman Subject: Re: [PATCH RFC 0/4] RFC: in-kernel resource manager Date: Tue, 10 Jan 2017 14:03:08 -0500 Message-ID: References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <9F48E1A823B03B4790B7E6E69430724DC7C149F6@exch2010c.sit.fraunhofer.de> <20170105172726.GA11680@obsidianresearch.com> <1483641223.2515.62.camel@linux.vnet.ibm.com> <20170105192025.GB12587@obsidianresearch.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20170105192025.GB12587-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: tpmdd-devel-bounces-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org List-Id: tpmdd-devel@lists.sourceforge.net On 1/5/2017 2:20 PM, Jason Gunthorpe wrote: > > I'd rather give up features (eg policy sessions, if necessary) for the > unpriv fd than give up security of the unpriv fd. Please don't give up policy. Nearly every use case of that we think of for TPM 2.0 uses policy sessions. E.g., In 1.2, PCR authorization was built in to the object. In 2.0, it's a policy. In 1.2, key types were restricted to certain commands. In 2.0, it's a policy. Then there are all the new use cases - time restricted keys, use count restricted keys, keys with a PIN, etc., all use policy. Even use of the EK primary key requires a policy, and that's needed for salt (getting the first password in securely) and attestation (proof that the TPM is authentic). ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi