From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1760933AbdAFIrD (ORCPT ); Fri, 6 Jan 2017 03:47:03 -0500 Received: from mailext.sit.fraunhofer.de ([141.12.72.89]:33363 "EHLO mailext.sit.fraunhofer.de" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1033231AbdAFIqW (ORCPT ); Fri, 6 Jan 2017 03:46:22 -0500 Subject: Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager To: James Bottomley , Jason Gunthorpe References: <20170102132213.22880-1-jarkko.sakkinen@linux.intel.com> <9F48E1A823B03B4790B7E6E69430724DC7C149F6@exch2010c.sit.fraunhofer.de> <20170105172726.GA11680@obsidianresearch.com> <1483639595.2515.52.camel@linux.vnet.ibm.com> CC: "linux-security-module@vger.kernel.org" , "tpmdd-devel@lists.sourceforge.net" , open list From: Andreas Fuchs Message-ID: <410e3045-58dc-5415-30c1-c86eb916b6c8@sit.fraunhofer.de> Date: Fri, 6 Jan 2017 09:43:29 +0100 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <1483639595.2515.52.camel@linux.vnet.ibm.com> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 7bit X-Originating-IP: [141.12.88.97] Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Am 05.01.2017 um 19:06 schrieb James Bottomley: > On Thu, 2017-01-05 at 10:27 -0700, Jason Gunthorpe wrote: >> On Thu, Jan 05, 2017 at 03:52:02PM +0000, Fuchs, Andreas wrote: >>> Great to see this coming along so well. Thanks a lot to Jarkko ! >>> The TPM allows an application to get the list of currently loaded >>> handles TPM2_GetCapabilities(TPM_CAP_HANDLES). It would be great >>> to have the RM be as transparent to userspace as possible. The RM >>> spec of TCG therefore says that you need to intercept and override >>> this >> I'd rather just ban unnecessary stuff like this on the RM fd. >> Tracking active handles can be done in userspace by the app >> itself. Debugging can be done by using the non-RM fd or debugfs. > Yes, we basically agreed on not doing this. The only handles that > actually need translating are the transient 0x80 ones. Since the RM > effectively segregates them, you can't see anyone else's, so the only > query could be about the application's own transient handles and it's > difficult to see how it could lose track of them and want to issue this > query. So the best course is to leave it unimplemented (less code) and > see if anyone complains because they have an actual use case. Then how about blocking TPM2_GetCapabilities(TPM_CAP_HANDLES, 0x80000000) ? My concern is with a consistent view, so you either get the correct result or no result, but please no false results...