From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Linus Walleij <linus.walleij@linaro.org>,
Sumit Garg <sumit.garg@linaro.org>
Cc: "Hector Martin" <marcan@marcan.st>,
"Arnd Bergmann" <arnd@linaro.org>,
"open list:ASYMMETRIC KEYS" <keyrings@vger.kernel.org>,
"David Howells" <dhowells@redhat.com>,
"Jarkko Sakkinen" <jarkko@kernel.org>,
"Joakim Bech" <joakim.bech@linaro.org>,
"Alex Bennée" <alex.bennee@linaro.org>,
"linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
"Maxim Uvarov" <maxim.uvarov@linaro.org>,
"Ilias Apalodimas" <ilias.apalodimas@linaro.org>,
"Ruchika Gupta" <ruchika.gupta@linaro.org>,
"Winkler, Tomas" <tomas.winkler@intel.com>,
yang.huang@intel.com, bing.zhu@intel.com,
Matti.Moell@opensynergy.com, hmo@opensynergy.com,
linux-mmc <linux-mmc@vger.kernel.org>,
linux-scsi <linux-scsi@vger.kernel.org>,
linux-nvme@vger.kernel.org,
"Ulf Hansson" <ulf.hansson@linaro.org>,
"Arnd Bergmann" <arnd.bergmann@linaro.org>
Subject: Re: [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem
Date: Wed, 10 Mar 2021 17:07:34 -0800 [thread overview]
Message-ID: <d93321502a3df2f7afa42da417137d79f6e49961.camel@HansenPartnership.com> (raw)
In-Reply-To: <CACRpkdZb5UMyq5qSJE==3ZnH-7fh92q_t4AnE8mPm0oFEJxqpQ@mail.gmail.com>
On Thu, 2021-03-11 at 01:49 +0100, Linus Walleij wrote:
> The use case for TPM on laptops is similar: it can be used by a
> provider to lock down a machine, but it can also be used by the
> random user to store keys. Very few users beside James
> Bottomley are capable of doing that (I am not)
Yes, that's the problem with the TPM: pretty much no-one other than
someone prepared to become an expert in the subject can use it. This
means that enabling RPMB is unlikely to be useful ... you have to
develop easy use cases for it as well.
> but they exist.
> https://blog.hansenpartnership.com/using-your-tpm-as-a-secure-key-store/
It's the difficulty of actually *using* the thing as a keystore which
causes the problem. The trick to expanding use it to make it simple.
Not to derail the thread, but this should hopefully become a whole lot
easier soon. Gnupg-2.3 will release with easy to use TPM support for
all your gpg keys:
https://git.gnupg.org/cgi-bin/gitweb.cgi?p=gnupg.git;a=log;h=6720f1343aef9342127380b155c19e12c92d65ac
It's not the end of the road by any means, but hopefully it will become
a beach head of sorts for more uses.
James
next prev parent reply other threads:[~2021-03-11 1:08 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-03-03 13:54 [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 1/5] rpmb: add Replay Protected Memory Block (RPMB) subsystem Alex Bennée
2021-03-03 15:28 ` Ulf Hansson
2021-03-03 19:37 ` Alex Bennée
2021-03-04 20:56 ` Arnd Bergmann
2021-03-05 7:51 ` Joakim Bech
2021-03-05 8:44 ` Arnd Bergmann
2021-03-08 16:20 ` Linus Walleij
2021-03-09 21:09 ` Hector Martin
2021-03-10 5:14 ` Sumit Garg
2021-03-10 8:47 ` Hector Martin
2021-03-10 9:48 ` Linus Walleij
2021-03-10 13:52 ` Hector Martin
2021-03-11 0:36 ` Linus Walleij
2021-03-11 9:22 ` Hector Martin
2021-03-11 14:06 ` Linus Walleij
2021-03-11 20:02 ` Hector Martin
2021-03-12 9:22 ` Linus Walleij
2021-03-10 10:29 ` Sumit Garg
2021-03-11 0:49 ` Linus Walleij
2021-03-11 1:07 ` James Bottomley [this message]
2021-03-11 9:45 ` Hector Martin
2021-03-11 14:31 ` Linus Walleij
2021-03-11 20:29 ` Hector Martin
2021-03-11 20:57 ` Alex Bennée
2021-03-12 10:00 ` Linus Walleij
2021-03-12 9:47 ` Linus Walleij
2021-03-12 11:59 ` Sumit Garg
2021-03-12 12:08 ` Ilias Apalodimas
2021-03-09 17:12 ` David Howells
2021-03-10 4:54 ` Sumit Garg
2021-03-10 9:33 ` Linus Walleij
2021-03-03 13:54 ` [RFC PATCH 2/5] char: rpmb: provide a user space interface Alex Bennée
2021-03-04 7:01 ` Winkler, Tomas
2021-03-04 10:19 ` Alex Bennée
2021-03-04 10:34 ` Winkler, Tomas
2021-03-04 17:52 ` Alex Bennée
2021-03-04 19:54 ` Winkler, Tomas
2021-03-04 21:43 ` Arnd Bergmann
2021-03-05 6:31 ` Winkler, Tomas
2021-03-04 21:08 ` Arnd Bergmann
2021-03-03 13:54 ` [RFC PATCH 3/5] tools rpmb: add RPBM access tool Alex Bennée
2021-03-03 13:54 ` [RFC PATCH 4/5] rpmb: create virtio rpmb frontend driver [WIP] Alex Bennée
2021-03-03 13:55 ` [RFC PATCH 5/5] tools/rpmb: simple test sequence Alex Bennée
2021-03-09 13:27 ` [RFC PATCH 0/5] RPMB internal and user-space API + WIP virtio-rpmb frontend Avri Altman
2021-03-10 14:29 ` Alex Bennée
2021-03-11 13:45 ` Avri Altman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d93321502a3df2f7afa42da417137d79f6e49961.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=Matti.Moell@opensynergy.com \
--cc=alex.bennee@linaro.org \
--cc=arnd.bergmann@linaro.org \
--cc=arnd@linaro.org \
--cc=bing.zhu@intel.com \
--cc=dhowells@redhat.com \
--cc=hmo@opensynergy.com \
--cc=ilias.apalodimas@linaro.org \
--cc=jarkko@kernel.org \
--cc=joakim.bech@linaro.org \
--cc=keyrings@vger.kernel.org \
--cc=linus.walleij@linaro.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mmc@vger.kernel.org \
--cc=linux-nvme@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=marcan@marcan.st \
--cc=maxim.uvarov@linaro.org \
--cc=ruchika.gupta@linaro.org \
--cc=sumit.garg@linaro.org \
--cc=tomas.winkler@intel.com \
--cc=ulf.hansson@linaro.org \
--cc=yang.huang@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).