On Wed, Mar 16, 2016 at 11:49:04AM -0600, Jason Gunthorpe wrote: > On Wed, Mar 16, 2016 at 02:09:16PM +0200, Jarkko Sakkinen wrote: > > On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote: > > > Alternative to this would be to have /dev/vtpmx create: > > > > * /dev/vtpm0 for the server > > * /dev/tpm0 for the client > > > > This is how David Howell's PoC worked and that's why I want > > to make this alternative visible. > > > > The server could even respawn without container noticing it. > > This solution have better availability properties. > > Seriously, no, that doesn't make any sense. TPM is stateful, you can't > respawn the server side. > > If anyone is ever clever enough to make that workable then they just > go ahead and save the server fd with the other state. systemd for > instance already has everything needed to make that work. > > We don't need to have a server dev node and we certainly don't need > the leaking problem that leaves us with. Fair enough. > Jason /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-doc" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
