Re: [PATCH v8 08/10] tpm: Proxy driver for supporting multiple emulated TPMs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Mar 16, 2016 at 11:49:04AM -0600, Jason Gunthorpe wrote:
> On Wed, Mar 16, 2016 at 02:09:16PM +0200, Jarkko Sakkinen wrote:
> > On Sun, Mar 13, 2016 at 06:54:38PM -0400, Stefan Berger wrote:
> 
> > Alternative to this would be to have /dev/vtpmx create:
> > 
> > * /dev/vtpm0 for the server
> > * /dev/tpm0 for the client
> > 
> > This is how David Howell's PoC worked and that's why I want
> > to make this alternative visible.
> > 
> > The server could even respawn without container noticing it.
> > This solution have better availability properties.
> 
> Seriously, no, that doesn't make any sense. TPM is stateful, you can't
> respawn the server side.
> 
> If anyone is ever clever enough to make that workable then they just
> go ahead and save the server fd with the other state. systemd for
> instance already has everything needed to make that work.
> 
> We don't need to have a server dev node and we certainly don't need
> the leaking problem that leaves us with.

Fair enough.

> Jason

/Jarkko
--
To unsubscribe from this list: send the line "unsubscribe linux-doc" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Linux FS]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]     [Linux Resources]

  Powered by Linux