On Mon, Jul 04, 2016 at 07:58:51PM -0700, James Bottomley wrote: > On Tue, 2016-07-05 at 03:40 +0100, Matthew Garrett wrote: > > dm-crypt secrets are typically unrelated to the TPM, so I really > > don't think the TSS is the right layer to be solving this. > > Not in theory: the MOR protocol is supposed to protect arbitrary > unprotected secrets in memory. I accept that in practice, it was > designed to protect a single secret: the bitlocker encryption key. I think we may be miscommunicating slightly. If MOR is intended to protect arbitrary secrets then it needs to protect secrets that are unrelated to the TPM - that means that TSS integration isn't sufficient. Unless we can guarantee that every piece of userspace is behaving correctly, that probably means setting MOR in kernel init and letting userspace turn it off if it's been audited to handle things appropriately (and having the kernel ignore that request if it has its own secrets it needs to protect) -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
