On Sat, Nov 18, 2017 at 01:53:49AM +0100, Javier Martinez Canillas wrote: > What I fail to understand is why that's not a problem when the TPM spaces > infrastructure isn't used, tpm_validate_command() function just returns > true if space is NULL. So when sending command to /dev/tpm0 directly, a > rogue user-space program can send any arbitrary data to the TPM. tpm spaces was designed to allow unprivileged user space access to the TPM so it has additional protection designed to keep the TPM secure. Allowing unprivileged user space to send send garbage to the TPM seems like a good way to trigger a TPM bug in parsing. When spaces are not used /dev/tpm0 is root only and has full unrestricted access. Jason
