Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 21, 2017 at 10:07:34AM +0100, Javier Martinez Canillas wrote:
> As mentioned, I think this should be documented. I guess most people
> would see the in-kernel resource manager as a virtualized TPM, since
> the "TSS TAB and Resource Manager Specification" [0] explains the RM
> making an analogy with a virtual memory manager: 
> 
> "The Resource Manager (RM) manages the TPM context in a manner similar
> to a virtual memory manager. It swaps objects, sessions, and sequences
> in and out of the limited TPM memory as needed."

A process in virtual memory has a different environment than code
running on bare metal without page table, doesn't it?

> And even your latest LPC presentation mention that the handles in the
> in-kernel resource manager are virtualized [1].
> 
> And I disagree that it does not matter, since the same spec says:
> 
> "This layer is mostly transparent to the upper layers of the TSS and is
> not required."
> 
> But returning -EINVAL instead of a proper TPM command response with a
> TPM_RC_COMMAND_CODE code makes it not transparent to the upper layer.

*mostly*

> If the TPM spaces infrastructure is not compliant with the spec, then I
> think that should also be documented.

TPM specification is not a formal specification AFAIK.

> > matters less than breaking the sandbox.
> >
> 
> Yes, sorry for that. It wasn't clear to me that there was a sandbox and my
> lack of familiarity with the code was the reason why I posted as a RFC in
> the first place.
> 
> Do you agree with Jason's suggestion to send a synthesized TPM command in
> the that the command isn't supported?

Nope.

/Jarkko



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux