Re: [RFC PATCH] tpm: don't return -EINVAL if TPM command validation fails

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, Dec 08, 2017 at 03:03:34PM -0500, Ken Goldman wrote:
> Do you really want to build in an every expanding list of commands that the
> kernel has to screen for?  I don't think so.

We have to, it is required for securing unpriv access.

> Remember that there are new commands, optional commands, and vendor
> proprietary commands.  What's the rationale for only looking at the command
> code and not rest of the parameters?

The TPM arch already split the commands in a way where you don't need
to look at params in most cases. I think we might, or should, look at
params in some of the 'get cap' cases ?

Jason
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux