Re: [PATCH v3 2/2] usb: misc: xapea00x: perform platform initialization of TPM

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, May 04, 2018 at 03:19:21PM -0500, David R. Bild wrote:
> On Fri, May 4, 2018 at 2:56 PM, David R. Bild <david.bild@xxxxxxxxxx> wrote:
> > 2) The second reason is that the initialization done by the driver is
> > work that should be done by platform, before the kernel ever sees the
> > TPM.
> >
> > In particular, it sets the credentials for the platform hierarchy.
> > The platform hierarchy is essentially the "root" account of the TPM,
> > so it's critical that those credentials be set before the TPM is
> > exposed to user-space.  (The platform credentials aren't persisted in
> > the TPM and must be set by the platform on every boot.)  If the driver
> > registers the TPM before doing initialization, there's a chance that
> > something else could access the TPM before the platform credentials
> > get set.
> 
> Setting the platform hierarchy password to a random discarded value
> (and the dictionary lockout reset) is really the only special work
> done here. The other steps (startup, self test, etc.) are done by the
> TPM subsystem if needed.
> 
> So easy option would be for the TPM subsystem to set the platform
> hierarchy password to a random value during device registration, if
> needed.  It could either

This would probably make more sense, I'm not opposed at least

> This wouldn't require a significant change to the TPM subsystem
> internals and would let me drop nearly the entire second patch from
> this series.  (I think the dictionary lockout reset can be done via
> the already exported "tpm_send(...)" function.)

Sounds like a much better approach to me.

Jason



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux