On Sun, May 06, 2018 at 09:02:29AM -0600, Jason Gunthorpe wrote: > On Fri, May 04, 2018 at 03:19:21PM -0500, David R. Bild wrote: > > Setting the platform hierarchy password to a random discarded value > > (and the dictionary lockout reset) is really the only special work > > done here. The other steps (startup, self test, etc.) are done by the > > TPM subsystem if needed. > > > > So easy option would be for the TPM subsystem to set the platform > > hierarchy password to a random value during device registration, if > > needed. It could either > > This would probably make more sense, I'm not opposed at least > > > This wouldn't require a significant change to the TPM subsystem > > internals and would let me drop nearly the entire second patch from > > this series. (I think the dictionary lockout reset can be done via > > the already exported "tpm_send(...)" function.) > > Sounds like a much better approach to me. > > Jason Yes this part but I have absolutely zero understanding about what was explained before this part (the *longer* part in the email). /Jarkko
