On Tue, May 08, 2018 at 10:29:41AM -0500, David R. Bild wrote: > On Tue, May 8, 2018 at 10:25 AM, James Bottomley > <James.Bottomley@xxxxxxxxxxxxxxxxxxxxx> wrote: > > > > > On Fri, May 04, 2018 at 02:56:25PM -0500, David R. Bild wrote: > > [...] > > > > In particular, it sets the credentials for the platform hierarchy. > > > > The platform hierarchy is essentially the "root" account of the > > > > TPM, so it's critical that those credentials be set before the TPM > > > > is exposed to user-space. (The platform credentials aren't > > > > persisted in the TPM and must be set by the platform on every > > > > boot.) If the driver registers the TPM before doing > > > > initialization, there's a chance that something else could access > > > > the TPM before the platform credentials get set. > > > > I don't see any reason to set an unreachable password for the platform > > hierarchy if the UEFI didn't. If the desire is to disable the platform > > hierarchy, then it should be disabled, not have a random password set. > > "Set random password and throw away the key" was my way of disabling > the platform hierarchy. Is there a better way of doing that? > > > I'd also say this is probably the job of early boot based on policy. > > Agreed. And since this card has no "early boot", the driver/kernel > need to do it. > > Best, > David Who is able to test these changes if we even consider pulling them? I do not have such a card so it will be hard to accept also given that it is more intrusive change than usual. /Jarkko