Hi Piotr, ... > >> Why is this important? > >> - there seem to be no default method to distinguish if we dealing with > >> TPM 1.2 or 2.0 in the system. > > Agreed, this affects both the LTP IMA tests and ima-evm-utils package, > > which need to support both TPM 1.2 and 2.0 for the forseeable future. > > The LTP IMA tests check different sysfs files to determine if it is > > TPM 1.2 or TPM 2.0 (eg. /sys/class/tpm/tpm0/device/description, > > /sys/class/tpm/tpm0/device/pcrs and /sys/class/misc/tpm0/device/pcrs), > > but the "description" file is not defined by all TPM 2.0's. It > > shouldn't be that difficult to define a single common sysfs file. > Thank you for that use cases I will point to that during LPC discussion. Thanks. > Jarkko said that what he potential can cope with is: > /sys/class/tpm/tpm0/protocol_major > But maybe version file is also good to go, depends what it should return > and how that information should be obtained for various TPM versions. ... > I'm still looking into use case to provide correct examples. I'm > thinking about edge computing devices e.g. Azure IoT Edge, AWS IoT and > Greengrass and its ability to perform trusted boot, but do not have > something well exercised yet. > Definitely there is automatic validation of hardware modules which is > time sensitive and faster access to basic functions verification, then > more savings to manufacturer. > For research purposes I tried couple queries on GitHub to check who use > pcrs throughs sysfs [1][2]. Among others you can find CoreOS, Android, > already mentioned LTP, some google projects. Quite a lot of user space > code to be fixed. Maybe if I will have enough time I will prepare > statistics about usage of given endpoints to quantify how those affect > system. BTW: codesearch.debian.net shows nothing using pcrs in whole Debian distro [3] [4], nothing is on gitlab either. > [1] > https://github.com/search?q=%22%2Fsys%2Fclass%2Ftpm%2Ftpm0%2Fdevice%2Fpcrs%22&type=Code > [2] > https://github.com/search?q=%22%2Fsys%2Fclass%2Fmisc%2Ftpm0%2Fdevice%2Fpcrs%22&type=Code [3] https://codesearch.debian.net/search?q=%2Fsys%2Fclass%2Ftpm%2Ftpm0%2Fdevice%2Fpcrs&literal=1 [4] https://codesearch.debian.net/search?q=%2Fsys%2Fclass%2Fmisc%2Ftpm0%2Fdevice%2Fpcrs&literal=1 Kind regards, Petr
