On Wed, 2019-09-04 at 16:43 -0300, Jason Gunthorpe wrote: > On Wed, Sep 04, 2019 at 07:30:58AM -0400, Mimi Zohar wrote: > > On Wed, 2019-09-04 at 02:58 -0300, Jason Gunthorpe wrote: > > > On Tue, Sep 03, 2019 at 07:29:43PM -0400, Mimi Zohar wrote: > > > > > > > This discussion is going around in circles. There are enough people > > > > asking that the kernel provide at least the TPM version (eg. TPM 1.2 > > > > or TPM 2.0). Userspace applications/regression tests shouldn't have > > > > to figure out the TPM version by sending a TPM command and seeing if > > > > it fails. That really isn't asking a lot. > > > > > > A single version number could be appropriate for sysfs > > > > > > > I would also prefer not having to be dependent on a userspace > > > > application to read the TPM PCRs in order to verify the IMA > > > > measurement list. > > > > > > Why? > > > > Being dependent on a userspace application implies a level of trust, > > that might not be warranted, depending on the system's > > configuration. > > Surely if you can trust 'cat' you can trust something that does ioctl? Ok, you've agreed with the kernel exporting the TPM information. How it is exported remains to be defined. Mimi
