On Wed, Sep 04, 2019 at 04:43:48PM -0300, Jason Gunthorpe wrote: > On Wed, Sep 04, 2019 at 07:30:58AM -0400, Mimi Zohar wrote: > > On Wed, 2019-09-04 at 02:58 -0300, Jason Gunthorpe wrote: > > > On Tue, Sep 03, 2019 at 07:29:43PM -0400, Mimi Zohar wrote: > > > > > > > This discussion is going around in circles. There are enough people > > > > asking that the kernel provide at least the TPM version (eg. TPM 1.2 > > > > or TPM 2.0). Userspace applications/regression tests shouldn't have > > > > to figure out the TPM version by sending a TPM command and seeing if > > > > it fails. That really isn't asking a lot. > > > > > > A single version number could be appropriate for sysfs > > > > > > > I would also prefer not having to be dependent on a userspace > > > > application to read the TPM PCRs in order to verify the IMA > > > > measurement list. > > > > > > Why? > > > > Being dependent on a userspace application implies a level of trust, > > that might not be warranted, depending on the system's > > configuration. > > Surely if you can trust 'cat' you can trust something that does ioctl? Being dependent on a userspace application also means more to stuff into an initramfs if you want to do this during dracut early boot.
