On Tue, Aug 18, 2020 at 09:44:30AM -0700, James Bottomley wrote: > On Tue, 2020-08-18 at 19:19 +0300, Jarkko Sakkinen wrote: > > On Tue, Aug 18, 2020 at 07:12:09PM +0300, Jarkko Sakkinen wrote: > > > On Mon, Aug 17, 2020 at 02:35:06PM -0700, James Bottomley wrote: > > > > Create sysfs per hash groups with 24 PCR files in them one group, > > > > named pcr-<hash>, for each agile hash of the TPM. The files are > > > > plugged in to a PCR read function which is TPM version agnostic, > > > > so this works also for TPM 1.2 but the hash is only sha1 in that > > > > case. > > > > > > > > Note: the macros used to create the hashes emit spurious > > > > checkpatch warnings. Do not try to "fix" them as checkpatch > > > > recommends, otherwise they'll break. > > > > > > > > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership > > > > .com> > > > > Reviewed-by: Jerry Snitselaar <jsnitsel@xxxxxxxxxx> > > > > Tested-by: Thiago Jung Bauermann <bauerman@xxxxxxxxxxxxx> > > > > > > I have hard time understanding why this is required. > > > > > > You can grab the information through /dev/tpm0 just fine. > > > > I just think it is principally wrong to add sysfs files if they don't > > have any measurable value other than perhaps some convenience. > > That's pretty much the whole point of sysfs (and procfs): to add > convenient extraction of information even if it could potentially be > obtained by other sources. For instance, the whole reason we add a lot > of the broken out inquiry data in SCSI via sysfs is precisely so users > don't have to go prodding devices with direct SCSI commands, which are > pretty much analagous to TPM device commands. > > The question you should be asking isn't whether the information *could* > be obtained by other means, but whether providing it in this form > facilitates current operations and whether the interface would have > users. Usually users use some appropriate applications to do their work, not talk directly to the kernel. Grabbing PCRs is a trivial program to write and I don't get the logic. My email program is useful for me but I definitely do not want it to be part of the Linux kernel. One great reason for that is that it would involve a tedious process to update it later on. /Jarkko
