On Tue, 2020-08-25 at 18:27 +0300, Jarkko Sakkinen wrote: > On Mon, Aug 24, 2020 at 01:20:46PM -0700, James Bottomley wrote: > > On Mon, 2020-08-24 at 22:44 +0300, Jarkko Sakkinen wrote: > > > On Fri, Aug 21, 2020 at 04:38:47PM -0300, Jason Gunthorpe wrote: > > > > On Thu, Aug 20, 2020 at 09:14:44AM -0700, James Bottomley > > > > wrote: > > > > > > > > > > eg we can't do it because we can't access /dev/tpm for > > > > > > permissions or something. > > > > > > > > > > I already said that: we can't it's root.root 0600 > > > > > currently. All the TSSs seem to change at least /dev/tpmrm > > > > > to tpm.tpm 0660 but we can't do that in the kernel because > > > > > there's no fixed tpm uid/gid. > > > > > > > > Permissions is a pretty good reason to add a sysfs file. > > > > > > > > Jason > > > > > > I'm not sure why suid/sgid utility to read pcrs would be worse. > > > > We don't do root running or suid/sgid binaries any more because > > they're exceptional security risks. That's why both TSSs for TPM > > 2.0 change the device ownership. For Trousers and TPM 1.2 we used > > to run the daemon as root until we started getting CVEs about it. > > > > James > > OK, then a binary blob for pcrs would be sufficient. >From a sysfs perspective we only do one value per file and we don't export binary if a valid and useful ascii representation exists. On both of those kernel principles, the current proposal is canonical. James
