On Tue, Aug 25, 2020 at 08:33:41AM -0700, James Bottomley wrote: > On Tue, 2020-08-25 at 18:27 +0300, Jarkko Sakkinen wrote: > > On Mon, Aug 24, 2020 at 01:20:46PM -0700, James Bottomley wrote: > > > On Mon, 2020-08-24 at 22:44 +0300, Jarkko Sakkinen wrote: > > > > On Fri, Aug 21, 2020 at 04:38:47PM -0300, Jason Gunthorpe wrote: > > > > > On Thu, Aug 20, 2020 at 09:14:44AM -0700, James Bottomley > > > > > wrote: > > > > > > > > > > > > eg we can't do it because we can't access /dev/tpm for > > > > > > > permissions or something. > > > > > > > > > > > > I already said that: we can't it's root.root 0600 > > > > > > currently. All the TSSs seem to change at least /dev/tpmrm > > > > > > to tpm.tpm 0660 but we can't do that in the kernel because > > > > > > there's no fixed tpm uid/gid. > > > > > > > > > > Permissions is a pretty good reason to add a sysfs file. > > > > > > > > > > Jason > > > > > > > > I'm not sure why suid/sgid utility to read pcrs would be worse. > > > > > > We don't do root running or suid/sgid binaries any more because > > > they're exceptional security risks. That's why both TSSs for TPM > > > 2.0 change the device ownership. For Trousers and TPM 1.2 we used > > > to run the daemon as root until we started getting CVEs about it. > > > > > > James > > > > OK, then a binary blob for pcrs would be sufficient. > > From a sysfs perspective we only do one value per file and we don't > export binary if a valid and useful ascii representation exists. On > both of those kernel principles, the current proposal is canonical. > > James The event log is also exported as a binary. This patch set pollutes the sysfs and adds too much overhead for maintaining. Every single algorithm will needs its own file and needs to be patched to the kernel. A single 'pcrs' blob could with contents as <alg id, data> pairs would remain static. If you speak about principles, please add a reference and/or CC your patch set also to sysfs maintainers. All I care if what is pragmatically the best choice. /Jarkko
