Re: [PATCH] char: tpm: ftpm_tee: use kernel login identifier

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi Etienne,

On Sat, 6 May 2023 at 00:14, Etienne Carriere
<etienne.carriere@xxxxxxxxxx> wrote:
>
> Changes fTPM TEE driver to open the TEE session with REE kernel login
> identifier rather than public login. This is needed in case fTPM service
> it denied to user land application and restricted to kernel operating
> system services only.

This is a valid restriction to avoid any unintended use of fTPM by
user-space. But has the corresponding patch landed in fTPM TA which
would enforce this restriction?

-Sumit

>
> Signed-off-by: Etienne Carriere <etienne.carriere@xxxxxxxxxx>
> ---
>  drivers/char/tpm/tpm_ftpm_tee.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/drivers/char/tpm/tpm_ftpm_tee.c b/drivers/char/tpm/tpm_ftpm_tee.c
> index 528f35b14fb6..6d32e260af43 100644
> --- a/drivers/char/tpm/tpm_ftpm_tee.c
> +++ b/drivers/char/tpm/tpm_ftpm_tee.c
> @@ -241,7 +241,7 @@ static int ftpm_tee_probe(struct device *dev)
>         /* Open a session with fTPM TA */
>         memset(&sess_arg, 0, sizeof(sess_arg));
>         export_uuid(sess_arg.uuid, &ftpm_ta_uuid);
> -       sess_arg.clnt_login = TEE_IOCTL_LOGIN_PUBLIC;
> +       sess_arg.clnt_login = TEE_IOCTL_LOGIN_REE_KERNEL;
>         sess_arg.num_params = 0;
>
>         rc = tee_client_open_session(pvt_data->ctx, &sess_arg, NULL);
> --
> 2.25.1
>



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux