[RFC PATCH v2 1/2] tpm, tpm_tis: Introduce TPM_IOC_SET_LOCALITY
Ard Biesheuvel
ardb at kernel.org
Sat Nov 2 03:52:03 PDT 2024
On Sat, 2 Nov 2024 at 11:38, Jarkko Sakkinen <jarkko at kernel.org> wrote:
>
> On Sat Nov 2, 2024 at 11:02 AM EET, Ard Biesheuvel wrote:
> > Same for the ioctl() [as well as the read-write sysfs node]: looking
> > at the code (patch 19/20) it doesn't seem like user space needs to be
> > able to modify this at all, at least not for the patch set as
> > presented. So for now, can we just stick with making the sysfs node
> > read-only?
>
> Short answer: I have no idea. I would not mind that but neither
> the commit message for TPM give a clue on this. Actually, I *do
> not care* if it is RO and RW but I'm neither good at guessing
> random shit.
>
You were cc'ed on the rest of the series, no?
Shall we clarify this first, before proposing patches that introduce
new ioctls() and kernel command line parameters to a security
sensitive subsystem?
My reading of 19/20 is that the secure launch module sets the default
locality, and given that it can be built as a module, setting the
default locality needs to be exported to modules (but as I indicated,
this should probably be in a TPM internal module namespace)
If setting the default locality from user space is a requirement down
the road, we can discuss it then. For now, let's not go off into the
weeds and derail this series even more.
More information about the kexec
mailing list