Re: [PATCH RFC 0/4] RFC: in-kernel resource manager

From: Ken Goldman
Date: Tue Jan 10 2017 - 14:12:38 EST


On 1/5/2017 2:20 PM, Jason Gunthorpe wrote:

I'd rather give up features (eg policy sessions, if necessary) for the
unpriv fd than give up security of the unpriv fd.

Please don't give up policy. Nearly every use case of that we think of for TPM 2.0 uses policy sessions.

E.g.,

In 1.2, PCR authorization was built in to the object. In 2.0, it's a policy.

In 1.2, key types were restricted to certain commands. In 2.0, it's a policy.

Then there are all the new use cases - time restricted keys, use count restricted keys, keys with a PIN, etc., all use policy.

Even use of the EK primary key requires a policy, and that's needed for salt (getting the first password in securely) and attestation (proof that the TPM is authentic).