Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

From: Jason Gunthorpe
Date: Wed Jan 11 2017 - 12:57:16 EST

Next message: Tim Chen: "[PATCH v5 3/9] mm/swap: Split swap cache into 64MB trunks"
Previous message: Tim Chen: "[PATCH v5 5/9] mm/swap: Allocate swap slots in batches"
In reply to: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager"
Next in thread: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jan 11, 2017 at 07:39:53AM -0800, James Bottomley wrote:

> RAW access means the ability to DoS the TPM simply by exhausting
> handles. Therefore, I think most applications only get RM access.

Re-read what Jarkko is proposing. He is not making a complete safe &
secure RM in the kernel. He is making a tool to allow userspace and
the kernel to share the TPM sanely.

It is not an access control tool, it is not a security tool, it is not
intended to support safe unpriv userspace access.

So there is no reason to have a different access control model in
userspace, it is not a fundamentally different security environment
from the existing raw device.

A future project to provide an unpriv safe cdev from the kernel is
something different.

Jason

Next message: Tim Chen: "[PATCH v5 3/9] mm/swap: Split swap cache into 64MB trunks"
Previous message: Tim Chen: "[PATCH v5 5/9] mm/swap: Allocate swap slots in batches"
In reply to: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager"
Next in thread: James Bottomley: "Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]