Re: [PATCH RFC] tpm: define a command filter

From: Jason Gunthorpe
Date: Wed Jan 25 2017 - 17:12:11 EST

On Wed, Jan 25, 2017 at 10:21:37PM +0200, Jarkko Sakkinen wrote:

> There should be anyway someway to limit what commands can be sent but
> I understand your point.

What is the filter for?

James and I talked about a filter to create a safer cdev for use by
users. However tpms0 cannot be that 'safer' cdev - it is now the 'all
access' path.

I also suggested a filter in the kernel to ensure that the RM is only
passing commands it actually knows it handles properly. eg you would
filter out list handles. That is hardwired into the kernel, and does
not ge to be configured by user space.

> Would it make more sense to have a sysfs file for configuring the
> global filter that would get the data in the same format (list of
> 16-bit words)?

Probably not, then there is no way to escape the filter in userspace,
so some command just become impossible even for root. (And no,
something like tpm should not test CAP_ flags, that is putting
too much policy into the kernel)