Re: [PATCH v2 6/7] tpm: expose spaces via a device link /dev/tpms<n>

From: James Bottomley
Date: Fri Feb 24 2017 - 15:29:28 EST


On Fri, 2017-02-24 at 11:11 -0700, Jason Gunthorpe wrote:
> On Fri, Feb 24, 2017 at 07:39:22PM +0200, Jarkko Sakkinen wrote:
>
> > > I think therefore that tpmns<n> for TPM Namespace would be very
> > > appropriate.
> >
> > Makes sense. We can go with tpmns.
>
> When we have talked about TPM namespaces in the past it has been
> around the idea of restricting which TPMs the namespace has access
> too and changing the 'kernel tpm' for that namespace.

Well, you know, nothing in the TPM Space code prevents us from exposing
the namespace so that it could be shared. However, I think the
namespace follows connect (device open) paradigm is pretty much the
behaviour everyone (including the kernel) wants, mostly because TPM2
has such a tiny amount of resources that you're always dealing with
loadable keys meaning you don't really want to see anyone else's
volatile state.

James