Re: [RFC PATCH v2 3/4] tsm: Map RTMRs to TCG TPM PCRs

From: James Bottomley
Date: Fri Feb 02 2024 - 01:22:35 EST

Next message: James Bottomley: "Re: [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI"
Previous message: Ian Rogers: "[PATCH v8 23/25] perf dso: Add reference count checking and accessor functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2024-01-28 at 14:44 -0800, Kuppuswamy Sathyanarayanan wrote:
>
> On 1/28/24 1:25 PM, Samuel Ortiz wrote:
> > Many user space and internal kernel subsystems (e.g. the Linux IMA)
> > expect a Root of Trust for Storage (RTS) that allows for extending
> > and reading measurement registers that are compatible with the TCG
> > TPM PCRs layout, e.g. a TPM. In order to allow those components to
> > alternatively use a platform TSM as their RTS, a TVM could map the
> > available RTMRs to one or more TCG TPM PCRs. Once configured, those
> > PCR to RTMR mappings give the kernel TSM layer all the necessary
> > information to be a RTS for e.g. the Linux IMA or any other
> > components that expects a TCG compliant TPM PCRs layout.
>
> Why expose the mapping to user space? IMO, the goal should be
> to let user space application work without any changes. So we should
> try to hide this conversion in kernel and let userspace code to use
> PCR as usual.

There's also the question about use case: if we're going to measure
into RTMRs as though they were PCRs, they will need to collect the
kernel measurements as well, which means the mapping will have to be
fixed in early boot when the first TPM measurement is done.

James

Next message: James Bottomley: "Re: [RFC PATCH v2 0/4] tsm: Runtime measurement registers ABI"
Previous message: Ian Rogers: "[PATCH v8 23/25] perf dso: Add reference count checking and accessor functions"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]