Am Freitag, 4. Oktober 2013, 21:17:36 schrieb Stefan Berger: > On 10/04/2013 01:08 PM, Jason Gunthorpe wrote: > > On Mon, Sep 30, 2013 at 05:09:51PM -0500, Joel Schopp wrote: > >>> So far, nobody I have talked to has offered any strong opinions on > >>> what locality should be used or how it should be set. I think finding > >>> a developer of trousers may be the most useful to talk about how the > >>> ioctl portion of this would need to be set up - if someone is actually > >>> needed. > >> > >> I am a TrouSerS developer and am ccing Richard, another TrouSerS > >> developer, and ccing the trousers-tech list. It would be good if you > >> could elaborate on the question and context for those not following the > >> entire thread, myself included. > > > > Two questions: > > > > Is userspace interested in using the TPM Locality feature, and if so > > is there any thoughts on what the interface should be? > > In terms of interface it should probably be an ioctl so that whoever > holds the fd to /dev/tpm0 gets to choose the locality. > > Locality allows the resetting of certain PCRs. See section 3.7 in > > http://www.trustedcomputinggroup.org/files/static_page_files/8E45D739-1A4B-> > B294-D06274E7047730FD/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_032 > 12013.pdf > > Locality 4 can only be used by the hardware (section 2.2).
Afaik Locality 3 (and sometimes 2) is often also "locked down"/filtered after the bios phase. >From http://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf "The storage spaces accessible within a TPM device are grouped by a locality attribute and are a separate set of address ranges from the Intel TXT Public and Private spaces. The following localities are defined: Locality 0 : Non trusted and legacy TPM operation Locality 1 : An environment for use by the Trusted Operating System Locality 2 : Trusted OS Locality 3 : Authenticated Code Module Locality 4 : Intel TXT hardware use only" (I know that's "only" Intel's view and not a TCG spec) Thanks, Peter -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
