On Wed, Jan 11, 2017 at 01:27:30PM -0500, Stefan Berger wrote:
> On 01/11/2017 01:03 PM, Jason Gunthorpe wrote:
> >On Wed, Jan 11, 2017 at 11:00:43AM +0100, Andreas Fuchs wrote:
> >
> >>could we please get an ioctl, that switches the "mode" of the fd entirely.
> >>I'd like to see the write()/read()
On Wed, Jan 11, 2017 at 10:25:57AM -0800, James Bottomley wrote:
> Right, but we're going around in circles. I'm currently researching
> what it would take to be daemonless, so an ioctl which requires an
> access broker daemon would obviously be something I'd object to.
Well, when we figure out
On 01/11/2017 01:03 PM, Jason Gunthorpe wrote:
On Wed, Jan 11, 2017 at 11:00:43AM +0100, Andreas Fuchs wrote:
could we please get an ioctl, that switches the "mode" of the fd entirely.
I'd like to see the write()/read() support still intact.
All my current code uses main-loop based poll on the
On Wed, 2017-01-11 at 10:56 -0700, Jason Gunthorpe wrote:
> On Wed, Jan 11, 2017 at 07:39:53AM -0800, James Bottomley wrote:
>
> > RAW access means the ability to DoS the TPM simply by exhausting
> > handles. Therefore, I think most applications only get RM access.
>
> Re-read what Jarkko is pro
On Wed, Jan 11, 2017 at 11:00:43AM +0100, Andreas Fuchs wrote:
> could we please get an ioctl, that switches the "mode" of the fd entirely.
> I'd like to see the write()/read() support still intact.
> All my current code uses main-loop based poll on the fd and I don't want
> to be force to start u
On Wed, Jan 11, 2017 at 07:39:53AM -0800, James Bottomley wrote:
> RAW access means the ability to DoS the TPM simply by exhausting
> handles. Therefore, I think most applications only get RM access.
Re-read what Jarkko is proposing. He is not making a complete safe &
secure RM in the kernel. H
On Wed, 2017-01-11 at 13:34 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 10, 2017 at 01:05:58PM -0700, Jason Gunthorpe wrote:
> > On Tue, Jan 10, 2017 at 01:16:35AM +0200, Jarkko Sakkinen wrote:
> > > On Wed, Jan 04, 2017 at 10:12:41AM -0600, Dr. Greg Wettstein
> > > wrote:
> > > > The kernel needs
On Tue, Jan 10, 2017 at 02:29:08PM -0500, Ken Goldman wrote:
> On 1/9/2017 6:16 PM, Jarkko Sakkinen wrote:
> >
> > Here's my cuts for the kernel:
> >
> > - Kernel virtualizes handle areas. It's mechanical.
> > - Kernel does not virtualize bodies. It's not mechanical.
> > - At least the first vers
On Tue, Jan 10, 2017 at 01:05:58PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 10, 2017 at 01:16:35AM +0200, Jarkko Sakkinen wrote:
> > On Wed, Jan 04, 2017 at 10:12:41AM -0600, Dr. Greg Wettstein wrote:
> > > The kernel needs a resource manager. Everyone needs to think VERY
> > > hard and VERY, V
Am 09.01.2017 um 23:39 schrieb Jarkko Sakkinen:
On Thu, Jan 05, 2017 at 03:52:02PM +, Fuchs, Andreas wrote:
Great to see this coming along so well. Thanks a lot to Jarkko !
I just wanted to point out a few things I deem important at this point:
- Number of virtual handles:
From what I see
Am 10.01.2017 um 21:05 schrieb Jason Gunthorpe:
On Tue, Jan 10, 2017 at 01:16:35AM +0200, Jarkko Sakkinen wrote:
On Wed, Jan 04, 2017 at 10:12:41AM -0600, Dr. Greg Wettstein wrote:
The kernel needs a resource manager. Everyone needs to think VERY
hard and VERY, VERY carefully about what gets
On Tue, Jan 10, 2017 at 01:16:35AM +0200, Jarkko Sakkinen wrote:
> On Wed, Jan 04, 2017 at 10:12:41AM -0600, Dr. Greg Wettstein wrote:
> > The kernel needs a resource manager. Everyone needs to think VERY
> > hard and VERY, VERY carefully about what gets put into the kernel. In
> > making a decis
On 1/9/2017 6:16 PM, Jarkko Sakkinen wrote:
Here's my cuts for the kernel:
- Kernel virtualizes handle areas. It's mechanical.
- Kernel does not virtualize bodies. It's not mechanical.
- At least the first version of the RM will not do other than session
isolation for sessions.
Is it correc
On 1/5/2017 2:20 PM, Jason Gunthorpe wrote:
I'd rather give up features (eg policy sessions, if necessary) for the
unpriv fd than give up security of the unpriv fd.
Please don't give up policy. Nearly every use case of that we think of
for TPM 2.0 uses policy sessions.
E.g.,
In 1.2, PCR a
On Wed, Jan 04, 2017 at 10:12:41AM -0600, Dr. Greg Wettstein wrote:
> The kernel needs a resource manager. Everyone needs to think VERY
> hard and VERY, VERY carefully about what gets put into the kernel. In
> making a decision, put the ABSOLUTE smallest amount of code into the
> kernel which all
On Thu, Jan 05, 2017 at 03:52:02PM +, Fuchs, Andreas wrote:
> Great to see this coming along so well. Thanks a lot to Jarkko !
> I just wanted to point out a few things I deem important at this point:
>
> - Number of virtual handles:
> From what I see there are currently 14 slots for virtual o
On Fri, Jan 06, 2017 at 09:59:57AM +0100, Andreas Fuchs wrote:
> 1. PolicyPCR is an essential feature of TPM used all over the place,
> so we need support for policy sessions.
> 2. PolicySigned allows authentication of the user via SmartCard.
Are smart cards 0666 in linux?
> The all-defeating re
On Thu, Jan 05, 2017 at 04:36:42PM -0800, James Bottomley wrote:
> I'm seriously pissed of with trousers and will port the trousers based
> TPM1.2 RSA key patches I've done to whatever direct connect API you
> come up with (just send me a link to the git tree or package or
> whatever), so this sho
Am 06.01.2017 um 01:36 schrieb James Bottomley:
On Thu, 2017-01-05 at 16:50 -0700, Jason Gunthorpe wrote:
On Thu, Jan 05, 2017 at 02:58:46PM -0800, James Bottomley wrote:
On Thu, 2017-01-05 at 15:21 -0700, Jason Gunthorpe wrote:
On Thu, Jan 05, 2017 at 11:55:49AM -0800, James Bottomley wrote:
Am 05.01.2017 um 19:06 schrieb James Bottomley:
On Thu, 2017-01-05 at 10:27 -0700, Jason Gunthorpe wrote:
On Thu, Jan 05, 2017 at 03:52:02PM +, Fuchs, Andreas wrote:
Great to see this coming along so well. Thanks a lot to Jarkko !
The TPM allows an application to get the list of currently l
On Thu, 2017-01-05 at 15:21 -0700, Jason Gunthorpe wrote:
> On Thu, Jan 05, 2017 at 11:55:49AM -0800, James Bottomley wrote:
>
> > We don't really have that choice: Keys require authorization, so
> > you have to have an auth session.
>
> I know, this is why I suggested a combo op (kernel level a
On Thu, 2017-01-05 at 16:50 -0700, Jason Gunthorpe wrote:
> On Thu, Jan 05, 2017 at 02:58:46PM -0800, James Bottomley wrote:
> > On Thu, 2017-01-05 at 15:21 -0700, Jason Gunthorpe wrote:
> > > On Thu, Jan 05, 2017 at 11:55:49AM -0800, James Bottomley wrote:
> > >
> > > > We don't really have that
On Thu, Jan 05, 2017 at 02:58:46PM -0800, James Bottomley wrote:
> On Thu, 2017-01-05 at 15:21 -0700, Jason Gunthorpe wrote:
> > On Thu, Jan 05, 2017 at 11:55:49AM -0800, James Bottomley wrote:
> >
> > > We don't really have that choice: Keys require authorization, so
> > > you have to have an au
On Thu, Jan 05, 2017 at 11:55:49AM -0800, James Bottomley wrote:
> We don't really have that choice: Keys require authorization, so you
> have to have an auth session.
I know, this is why I suggested a combo op (kernel level atomicity
is clearly DOS safe)..
> If you want things like PCR sealed o
On Thu, 2017-01-05 at 12:20 -0700, Jason Gunthorpe wrote:
> On Thu, Jan 05, 2017 at 10:33:43AM -0800, James Bottomley wrote:
>
> > > A combo ioctl that could setup the session, issue an operation in
> > > it
> > > and then delete the session, for instance.
> >
> > This would work for encryption o
On Thu, Jan 05, 2017 at 10:33:43AM -0800, James Bottomley wrote:
> > A combo ioctl that could setup the session, issue an operation in it
> > and then delete the session, for instance.
>
> This would work for encryption or HMAC sessions, but probably not for
> policy sessions, because they can ha
On Thu, 2017-01-05 at 10:27 -0700, Jason Gunthorpe wrote:
> On Thu, Jan 05, 2017 at 03:52:02PM +, Fuchs, Andreas wrote:
[...]
> > - Session Limits (here it gets ugly):
>
> > Even thought the TPM supports the same swapping-scheme for sessions
> > as it does for transient objects, it only allows
On Thu, 2017-01-05 at 10:27 -0700, Jason Gunthorpe wrote:
> On Thu, Jan 05, 2017 at 03:52:02PM +, Fuchs, Andreas wrote:
> > Great to see this coming along so well. Thanks a lot to Jarkko !
>
> > The TPM allows an application to get the list of currently loaded
> > handles TPM2_GetCapabilities(
On Thu, Jan 05, 2017 at 03:52:02PM +, Fuchs, Andreas wrote:
> Great to see this coming along so well. Thanks a lot to Jarkko !
> The TPM allows an application to get the list of currently loaded
> handles TPM2_GetCapabilities(TPM_CAP_HANDLES). It would be great to
> have the RM be as transpar
tely I'm unable to help with actual code ... for reasons...
Best regards,
Andreas
From: Jarkko Sakkinen [jarkko.sakki...@linux.intel.com]
Sent: Monday, January 02, 2017 14:22
To: tpmdd-de...@lists.sourceforge.net
Cc: linux-security-mod...@vger.kernel.
On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote:
> > > But this is not trousers, this is an in-kernel 0666 char dev that
> > > will be active on basically every Linux system with a TPM. I think
> > > we have a duty to be very conservative here.
>
> Just to note on this that trou
On Wed, Jan 04, 2017 at 10:57:51AM -0800, James Bottomley wrote:
> > You are doing all this work to get the user space side in shape, I'd
> > like to see matching kernel support. To me that means out-of-the-box
> > a user can just use your plugins, the plugins will access /dev/tmps
> > and everyth
On Wed, 2017-01-04 at 11:31 -0700, Jason Gunthorpe wrote:
> On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote:
>
> > > > But this is not trousers, this is an in-kernel 0666 char dev
> > > > that will be active on basically every Linux system with a TPM.
> > > > I think we have a du
On Wed, Jan 04, 2017 at 02:58:10PM +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote:
> > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> >
> > > OK, so I put a patch together that does this (see below). It all works
> > > nicely (wi
On Jan 3, 5:21pm, Ken Goldman wrote:
} Subject: Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager
Good morning, I hope this note finds the day going well for everyone.
> On 1/3/2017 4:47 PM, Jason Gunthorpe wrote:
> >
> > I think we should also consider TPM 1.2 su
On Wed, 2017-01-04 at 14:50 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 05:17:32PM -0700, Jason Gunthorpe wrote:
> > On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
[...]
> > > > Even if TPM 2 has a stronger password based model, I still
> > > > think the kernel should
On 1/3/2017 4:47 PM, Jason Gunthorpe wrote:
I think we should also consider TPM 1.2 support in all of this, it is
still a very popular piece of hardware and it is equally able to
support a RM.
I suspect that TPM 2.0 and TPM 1.2 are so different that there may be
little or no code in common.
On Tue, Jan 03, 2017 at 09:47:21PM -0800, Andy Lutomirski wrote:
> On 01/02/2017 09:26 PM, James Bottomley wrote:
> > On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bot
On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote:
> On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
>
> > OK, so I put a patch together that does this (see below). It all works
> > nicely (with a udev script that sets the resource manager device to
> > 0666):
> >
>
On Tue, Jan 03, 2017 at 05:17:32PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
>
> > > I think we should also consider TPM 1.2 support in all of this, it is
> > > still a very popular peice of hardware and it is equally able to
> > > support a R
On Tue, Jan 03, 2017 at 02:47:02PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote:
>
> > > I'm not sure about this. Why you couldn't have a very thin daemon
> > > that prepares the file descriptor and sends it through UDS socket to
> > > a client.
On 01/02/2017 09:26 PM, James Bottomley wrote:
On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
This pa
On Tue, 2017-01-03 at 21:14 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 08:36:02PM +0200, Jarkko Sakkinen wrote:
> > On Tue, Jan 03, 2017 at 08:14:55AM -0800, James Bottomley wrote:
> > > On Tue, 2017-01-03 at 15:41 +0200, Jarkko Sakkinen wrote:
[...]
> > > > Just thinking how to split
On Tue, Jan 03, 2017 at 04:29:59PM -0800, James Bottomley wrote:
> On Tue, 2017-01-03 at 17:17 -0700, Jason Gunthorpe wrote:
> > On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
> >
> > > > I think we should also consider TPM 1.2 support in all of this,
> > > > it is still a very
On Tue, 2017-01-03 at 17:17 -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
>
> > > I think we should also consider TPM 1.2 support in all of this,
> > > it is still a very popular peice of hardware and it is equally
> > > able to support a RM.
>
On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
> > I think we should also consider TPM 1.2 support in all of this, it is
> > still a very popular peice of hardware and it is equally able to
> > support a RM.
>
> I've been running with the openssl and gnome-keyring patches in 1.2
On Tue, Jan 03, 2017 at 05:21:28PM -0500, Ken Goldman wrote:
> On 1/3/2017 4:47 PM, Jason Gunthorpe wrote:
> >
> > I think we should also consider TPM 1.2 support in all of this, it is
> > still a very popular piece of hardware and it is equally able to
> > support a RM.
>
> I suspect that TPM 2.0
On Tue, 2017-01-03 at 14:47 -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote:
>
> > > I'm not sure about this. Why you couldn't have a very thin daemon
> > > that prepares the file descriptor and sends it through UDS socket
> > > to a client.
> >
>
On Tue, 2017-01-03 at 14:32 -0700, Jason Gunthorpe wrote:
> On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> > > This patch set adds support for TPM spaces that provide a context
> > > for isolating and swapping transie
On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> OK, so I put a patch together that does this (see below). It all works
> nicely (with a udev script that sets the resource manager device to
> 0666):
>
> jejb@jarvis:~> ls -l /dev/tpm*
> crw--- 1 root root 10, 224 Jan 2 20
On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote:
> > I'm not sure about this. Why you couldn't have a very thin daemon
> > that prepares the file descriptor and sends it through UDS socket to
> > a client.
>
> So I'm a bit soured on daemons from the trousers experience: tcsd
> c
On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> > This patch set adds support for TPM spaces that provide a context
> > for isolating and swapping transient objects. This patch set does
> > not yet include support for is
On Tue, Jan 03, 2017 at 08:36:02PM +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 08:14:55AM -0800, James Bottomley wrote:
> > On Tue, 2017-01-03 at 15:41 +0200, Jarkko Sakkinen wrote:
> > > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> > > > On Mon, 2017-01-02 at 13:4
On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote:
> On Tue, 2017-01-03 at 15:51 +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 01:40:48PM -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > > On Mon, Jan 02, 2017 at 08:36:20A
On Tue, Jan 03, 2017 at 08:14:55AM -0800, James Bottomley wrote:
> On Tue, 2017-01-03 at 15:41 +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> > > > On Mon, 2017-01-02 at 21:33 +0200
On Tue, 2017-01-03 at 15:51 +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 02, 2017 at 01:40:48PM -0800, James Bottomley wrote:
> > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> > > > On Mon, 2017-01-02 at 15:22 +0200
On Tue, 2017-01-03 at 15:41 +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> > On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > > On Mon, Jan 02, 2017 at 08:36:20AM -0800
On Mon, Jan 02, 2017 at 01:40:48PM -0800, James Bottomley wrote:
> On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> > > > This patch set adds support for T
On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> > > > On Mon, 2017-01-02 at 15:22 +0200
On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> > > > This patch set adds support for TPM spac
On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> > This patch set adds support for TPM spaces that provide a context
> > for isolating and swapping transient objects. This patch set does
> > not yet include support for is
On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> On Mon, Jan 02, 2017 at 08:36:20AM -0800, James Bottomley wrote:
> > On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> > > This patch set adds support for TPM spaces that provide a context
> > > for isolating and swapping transie
On Mon, 2017-01-02 at 15:22 +0200, Jarkko Sakkinen wrote:
> This patch set adds support for TPM spaces that provide a context
> for isolating and swapping transient objects. This patch set does
> not yet include support for isolating policy and HMAC sessions but
> it is trivial to add once the basi
This patch set adds support for TPM spaces that provide a context
for isolating and swapping transient objects. This patch set does
not yet include support for isolating policy and HMAC sessions but
it is trivial to add once the basic approach is settled (and that's
why I created an RFC patch set).
64 matches
Mail list logo
