On Wed, Mar 22, 2017 at 2:05 PM, Simon Glass <s...@chromium.org> wrote: > On 20 March 2017 at 03:28, Mario Six <mario....@gdsys.cc> wrote: >> It is sometimes convenient to know how many and/or which resources are >> currently loaded into a TPG, e.g. to test is a flush operation succeeded. >> >> Hence, we add a command that lists the resources of a given type currently >> loaded into the TPM. >> >> Signed-off-by: Mario Six <mario....@gdsys.cc> >> --- >> cmd/tpm.c | 76 >> ++++++++++++++++++++++++++++++++++++++++++++++++++++- >> drivers/tpm/Kconfig | 7 +++++ >> 2 files changed, 82 insertions(+), 1 deletion(-) > > Reviewed-by: Simon Glass <s...@chromium.org> > > Again I wonder if we need the CONFIG. >
Thanks for the review! As for the CONFIG option, well, there is the trivial symmetry reason that the flush command is deactivatable, so this should be too (since they are, essentially, complementary functions, one view, one deletion). Also, the list function is really more of a debug tool than a function that should be in a production environment. And, the most important reason why I think the CONFIG is justified is this: should a embedded device with a TPM that's using U-Boot as a boot loader be subjected to a security evaluation (e.g. Common Criteria), an evaluator might ask why a function like this, which, essentially has no real purpose aside from providing debug information, is part of the TOE (especially if the TPM is used as a fundamental security mechanism in the design). It enables an attacker that gains access to the U-Boot console to, for example, read the handles of the keys stored in the TPM, which is already one part of the data needed to access them. Granted, it's not a huge advantage, but the best answer you can give an evaluator is always "That's not possible" :-). So, from a user perspective, I think it's desirable to have to option to deactivate this function. Best regards, Mario _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de https://lists.denx.de/listinfo/u-boot
