| Message ID | 20180629151005.10899-1-jarkko.sakkinen@linux.intel.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
On Fri, Jun 29, 2018 at 06:10:02PM +0300, Jarkko Sakkinen wrote: > Do not allow to compile TPM core as a module. TPM defines a root of > trust for integrity and keyring subsystems and should be always > available and not be loaded from the user space. There is no a > reasonable use case for a loadable module existing. > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > --- > drivers/char/tpm/Kconfig | 2 +- > include/linux/tpm.h | 3 +-- > 2 files changed, 2 insertions(+), 3 deletions(-) This doesn't really make sense.. The kconfig method is that if IMA requires TPM it should declare so and TPM will become non-modular because IMA is non-modular. There are lots of legitimate use cases for TPM that don't involve IMA or keyring. > diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig > index 18c81cbe4704..9728771aecbd 100644 > --- a/drivers/char/tpm/Kconfig > +++ b/drivers/char/tpm/Kconfig > @@ -3,7 +3,7 @@ > # > > menuconfig TCG_TPM > - tristate "TPM Hardware Support" > + bool "TPM Hardware Support" > depends on HAS_IOMEM > select SECURITYFS > select CRYPTO > diff --git a/include/linux/tpm.h b/include/linux/tpm.h > index 4609b94142d4..cefa61b12891 100644 > --- a/include/linux/tpm.h > +++ b/include/linux/tpm.h > @@ -50,8 +50,7 @@ struct tpm_class_ops { > void (*clk_enable)(struct tpm_chip *chip, bool value); > }; > > -#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) > - > +#if defined(CONFIG_TCG_TPM) Huh. This new version is certainly right Jason -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jun 29, 2018 at 09:31:41AM -0600, Jason Gunthorpe wrote: > On Fri, Jun 29, 2018 at 06:10:02PM +0300, Jarkko Sakkinen wrote: > > Do not allow to compile TPM core as a module. TPM defines a root of > > trust for integrity and keyring subsystems and should be always > > available and not be loaded from the user space. There is no a > > reasonable use case for a loadable module existing. > > > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > --- > > drivers/char/tpm/Kconfig | 2 +- > > include/linux/tpm.h | 3 +-- > > 2 files changed, 2 insertions(+), 3 deletions(-) > > This doesn't really make sense.. > > The kconfig method is that if IMA requires TPM it should declare so > and TPM will become non-modular because IMA is non-modular. > > There are lots of legitimate use cases for TPM that don't involve IMA > or keyring. In what context would it make sense to have TPM core as a module? I forgot to add RFC tag this patch. Did not meant to push it to mainline but more to rise up the discussion. /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jun 29, 2018 at 09:31:41AM -0600, Jason Gunthorpe wrote: > > -#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) > > - > > +#if defined(CONFIG_TCG_TPM) > > Huh. This new version is certainly right Hmm... If the option is kept as tristate, shouldn't this be actually: #if defined(CONFIG_TCG_TPM) && !defined(CONFIG_TCG_TPM_MODULE) ? /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jun 29, 2018 at 08:47:43PM +0300, Jarkko Sakkinen wrote: > On Fri, Jun 29, 2018 at 09:31:41AM -0600, Jason Gunthorpe wrote: > > > -#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) > > > - > > > +#if defined(CONFIG_TCG_TPM) > > > > Huh. This new version is certainly right > > Hmm... > > If the option is kept as tristate, shouldn't this be actually: > > #if defined(CONFIG_TCG_TPM) && !defined(CONFIG_TCG_TPM_MODULE) > > ? Er, yes, it should be writte as #if IS_ENABLED(CONFIG_TCG_TPM) these days Jason -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
On Fri, Jun 29, 2018 at 08:43:28PM +0300, Jarkko Sakkinen wrote: > On Fri, Jun 29, 2018 at 09:31:41AM -0600, Jason Gunthorpe wrote: > > On Fri, Jun 29, 2018 at 06:10:02PM +0300, Jarkko Sakkinen wrote: > > > Do not allow to compile TPM core as a module. TPM defines a root of > > > trust for integrity and keyring subsystems and should be always > > > available and not be loaded from the user space. There is no a > > > reasonable use case for a loadable module existing. > > > > > > Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> > > > drivers/char/tpm/Kconfig | 2 +- > > > include/linux/tpm.h | 3 +-- > > > 2 files changed, 2 insertions(+), 3 deletions(-) > > > > This doesn't really make sense.. > > > > The kconfig method is that if IMA requires TPM it should declare so > > and TPM will become non-modular because IMA is non-modular. > > > > There are lots of legitimate use cases for TPM that don't involve IMA > > or keyring. > > In what context would it make sense to have TPM core as a module? I > forgot to add RFC tag this patch. Did not meant to push it to > mainline but more to rise up the discussion. The usual reasons for modules, embedded that wants minimize kernel image size to minimize boot time - load modules after the system has started.. Developers that wish to use module-reload to test the code they are working on, etc. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/char/tpm/Kconfig b/drivers/char/tpm/Kconfig index 18c81cbe4704..9728771aecbd 100644 --- a/drivers/char/tpm/Kconfig +++ b/drivers/char/tpm/Kconfig @@ -3,7 +3,7 @@ # menuconfig TCG_TPM - tristate "TPM Hardware Support" + bool "TPM Hardware Support" depends on HAS_IOMEM select SECURITYFS select CRYPTO diff --git a/include/linux/tpm.h b/include/linux/tpm.h index 4609b94142d4..cefa61b12891 100644 --- a/include/linux/tpm.h +++ b/include/linux/tpm.h @@ -50,8 +50,7 @@ struct tpm_class_ops { void (*clk_enable)(struct tpm_chip *chip, bool value); }; -#if defined(CONFIG_TCG_TPM) || defined(CONFIG_TCG_TPM_MODULE) - +#if defined(CONFIG_TCG_TPM) extern int tpm_is_tpm2(struct tpm_chip *chip); extern int tpm_pcr_read(struct tpm_chip *chip, int pcr_idx, u8 *res_buf); extern int tpm_pcr_extend(struct tpm_chip *chip, int pcr_idx, const u8 *hash);
Do not allow to compile TPM core as a module. TPM defines a root of trust for integrity and keyring subsystems and should be always available and not be loaded from the user space. There is no a reasonable use case for a loadable module existing. Signed-off-by: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com> --- drivers/char/tpm/Kconfig | 2 +- include/linux/tpm.h | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-)