Re: [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs

From: Dan Williams
Date: Mon Jan 22 2024 - 17:32:44 EST

Next message: David Howells: "[PATCH v2 00/10] netfs, afs, cifs, cachefiles, erofs: Miscellaneous fixes"
Previous message: Chris Li: "Re: [PATCH 2/2] mm: zswap: remove unnecessary tree cleanups in zswap_swapoff()"
In reply to: Xing, Cedric: "Re: [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs"
Next in thread: Xing, Cedric: "Re: [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Xing, Cedric wrote:
[..]
> > So, yes, the mapping should be allowed to specified by the low-level
> > driver, but at the same time every vendor should not reinvent their own
> > enumeration method when we have EFI for that.
>
> Given PCR->RTMR mapping is static, I just wonder why it needs to be kept
> in kernel. Given that PCRs can never be 1:1 mapped to RTMRs, and that
> TDX quotes are never TPM quotes, applications used to extend PCRs would
> have to be changed/recompiled. Then wouldn't it suffice to define the
> mappings as macros in an architecture specific header file?

I think something is wrong if applications are exposed to the PCR->RTMR
mapping thrash. I would hope / expect that detail is hidden behind a TPM
proxy layer sitting in front of this mapping on behalf of TPM-client
applications.

Next message: David Howells: "[PATCH v2 00/10] netfs, afs, cifs, cachefiles, erofs: Miscellaneous fixes"
Previous message: Chris Li: "Re: [PATCH 2/2] mm: zswap: remove unnecessary tree cleanups in zswap_swapoff()"
In reply to: Xing, Cedric: "Re: [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs"
Next in thread: Xing, Cedric: "Re: [RFC PATCH v1 3/4] tsm: Allow for mapping RTMRs to TCG TPM PCRs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]