On Tue, Oct 08, 2013 at 09:15:55AM +0000, Fuchs, Andreas wrote:
> Rather than an ioctl, why not provide a different tpm-device per > locality. This way, the access to the different localities can be > restricted via standard user/group of the device. i.e. /dev/tpm0l1, > /dev/tpm0l2, ... or similar approaches... The way the TPM architecture is setup you will need the middle ware to do the switching between localities and managing cross locality resources, so it doesn't make sense for the kernel to export a locality specific char device. You'd have to do the above by having trousers create unix domain sockets for each of the privilege levels and using the usual security mechanisms to protect access to those sockets. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
