Am Freitag, 4. Oktober 2013, 21:17:36 schrieb Stefan Berger: > On 10/04/2013 01:08 PM, Jason Gunthorpe wrote: > > On Mon, Sep 30, 2013 at 05:09:51PM -0500, Joel Schopp wrote: > >>> So far, nobody I have talked to has offered any strong opinions on > >>> what locality should be used or how it should be set. I think finding > >>> a developer of trousers may be the most useful to talk about how the > >>> ioctl portion of this would need to be set up - if someone is actually > >>> needed. > >> > >> I am a TrouSerS developer and am ccing Richard, another TrouSerS > >> developer, and ccing the trousers-tech list. It would be good if you > >> could elaborate on the question and context for those not following the > >> entire thread, myself included. > > > > Two questions: > > > > Is userspace interested in using the TPM Locality feature, and if so > > is there any thoughts on what the interface should be? > > In terms of interface it should probably be an ioctl so that whoever > holds the fd to /dev/tpm0 gets to choose the locality. > > Locality allows the resetting of certain PCRs. See section 3.7 in > > http://www.trustedcomputinggroup.org/files/static_page_files/8E45D739-1A4B-> > B294-D06274E7047730FD/TCG_PCClientTPMInterfaceSpecification_TIS__1-3_27_032 > 12013.pdf > > Locality 4 can only be used by the hardware (section 2.2).
Afaik Locality 3 (and sometimes 2) is often also "locked down"/filtered after the bios phase. >From http://www.intel.com/content/dam/www/public/us/en/documents/guides/intel-txt-software-development-guide.pdf "The storage spaces accessible within a TPM device are grouped by a locality attribute and are a separate set of address ranges from the Intel TXT Public and Private spaces. The following localities are defined: Locality 0 : Non trusted and legacy TPM operation Locality 1 : An environment for use by the Trusted Operating System Locality 2 : Trusted OS Locality 3 : Authenticated Code Module Locality 4 : Intel TXT hardware use only" (I know that's "only" Intel's view and not a TCG spec) Thanks, Peter ------------------------------------------------------------------------------ October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk _______________________________________________ TrouSerS-tech mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/trousers-tech
