[tpmdd-devel] =?iso-8859-1?q?Re=3A_Re=3A_=5Btpmdd-devel=5D_Locality?=

[Axel H. <axe...@my...>]

Kylie,

> I don't fully understand the locality feature myself as far as when or
> how something from the OS can request it.  The 1.2 driver in the tpmdd
> cvs has support for requesting localities internally but I have no idea
> how this is supposed to be exported to the OS. In fact the last I looked
> I think I came to the conclusion that the regular OS should not have
> access to localities other than the normal one.
> Please let me know if you get clarification on this.


Thanks for the answer. Well, lets start some guessing about
how this could be ment to work then. If anybody else here =

on the lists has some input, it's really appreciated.
I'm getting really curious about this magic function.... :)
Having some PCRs that cannot be messed up by applications
or even by the OS appear interesing. =


So, what interface does the tpmdd offer? What could the =

kernel do to handle this? Possibly define some additional
flags associated with every process indicating details =

about how trustworthy it is. In this case tpmdd could
simply check these flags and set up the locality settings. =


Otherwise some kind of hook would be required in the
kernel that is called for every command send to the TPM. =

but this seem to cause too much overehead. =


But this leaves the problem that there must be some =

managing app that can be used to declare the =

trustworthyness of processes. Could be based on the
hash values of all binaries. Somehow the kernel needs
to decide this - which finally means some admin must
define this. =

Well, seems a lot of stuff that currently "beyond the
scope of this specification".

 =

-- =

Axel