Ken Goldman <kgold@...>
On 1/3/2019 3:59 PM, Doug Fraser wrote:
Hello All.Way back, the wisdom was to set some group protection (i.e.,
a group of trusted applications) on /dev/tpmxxx.
Using /dev/tpmrm0 protects against an application locking the
TPM and/or using all the resources.
However, even when using /dev/tpmrm0, might one want to protect
against an application extending PCR 10, for example?
Another - does /tpmrm0 protect against an application doing
the write() but never the read(), and thus blocking the device?