Thanks James, On Sun, Aug 17, 2025 at 1:34 AM James Bottomley <james.bottom...@hansenpartnership.com> wrote:
> Supporting these commands was the reason the TPM2 volatile > handle space was reduced to 3. I think this may put the cart before the horse: You can do anything you want to in the TPM with just 3 handles (actually I think 2 might be enough). ContextSave and ContextLoad exist [1] so that you can create a resource manager to share the TPM among concurrent applications. If you aren't sharing the TPM among concurrent applications, you neither need a resource manager nor context commands. I want to make sure I'm not misunderstanding your message: is it OK to break userspace over this or any other [2] missing dependency of TCG_TPM2_HMAC, simply because that implies the TPM is not a "mainstream" PC Client profile TPM? > The way it is supposed to work is that the system stores (and > validates if it can) the signing EK on install (this is constant for > the lifetime of the TPM). Some questions for the threat model here: 1. Where is the signing EK stored by the system? 2. When is this system (and its durable storage) validated or measured? 3. How do we avoid a circular trust dependency between the kernel and this system here? Thanks Chris [1] https://trustedcomputinggroup.org/wp-content/uploads/Trusted-Platform-Module-2.0-Library-Part-1-Version-184_pub.pdf, see 28: Context Management [2] https://wiki.archlinux.org/title/Trusted_Platform_Module#A_TPM_error_(714)_occurred_attempting_to_create_NULL_primary
