On Fri, Dec 05, 2025 at 12:31:27AM +0200, Jarkko Sakkinen wrote: > tpm2_load_cmd() and tpm2_unseal_cmd() use the same parent, and calls to > tpm_buf_append_name() cause the exact same TPM2_ReadPublic command to be > sent to the chip, causing unnecessary traffic. > > 1. Export tpm2_read_public in order to make it callable from 'trusted_tpm2'. > 2. Re-orchestrate tpm2_seal_trusted() and tpm2_unseal_trusted() in order to > halve the name resolutions required: > 2a. Move tpm2_read_public() calls into trusted_tpm2. > 2b. Pass TPM name to tpm_buf_append_name(). > 2c. Rework tpm_buf_append_name() to use the pre-resolved name. > > Signed-off-by: Jarkko Sakkinen <[email protected]>
If ASN.1 blob would contain also name of the parent then zero tpm2_read_public() calls would be required i.e., the main bottleneck here inherits from the limitations of the file format itself. BR, Jarkko
