Wyllys Ingersoll writes: > sources. That is why I originally suggested that the TPM should only > reside > in the global zone and that local zones would access it over the network > and be subject to access controls as specified in the tcsd.conf.
It sounds to me like the complete Zones solution will require a non-network-based cross-zone communication mechanism. > I suggested that we could deliver the TPM device and libraries in all zones > but that the administrator would have to know that only 1 zone per-system > is allowed to access the TPM. That would at least allow the administrator > to configure any single zone to run the TCS daemon instead of forcing it to > be in the global zone, but it still has the restriction of only 1 TCS > daemon per TPM. That doesn't make sense to me. Why would the administrator _NOT_ want to have access to the TPM in more than one zone? -- James Carlson, Solaris Networking <james.d.carlson at sun.com> Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084 MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
