Krishna Yenduri wrote: > Wyllys Ingersoll wrote: >> ... >> * TPM Device driver (tpm) >> The TPM device driver was developed in a joint effort between the >> Solaris >> Security group and Dartmouth College and will be delivered on x86/64 >> based platforms >> as part of the core Solaris installation. > > Some X86/X64 machines can enable and use the TPM at the BIOS level. > Does the TPM driver recognize/use the existing objects on the chip?
enabling/disabling at the BIOS level is a prerequisite from using it in the OS. If the TPM is disabled in BIOS, the device will not work by definition. > >> We intend to defer delivery of a TPM >> driver for SPARC systems to a later integration, as TPM hardware is >> predominantly >> found on x86 systems. > > I believe the T5120 (Niagara 2) systems have a TPM chip. So, it is > useful to deliver the driver for it soon. We haven't had access to any of these for testing or developing yet, but hope to follow up with a SPARC version soon. > >> * PKCS11 Provider >> A PKCS11 provider that will allow users to create individual >> tokens that use the TPM to generate keys and perform sensitive >> operations (encrypt/decrypt/sign/verify) will be >> delivered into ON. This provider will protect all private data >> objects by encrypting them >> with keys that can only be used inside the TPM device. >> The PKCS11 TPM provider will support the following mechanisms: >> CKM_RSA_PKCS_KEY_PAIR_GEN (2048 bit max) (hardware) >> CKM_RSA_PKCS (2048 bit max) (hardware) >> CKM_RSA_PKCS_OAEP (2048 bit max) (hardware) >> CKM_RSA_X_509 (2048 bit max) (hardware) >> CKM_MD5_RSA_PKCS (2048 bit max) (hardware) >> CKM_SHA1_RSA_PKCS (2048 bit max) (hardware) >> CKM_SHA_1 >> CKM_SHA_1_HMAC >> CKM_SHA_1_HMAC_GENERAL >> CKM_MD5 >> CKM_MD5_HMAC >> CKM_MD5_HMAC_GENERAL >> > > The chip can do random number generation too. So, do we plan > to support the CKF_RNG and C_GenerateRandom() PKCS #11 interfaces? Yes. It does show up in the flags list and should work with C_GenerateRandom(). Flags: CKF_RNG CKF_LOGIN_REQUIRED CKF_USER_PIN_INITIALIZED CKF_CLOCK_ON_TOKEN CKF_TOKEN_INITIALIZED
