>> No, that example is not quite applicable in this situation. "actions" >> w.r.t the TCS Daemon >> are not authenticated on a per-user basis. TCSD "authorizes" certain >> commands to be >> performed from a remote client depending on the configuration parameters >> in the tcsd.conf >> file, not based on passwords. It also has no concept of a "user" and >> doesn't have support >> to filter based on IP addresses. > > I guess I've completely misunderstood the architecture here. > I thought tpmadm used the library which called to tcsd which > was the policy engine for all the functions passed to the > TPM. Thus it all seemed to fall within various audit requirements.
It is potentially auditable, yes. But whether or not it is a "Required" auditable action is the question. > > More time please. Perhaps off line.... to clear it up. > Could we talk later today? Yes, but I'd prefer to get this approved TODAY and then talk about auditing. We can talk later, perhaps when Scott returns would be better so we can all be involved. gw-2 > > As the TPM can be switched between various owners, what it the > > object reuse policy/implementation? > > >> I don't quite understand the question. The TPM doesn't switch between >> owners. >> The platform owner issues the "takeownership" command 1 time when the system >> is first provisioned (or whenever the owner wants to start using the >> TPM). It >> is not something that is done repeatedly for different users. As mentioned >> earlier, this is possibly a good candidate for auditing later. > > Please see the ObjectReuse file in the case directory. It > is the quote of the relevant parts of the criteria. > I'm not sure how else to state them. I thought the project > team had seen them some time ago when I sent this all out > to the management. > Your original question was in the context of "switching between users". The TPM does not expose secrets between contexts. The TSS library has code for zeroing memory when sensitive objects are freed and released from use. I think that addresses the issue. > > Yes, I got that from the discussion. Let me rephrase: > It seems Validated Execution is a consumer of this project. > Until the TPM virtualization project is completed, how > will Validated Execution in non-global zones (TX) be effected > by this project? For example: will tcsd need to listen for > non-local connections? Is it just not applicable since > ValEx only uses the TPM when booting the GZ? ... Yes, if a non-global zone wants to use validated execution and the TPM, then the TCSD in the global zone will have to listen over the network. I'm not sure how ValEx is going to be using the TPM, I just know that they want to use it. Perhaps follow up with ValEx group. -Wyllys
