Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On Thu, Feb 09, 2017 at 12:04:26PM -0700, Jason Gunthorpe wrote: > On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote: > > > userspace instance with subsequent relinquishment of privilege. At > > > that point one has the freedom to implement all sorts of policy. > > > > If you look a

Re: [tpmdd-devel] [PATCH 0/6] in-kernel resource manager

On Wed, Feb 08, 2017 at 01:07:02PM +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide an isolated > for transient objects and HMAC and policy sessions. A space is swapped > into TPM volatile memory only when it is used and swapped out after > the use. > > There

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > + rc = tpm2_load_context(chip, space->session_buf, > +&offset, &handle); > + if (rc == -ENOENT) { > + /* load failed, just forget session */ > +

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On Feb 9, 11:24am, James Bottomley wrote: } Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global sessi Good morning to everyone. > On Thu, 2017-02-09 at 03:06 -0600, Dr. Greg Wettstein wrote: > > Referring back to Ken's comments about having 20+ clients waiting to > > get access t

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > From: James Bottomley > > Sessions are different from transient objects in that their handles > may not be virtualized (because they're used for some hmac > calculations). Additionally when a session is context saved, a > vestigi

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Fri, 2017-02-10 at 10:52 +0200, Jarkko Sakkinen wrote: > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > + rc = tpm2_load_context(chip, space->session_buf, > > + &offset, &handle); > > + if (rc == -ENOENT) { > > +

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > From: James Bottomley [...] > > +static int tpm2_session_add(struct tpm_chip *chip, u32 handle) > > +{ > > + struct tpm_space *space = &chip->work_space; > > + int

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On Fri, 2017-02-10 at 04:03 -0600, Dr. Greg Wettstein wrote: > On Feb 9, 11:24am, James Bottomley wrote: > } Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for > global sessi > > Good morning to everyone. Is there any way you could fix your email client? It's setting In -Reply-To: hea

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code'

On Fri, Feb 10, 2017 at 08:11:18AM -0800, James Bottomley wrote: > On Fri, 2017-02-10 at 10:52 +0200, Jarkko Sakkinen wrote: > > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > > + rc = tpm2_load_context(chip, space->session_buf, > > > +&

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Fri, Feb 10, 2017 at 08:17:11AM -0800, James Bottomley wrote: > On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > > From: James Bottomley > [...] > > > +static int tpm2_session_add(struct tpm_chip *chip, u32 handl

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Fri, 2017-02-10 at 21:10 +0200, Jarkko Sakkinen wrote: > On Fri, Feb 10, 2017 at 08:17:11AM -0800, James Bottomley wrote: > > On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > > > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > > > From: James Bottomley > > [...]

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

> > It does. My trusted keys implementation actually uses sessions. > > But as I read the code, I can't find where the kernel creates a > session. It looks like the session and hmac are passed in as option > arguments, aren't they? A bit of background. In TPM 1.2, any authorization needed a sess

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

James Bottomley wrote on 02/10/2017 11:46:03 AM: > > quote: 810 milliseconds > > verify signature: 635 milliseconds > > Part of the way of reducing the latency is not to use the TPM for > things that don't require secrecy: Agreed. There are a few times one would verify a signature inside the

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

> > quote: 810 milliseconds > > verify signature: 635 milliseconds > > Part of the way of reducing the latency is not to use the TPM for > things that don't require secrecy: Agreed. There are a few times one would verify a signature inside the TPM, but they're far from mainstream: 1 - Early i

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

On Fri, Feb 10, 2017 at 11:12:15AM -0800, James Bottomley wrote: > On Fri, 2017-02-10 at 21:10 +0200, Jarkko Sakkinen wrote: > > On Fri, Feb 10, 2017 at 08:17:11AM -0800, James Bottomley wrote: > > > On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > > > > On Wed, Feb 08, 2017 at 01:07:08P