Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

2017-02-10 Thread James Bottomley
On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > From: James Bottomley [...] > > +static int tpm2_session_add(struct tpm_chip *chip, u32 handle) > > +{ > > + struct tpm_space

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code'

2017-02-10 Thread Jarkko Sakkinen
On Fri, Feb 10, 2017 at 08:11:18AM -0800, James Bottomley wrote: > On Fri, 2017-02-10 at 10:52 +0200, Jarkko Sakkinen wrote: > > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > > + rc = tpm2_load_context(chip, space->session_buf, > > > +

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

2017-02-10 Thread Jarkko Sakkinen
On Fri, Feb 10, 2017 at 08:17:11AM -0800, James Bottomley wrote: > On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > > From: James Bottomley > [...] > > > +static int

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

2017-02-10 Thread James Bottomley
On Fri, 2017-02-10 at 21:10 +0200, Jarkko Sakkinen wrote: > On Fri, Feb 10, 2017 at 08:17:11AM -0800, James Bottomley wrote: > > On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > > > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > > > From: James Bottomley

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

2017-02-10 Thread James Bottomley
On Fri, 2017-02-10 at 04:03 -0600, Dr. Greg Wettstein wrote: > On Feb 9, 11:24am, James Bottomley wrote: > } Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for > global sessi > > Good morning to everyone. Is there any way you could fix your email client? It's setting In -Reply-To:

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

2017-02-10 Thread Kenneth Goldman
James Bottomley wrote on 02/10/2017 11:46:03 AM: > > quote: 810 milliseconds > > verify signature: 635 milliseconds > > Part of the way of reducing the latency is not to use the TPM for > things that don't require secrecy: Agreed. There are a few times

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

2017-02-10 Thread Jarkko Sakkinen
On Fri, Feb 10, 2017 at 11:12:15AM -0800, James Bottomley wrote: > On Fri, 2017-02-10 at 21:10 +0200, Jarkko Sakkinen wrote: > > On Fri, Feb 10, 2017 at 08:17:11AM -0800, James Bottomley wrote: > > > On Fri, 2017-02-10 at 14:32 +0200, Jarkko Sakkinen wrote: > > > > On Wed, Feb 08, 2017 at

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

2017-02-10 Thread Kenneth Goldman
> > It does. My trusted keys implementation actually uses sessions. > > But as I read the code, I can't find where the kernel creates a > session. It looks like the session and hmac are passed in as option > arguments, aren't they? A bit of background. In TPM 1.2, any authorization needed a

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

2017-02-10 Thread Kenneth Goldman
> > quote: 810 milliseconds > > verify signature: 635 milliseconds > > Part of the way of reducing the latency is not to use the TPM for > things that don't require secrecy: Agreed. There are a few times one would verify a signature inside the TPM, but they're far from mainstream: 1 - Early

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

2017-02-10 Thread James Bottomley
On Fri, 2017-02-10 at 10:52 +0200, Jarkko Sakkinen wrote: > On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > > + rc = tpm2_load_context(chip, space->session_buf, > > + , ); > > + if (rc == -ENOENT) { > > + /*

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

2017-02-10 Thread Jarkko Sakkinen
On Thu, Feb 09, 2017 at 12:04:26PM -0700, Jason Gunthorpe wrote: > On Thu, Feb 09, 2017 at 05:19:22PM +0200, Jarkko Sakkinen wrote: > > > userspace instance with subsequent relinquishment of privilege. At > > > that point one has the freedom to implement all sorts of policy. > > > > If you look

Re: [tpmdd-devel] [PATCH 6/6] tpm2: add session handle context saving and restoring to the space code

2017-02-10 Thread Jarkko Sakkinen
On Wed, Feb 08, 2017 at 01:07:08PM +0200, Jarkko Sakkinen wrote: > + rc = tpm2_load_context(chip, space->session_buf, > +, ); > + if (rc == -ENOENT) { > + /* load failed, just forget session */ > +

Re: [tpmdd-devel] [PATCH 0/6] in-kernel resource manager

2017-02-10 Thread Jarkko Sakkinen
On Wed, Feb 08, 2017 at 01:07:02PM +0200, Jarkko Sakkinen wrote: > This patch set adds support for TPM spaces that provide an isolated > for transient objects and HMAC and policy sessions. A space is swapped > into TPM volatile memory only when it is used and swapped out after > the use. > >

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

2017-02-10 Thread Dr. Greg Wettstein
On Feb 9, 11:24am, James Bottomley wrote: } Subject: Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global sessi Good morning to everyone. > On Thu, 2017-02-09 at 03:06 -0600, Dr. Greg Wettstein wrote: > > Referring back to Ken's comments about having 20+ clients waiting to > > get access