Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

James Bottomley wrote on 02/10/2017 11:46:03 AM: > > quote: 810 milliseconds > > verify signature: 635 milliseconds > > Part of the way of reducing the latency is not to use the TPM for > things that don't require secrecy: Agreed. There are a few times

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

> > It does. My trusted keys implementation actually uses sessions. > > But as I read the code, I can't find where the kernel creates a > session. It looks like the session and hmac are passed in as option > arguments, aren't they? A bit of background. In TPM 1.2, any authorization needed a

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

> > quote: 810 milliseconds > > verify signature: 635 milliseconds > > Part of the way of reducing the latency is not to use the TPM for > things that don't require secrecy: Agreed. There are a few times one would verify a signature inside the TPM, but they're far from mainstream: 1 - Early

Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

On Thu, Feb 09, 2017 at 12:04:26PM -0700, Jason Gunthorpe wrote: Jarkko Sakkinen wrote on 02/10/2017 03:48:37 AM: > > This series should focus on allowing a user space RM to co-exist with > > the in-kernel services - lets try and tackle the idea of a > >

Re: [tpmdd-devel] [PATCH RFC 0/4] RFC: in-kernel resource manager

"Dr. Greg Wettstein" wrote on 01/04/2017 11:12:41 AM: > The kernel needs a resource manager. Everyone needs to think VERY > hard and VERY, VERY carefully about what gets put into the kernel. In > making a decision, put the ABSOLUTE smallest amount of code into the >

Re: [tpmdd-devel] [Ibmtpm20tss-users] [TrouSerS-tech] [PATCH 1/1] add TPM2 version of create_tpm2_key and libtpm2.so engine

Trimmed the CC list a bit. Where does this discussion really belong? Trousers is for TPM 1.2, and it's not a TSS or TPM device driver issue. If you're all TCG members, the TCG's TPM WG is the real place to go if you want to get something fixed. James Bottomley

Re: [tpmdd-devel] add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms

Jason Gunthorpe wrote on 01/04/2017 01:54:34 PM: > We don't need the algorithm in the TPM. We just need to be able to RSA > sign an arbitary OID + externally computed hash like TPM 1.2 could. > > What is the recommended way to create a key with a sign-only

Re: [tpmdd-devel] [Ibmtpm20tss-users] add TPM2 version of create_tpm2_key and libtpm2.so engine -> Hash algoritms

James Bottomley wrote on 01/04/2017 02:45:21 PM: > > James is proposing using the Decrypt op to do this job. > > I believe the TCG has decided this is the only way to sign arbitrary > data. My suspicion is that this was an omission, not a decision. In fact, Part 1