On Sat, 2017-01-14 at 13:19 -0500, Ken Goldman wrote: > On 1/14/2017 11:45 AM, James Bottomley wrote: > > > > Should fix all of this. The code has to partially emulate > > TPM2_FlushContext. The emulation is > > > > 1. If the handle type is not one we manage (transient, hmac or > > policy) > > send the command on to the TPM > > 2. next, if the handle isn't currently in the RM table, > > manufacture a > > TPM_RC_HANDLE error and return it > > 3. remove the handle from the RM table > > 4. if the handle is transient, manufacture TPM_RC_SUCCESS and > > return it > > 5. otherwise it's a session handle: flush it and return success. > > This sounds right, assuming: > > 1 - The RM immediately context saves and then flushes any transient > object that's created or loaded onto the TPM.
Yes, that's how the space code operates. It saves every handle (well, every policy, hmac or transient handle) after a command completes and reloads them all before the next one. > If you want a list of commands that load transient objects, let me > know. I think for simplicity, unless there's a severe performance impact, we should stick with loading and saving everything for every command rather than trying to be selective about whether the command might actually use any saved contexts. > 2 - Step 3 also implies deleting the saved context. Yes, that's what I meant by "remove" the function in the patch is tpm2 -space.c:tpm2_forget_session() It removes both the handle and the saved context information for the now flushed session. James ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
