On 1/16/2017 6:18 PM, James Bottomley wrote:
>
> Basically this means that the advice to virtualize session handles
> in the TCG RM document is wrong and we have to use physical handles.
> I'll redo the implementation for this ... and now, since we'll have
> nothing to use as an index, it probably does make sense to have
> sessions in a separate array.  I can also separate isolation from
> context switching ... although I really think this is less optimal:
> my TPM only allows three active context handles, so if we don't
> context switch them identically to transient object (which it also
> only allows three of) I'm going to run out.  I actually redid my
> openssl_tpm_engine patches so they use session handles for parameter
> encryption and HMAC based authority, so this may end up biting me
> soon ...

I think you have to context save sessions, just as you do with transient 
objects.  Otherwise, only one process at a time can connect.

FWIW:

The TPM specs use the following jargon:

Loaded sessions:  The ~3 sessions that can be resident on the TPM.

Saved sessions:  Sessions that have been context saved off the TPM. 
These have a small bit of state on the TPM to prevent replays.

Active sessions:  The sum of loaded and saved, typically ~64.


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
tpmdd-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel

Reply via email to