On 1/25/2017 8:04 PM, James Bottomley wrote: > This leads to a problem: we have to have access to the session context > to pull this trick, and that means we have to disallow TPM users from > calling ContextSave on a session otherwise they could DoS us by > inducing an unremediable TPM_RC_CONTEXT_GAP error (simply by keeping > the saved session and never loading it).
I think it's perfectly acceptable to block applications from calling context save for sessions. I don't know of any use case that would require it. (There are definitely use cases for context save on transient objects, but they don't have the replay / gap issue.) ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
