On 1/30/2017 5:13 PM, James Bottomley wrote: > > But as I read the code, I can't find where the kernel creates a > session. It looks like the session and hmac are passed in as option > arguments, aren't they?
A bit of background. Unlike TPM 1.2, which always required an HMAC, TPM 2.0 has plaintext password sessions, with the session number TPM_RS_PS. This type of session does not have to be created or flushed. Since the kernel has a presumed trusted path to the TPM, I don't see any need for an HMAC session. However, TPM 2.0 does has policy sessions. These do have to be created. The kernel use case may be in the future. The first use I encountered for a policy session is use of the EK. The EK has no password of its own, but rather has a policy that points to the endorsement hierarchy authorization - policy secret. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list tpmdd-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
