On 2/22/2017 12:39 PM, James Bottomley wrote: > > Right at the moment the kernel use of tpm2 looks like > > acquire chip->tpm_mutex > load key > process key > unload key > release chip->tpm_mutex
The advantage to context save/ context load over load / flush is that load requires the parent(s). The parent chain may be long, a parent may require authorization, or authorization may be impossible because PCRs are no longer in the correct state. In TPM 1.2, there was a performance difference because load was an asymmetric key operation, but it's symmetric in TPM 2.0. > When the kernel needs to use resources that persisted beyond it > dropping the chip->tpm_mutex (say using policy or audit sessions), > then it would need to become a customer of the RM. BTW, use of an EK private key requires a policy session. ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ tpmdd-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
