Re: [tpmdd-devel] [PATCH v2 4/7] tpm: infrastructure for TPM spaces

From: Ken Goldman
Date: Wed Feb 22 2017 - 15:56:28 EST

Next message: Jason Vas Dias: "Re: [PATCH] arch/x86/kernel/tsc.c : set X86_FEATURE_ART for TSC on CPUs like i7-4910MQ : bug #194609"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH 6/9] tools: convert map_groups.refcnt from atomic_t to refcount_t"
In reply to: James Bottomley: "Re: [tpmdd-devel] [PATCH v2 4/7] tpm: infrastructure for TPM spaces"
Next in thread: Jarkko Sakkinen: "Re: [tpmdd-devel] [PATCH v2 4/7] tpm: infrastructure for TPM spaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/22/2017 12:39 PM, James Bottomley wrote:

Right at the moment the kernel use of tpm2 looks like

acquire chip->tpm_mutex
load key
process key
unload key
release chip->tpm_mutex

The advantage to context save/ context load over load / flush
is that load requires the parent(s). The parent chain may be long,
a parent may require authorization, or authorization may be impossible because PCRs are no longer in the correct state.

In TPM 1.2, there was a performance difference because load was an asymmetric key operation, but it's symmetric in TPM 2.0.

When the kernel needs to use resources that persisted beyond it
dropping the chip->tpm_mutex (say using policy or audit sessions),
then it would need to become a customer of the RM.

BTW, use of an EK private key requires a policy session.

Next message: Jason Vas Dias: "Re: [PATCH] arch/x86/kernel/tsc.c : set X86_FEATURE_ART for TSC on CPUs like i7-4910MQ : bug #194609"
Previous message: Arnaldo Carvalho de Melo: "Re: [PATCH 6/9] tools: convert map_groups.refcnt from atomic_t to refcount_t"
In reply to: James Bottomley: "Re: [tpmdd-devel] [PATCH v2 4/7] tpm: infrastructure for TPM spaces"
Next in thread: Jarkko Sakkinen: "Re: [tpmdd-devel] [PATCH v2 4/7] tpm: infrastructure for TPM spaces"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]