From: Ken Goldman <kgoldman-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org
Cc: linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org
Subject: Re: [RFC] tpm2-space: add handling for global session exhaustion
Date: Mon, 30 Jan 2017 17:46:26 -0500 [thread overview]
Message-ID: <o6ofns$5ic$1@blaine.gmane.org> (raw)
In-Reply-To: <1485814388.2518.28.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
On 1/30/2017 5:13 PM, James Bottomley wrote:
>
> But as I read the code, I can't find where the kernel creates a
> session. It looks like the session and hmac are passed in as option
> arguments, aren't they?
A bit of background.
Unlike TPM 1.2, which always required an HMAC, TPM 2.0 has plaintext
password sessions, with the session number TPM_RS_PS. This type of
session does not have to be created or flushed. Since the kernel has a
presumed trusted path to the TPM, I don't see any need for an HMAC session.
However, TPM 2.0 does has policy sessions. These do have to be
created. The kernel use case may be in the future.
The first use I encountered for a policy session is use of the EK. The
EK has no password of its own, but rather has a policy that points to
the endorsement hierarchy authorization - policy secret.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
next prev parent reply other threads:[~2017-01-30 22:46 UTC|newest]
Thread overview: 46+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-18 20:48 [RFC] tpm2-space: add handling for global session exhaustion James Bottomley
2017-01-18 20:48 ` James Bottomley
[not found] ` <1484772489.2396.2.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-19 12:25 ` Jarkko Sakkinen
2017-01-19 12:25 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170119122533.d7h5rgatpwl3qmcl-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-19 12:41 ` Jarkko Sakkinen
2017-01-19 12:41 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170119124101.nw7a7m735zhiivfo-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-27 21:20 ` Ken Goldman
2017-01-27 21:59 ` James Bottomley
2017-01-27 21:59 ` [tpmdd-devel] " James Bottomley
2017-01-19 12:59 ` James Bottomley
2017-01-19 12:59 ` [tpmdd-devel] " James Bottomley
2017-01-20 13:40 ` Jarkko Sakkinen
2017-01-27 21:42 ` Ken Goldman
2017-01-27 22:04 ` James Bottomley
2017-01-27 22:04 ` [tpmdd-devel] " James Bottomley
[not found] ` <1485554699.3229.20.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-27 23:35 ` Jason Gunthorpe
2017-01-27 23:35 ` [tpmdd-devel] " Jason Gunthorpe
[not found] ` <20170127233513.GA28995-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-01-27 23:48 ` James Bottomley
2017-01-27 23:48 ` [tpmdd-devel] " James Bottomley
2017-01-30 0:52 ` Ken Goldman
2017-01-30 0:52 ` Ken Goldman
2017-01-30 16:04 ` James Bottomley
2017-01-30 16:04 ` [tpmdd-devel] " James Bottomley
[not found] ` <1485792295.2518.23.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-30 21:58 ` Jarkko Sakkinen
2017-01-30 21:58 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170130215815.4lr42ob7e4cycwgi-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-01-30 22:13 ` James Bottomley
2017-01-30 22:13 ` [tpmdd-devel] " James Bottomley
[not found] ` <1485814388.2518.28.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-01-30 22:46 ` Ken Goldman [this message]
2017-01-31 13:31 ` Jarkko Sakkinen
2017-01-31 13:31 ` [tpmdd-devel] " Jarkko Sakkinen
2017-02-10 17:22 ` Kenneth Goldman
2017-01-31 19:28 ` Ken Goldman
2017-01-31 19:55 ` James Bottomley
2017-01-31 19:55 ` [tpmdd-devel] " James Bottomley
[not found] <jarkko.sakkinen@linux.intel.com>
2017-02-09 9:06 ` Dr. Greg Wettstein
[not found] ` <201702090906.v1996c6a015552-DHO+NtfOqB5PEDpkEIzg7wC/G2K4zDHf@public.gmane.org>
2017-02-09 15:19 ` Jarkko Sakkinen
[not found] ` <20170209151922.cqo32h4io5dqyvvw-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-02-09 19:04 ` Jason Gunthorpe
[not found] ` <20170209190426.GA1104-ePGOBjL8dl3ta4EC/59zMFaTQe2KTcn/@public.gmane.org>
2017-02-09 19:29 ` James Bottomley
[not found] ` <1486668591.2616.45.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-02-09 21:54 ` Jason Gunthorpe
2017-02-10 8:48 ` [tpmdd-devel] " Jarkko Sakkinen
[not found] ` <20170210084837.lq3mofgfwvjx623m-ral2JQCrhuEAvxtiuMwx3w@public.gmane.org>
2017-02-10 23:13 ` Kenneth Goldman
2017-02-09 20:05 ` James Bottomley
[not found] <James.Bottomley@HansenPartnership.com>
2017-02-10 10:03 ` Dr. Greg Wettstein
[not found] ` <201702101003.v1AA3plF029882-DHO+NtfOqB5PEDpkEIzg7wC/G2K4zDHf@public.gmane.org>
2017-02-10 16:46 ` James Bottomley
[not found] ` <1486745163.2502.26.camel-d9PhHud1JfjCXq6kfMZ53/egYHeGw8Jk@public.gmane.org>
2017-02-10 21:13 ` Kenneth Goldman
2017-02-14 14:38 ` [tpmdd-devel] " Dr. Greg Wettstein
[not found] ` <20170214143829.GA28175-DHO+NtfOqB5PEDpkEIzg7wC/G2K4zDHf@public.gmane.org>
2017-02-14 16:47 ` James Bottomley
2017-02-10 21:18 ` Kenneth Goldman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='o6ofns$5ic$1@blaine.gmane.org' \
--to=kgoldman-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=linux-security-module-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
--cc=tpmdd-devel-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.