From: James Bottomley <James.Bottomley@HansenPartnership.com>
To: Jarkko Sakkinen <jarkko@kernel.org>,
William Brown <wbrown@suse.de>,
linux-integrity@vger.kernel.org
Cc: peterhuewe@gmx.de, jgg@ziepe.ca, Takashi Iwai <tiwai@suse.de>
Subject: Re: TPM error 0x0901, possibly related to TPM2_PT_CONTEXT_GAP_MAX
Date: Thu, 04 Apr 2024 11:49:54 -0400 [thread overview]
Message-ID: <6857f043301a100ee93b3ea120a2d1d60e83efdb.camel@HansenPartnership.com> (raw)
In-Reply-To: <D0BFMGM02V7A.1HEWQ05350K07@kernel.org>
On Thu, 2024-04-04 at 18:09 +0300, Jarkko Sakkinen wrote:
> [...]
> Emphasis that I might have forgotten something but this is what I can
> remember right now.
What you forgot is that I did originally proposed session degapping in
the kernel resource manager but it was rather complex, so you made me
take it out for lack of a use case. It dates back to when we used the
old sourceforge tpmdd list which seems to have caused message loss, so
I'm not sure how complete this thread is:
https://lore.kernel.org/lkml/1484772489.2396.2.camel@HansenPartnership.com/
If I compare it to the fragment on sourceforge, you can see a bit more
of it (but sourceforge has lost the patch):
https://sourceforge.net/p/tpmdd/mailman/tpmdd-devel/thread/201702090906.v1996c6a015552%40wind.enjellic.com/#msg35656470
The reality is that unless you context save a session, you don't need
degapping and pretty much every TSS based use of sessions doesn't need
to save them, so people who construct TPM based systems rarely run into
this. The exception is the tpm2-tools CLI project, which encourages
the context saving of sessions and thus can cause this. We kept
tripping across this in the Keylime, but the eventual solution was to
dump the tpm2-tools dependency and do a direct TSS connection in the
Keylime agent.
James
next prev parent reply other threads:[~2024-04-04 15:49 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-04-04 2:19 TPM error 0x0901, possibly related to TPM2_PT_CONTEXT_GAP_MAX William Brown
2024-04-04 15:06 ` Jarkko Sakkinen
2024-04-04 15:09 ` Jarkko Sakkinen
2024-04-04 15:49 ` James Bottomley [this message]
2024-04-05 0:24 ` William Brown
2024-04-13 20:50 ` Jarkko Sakkinen
2024-04-11 22:50 ` Jarkko Sakkinen
2024-04-11 23:21 ` William Brown
2024-04-13 21:43 ` Jarkko Sakkinen
2024-04-05 0:24 ` William Brown
2024-04-13 20:54 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=6857f043301a100ee93b3ea120a2d1d60e83efdb.camel@HansenPartnership.com \
--to=james.bottomley@hansenpartnership.com \
--cc=jarkko@kernel.org \
--cc=jgg@ziepe.ca \
--cc=linux-integrity@vger.kernel.org \
--cc=peterhuewe@gmx.de \
--cc=tiwai@suse.de \
--cc=wbrown@suse.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox