On Thu, Feb 16, 2017 at 02:06:42PM -0600, Dr. Greg Wettstein wrote: > Just as an aside, has anyone given any thought about TPM2 resource > management in things like TXT/tboot environments? The current tboot > code makes a rather naive assumption that it can take a handle slot to > protect its platform verification secret. Doing resource management > correctly will require addressing extra-OS environments such as this > which may have TPM2 state requirement issues.
The current implementation handles stuff created from regular /dev/tpm0 so I do not think this would be an issue. You can only access objects from a TPM space that are created within that space. /Jarkko