> > Regarding the in-kernel "minimal resource manager": AFAIK there is > > already a tpm-mutex inside the kernel. We could use that mutex and > > then have the algorithm: > > > > [SNIP] > > I don't care about one purpose hacks. Second, I don't care about pseudo > code (at least not for "too big things"). It has tendency to mask > unexpected details. If you want to propose something, please go through > the patch process. > > > We don't need anything more fancy than this. And it should even > > guarantee that the old values are still present after mutex_release, > > so (opposed to a full-blown resource-manager) we do not need to keep > > track and rewrite virtual handles inside the user-space commands. > > > > IMHO, this should be lightweight enough even for the most embedded of > > applications, since the 2*2k blobs are only allocated on demand... > > It's still unnecessary functionality and increases the kernel image size > and every hack requires maintenance. It would probably end up needing > compilation flag as there exists efforts like: > > https://tiny.wiki.kernel.org/ > > My simple and stupid solution does not *prevent* adding better > synchronization. I would go with that and implement access broker > properly and not for just one use case later on.
Unfortunately, I'm not able to write up some code for this myself atm. Other priorities unfortunately. I was just pointing out, that the proposed patch will not fit in with the current approach in TSS2.0, before this user-facing kernel API is set in stone and _corrected_ new syscalls need to be added later. Also, the pseudo-code proposal should be a proper minimal access broker that should solve most accesses to TPM transient objects down the road. Session-brokering is a different beast of course. Cheers, Andreas-- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/