Wyllys Ingersoll wrote: > ... > * TPM Device driver (tpm) > The TPM device driver was developed in a joint effort between the > Solaris > Security group and Dartmouth College and will be delivered on x86/64 based > platforms > as part of the core Solaris installation. Some X86/X64 machines can enable and use the TPM at the BIOS level. Does the TPM driver recognize/use the existing objects on the chip? > We intend to defer delivery of a TPM > driver for SPARC systems to a later integration, as TPM hardware is > predominantly > found on x86 systems.
I believe the T5120 (Niagara 2) systems have a TPM chip. So, it is useful to deliver the driver for it soon. > * PKCS11 Provider > A PKCS11 provider that will allow users to create individual tokens > that use the TPM > to generate keys and perform sensitive operations > (encrypt/decrypt/sign/verify) will be > delivered into ON. This provider will protect all private data objects by > encrypting them > with keys that can only be used inside the TPM device. > The PKCS11 TPM provider will support the following mechanisms: > CKM_RSA_PKCS_KEY_PAIR_GEN (2048 bit max) (hardware) > CKM_RSA_PKCS (2048 bit max) (hardware) > CKM_RSA_PKCS_OAEP (2048 bit max) (hardware) > CKM_RSA_X_509 (2048 bit max) (hardware) > CKM_MD5_RSA_PKCS (2048 bit max) (hardware) > CKM_SHA1_RSA_PKCS (2048 bit max) (hardware) > CKM_SHA_1 > CKM_SHA_1_HMAC > CKM_SHA_1_HMAC_GENERAL > CKM_MD5 > CKM_MD5_HMAC > CKM_MD5_HMAC_GENERAL > The chip can do random number generation too. So, do we plan to support the CKF_RNG and C_GenerateRandom() PKCS #11 interfaces? Regards, -Krishna
