> > It does. My trusted keys implementation actually uses sessions.
>
> But as I read the code, I can't find where the kernel creates a
> session. It looks like the session and hmac are passed in as option
> arguments, aren't they?
A bit of background.
In TPM 1.2, any authorization needed a session and an HMAC.
In TPM 2.0, authorization can be done using a plaintext password
(optionally) rather than an HMAC. To me, kernel authorization
is a good use case for a plaintext password, since there is a
trusted path to the TPM.
When using a plaintext password, the caller does not require
startauthsession. There is a special handle number that means
"plaintext password, no HMAC". It's always available, and does
not occupy a session slot.
However, for the future ...
TPM 2.0 also has policy sessions. E.g., use of the EK requires
a policy.
If the kernel ever wants to use policy, it needs startauthsession.
That's why I'm thinking that perhaps the space code should just
reserve ~2 sessions for it's own use, so it never blocks
because user space has occupied all the session slots.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
tpmdd-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/tpmdd-devel
