On 9/16/2017 11:36 AM, Jarkko Sakkinen wrote:
Hi
While sitting at the airport I started to think a bit about the context
gap issue.
I think first thing that would make sense would be to have a 64-bit
shadow count for every TPM space i.e.
atomic_long_t tpm2_ctx_cnt;
struct tpm2_space {
/* ... */
u64 ctx_cnt;
};
For every create and load of a session you will read the global count
and increase it. This way we have get a well defined order.
With this organization we could for example put tpm spaces to a
red-black tree and refresh the oldest tpm space (just first thought
that came to mind).
I think the algorithm is as follows:
1 - Each saved context has a sequence number. It can either be
extracted once and saved in a table or extracted from the context blob
when needed.
2 - When a startauthsession or contextload returns the
TPM_RC_CONTEXT_GAP error
2A - find the lowest context blob sequence number
2B - contextload it
2C - contextsave it
This is just for sessions, not objects.
~~
A fundamental design question is whether the application can call
contextsave for sessions, or whether the command is reserved for the
resource manager.
I personally think it adds a lot of complication - the session blob has
to be sort of virtualized. The use case - one application saving a
session, then handing it over to another application that loads it -
doesn't seem worth the complexity.
It should be discussed up front, because it affects the code.
