On Tue, 2024-02-20 at 22:31 +0000, Jarkko Sakkinen wrote: > > 2. Because localities are not too useful these days given TPM2's > policy mechanism Localitites are useful to the TPM2 policy mechanism. When we get key policy in the kernel it will give us a way to create TPM wrapped keys that can only be unwrapped in the kernel if we run the kernel in a different locality from userspace (I already have demo patches doing this). > I cannot recall out of top of my head can > you have two localities open at same time. I think there's a misunderstanding about what localities are: they're effectively an additional platform supplied tag to a command. Each command can therefore have one and only one locality. The TPM doesn't have a concept of which locality is open; if you look at the reference implementation, the simulator has a __plat__LocalitySet() function which places all commands in the just set locality until you change to a different one. However, since the way localities are implemented (i.e. what triggers _plat__LocalitySet()) is implementation defined, each physical TPM device has a different way of doing the set (for instance, for TIS TPM's locality is a function of the port set used to address the TPM; for CRB TPMs it can be an additional tag on the buffer for command submission). I think the locality request/relinquish was modelled after some other HW, but I don't know what. James
