On Wed, 2024-02-21 at 19:43 +0000, Jarkko Sakkinen wrote: > On Wed Feb 21, 2024 at 12:37 PM UTC, James Bottomley wrote: > > On Tue, 2024-02-20 at 22:31 +0000, Jarkko Sakkinen wrote: [...] > > > I cannot recall out of top of my head can > > > you have two localities open at same time. > > > > I think there's a misunderstanding about what localities are: > > they're effectively an additional platform supplied tag to a > > command. Each command can therefore have one and only one > > locality. The TPM doesn't > > Actually this was not unclear at all. I even read the chapters from > Ariel Segall's yesterday as a refresher. > > I was merely asking that if TPM_ACCESS_X is not properly cleared and > you se TPM_ACCESS_Y where Y < X how does the hardware react as the > bug report is pretty open ended and not very clear of the steps > leading to unwanted results. So TPM_ACCESS_X is *not* a generic TPM thing, it's a TIS interface specific thing. Now the TIS interface seems to be dominating, so perhaps it is the correct programming model for us to follow, but not all current TPMs adhere to it. > With a quick check from [1] could not spot the conflict reaction but > it is probably there. The way platforms should handle localities is now detailed in the TCG library code snippets (part 4 Supporting Routines - Code): https://trustedcomputinggroup.org/resource/tpm-library-specification/ It's the _plat__LocalityGet/Set in Appendix C The implementation documented there is what the TPM reference implementation follows. James
