On Thu, 2024-04-04 at 18:09 +0300, Jarkko Sakkinen wrote: > [...] > Emphasis that I might have forgotten something but this is what I can > remember right now. What you forgot is that I did originally proposed session degapping in the kernel resource manager but it was rather complex, so you made me take it out for lack of a use case. It dates back to when we used the old sourceforge tpmdd list which seems to have caused message loss, so I'm not sure how complete this thread is: https://lore.kernel.org/lkml/1484772489.2396.2.camel@xxxxxxxxxxxxxxxxxxxxx/ If I compare it to the fragment on sourceforge, you can see a bit more of it (but sourceforge has lost the patch): https://sourceforge.net/p/tpmdd/mailman/tpmdd-devel/thread/201702090906.v1996c6a015552%40wind.enjellic.com/#msg35656470 The reality is that unless you context save a session, you don't need degapping and pretty much every TSS based use of sessions doesn't need to save them, so people who construct TPM based systems rarely run into this. The exception is the tpm2-tools CLI project, which encourages the context saving of sessions and thus can cause this. We kept tripping across this in the Keylime, but the eventual solution was to dump the tpm2-tools dependency and do a direct TSS connection in the Keylime agent. James
