On Sat, 2024-08-03 at 20:08 +0300, Jarkko Sakkinen wrote: > On Fri Aug 2, 2024 at 11:25 PM EEST, James Bottomley wrote: > > Now that we're going to be using the NULL primary to salt sessions, > > the Intel TSS shim needs fixing to cope with this. In the Intel > > TSS, there are two internal handles representing NULL: ESYS_TR_NONE > > and ESYS_TR_RH_NULL. We translate TPM_RH_NULL to ESYS_TR_NONE > > because > > Can you split this into two paragraphs. > > I'm lost why it has two representations. Well, I actually have no idea why the Intel TSS has two representations for *every* handle: an internal one (specific to the TSS) and an external one that everyone uses, like 81000001 or 40000007. As far as I can see it just adds pointless complexity to the coding. The IBM TSS only has one, so for code which works with both, the shim has to transform between internal and external handle representations before sending the command onward to the Intel TSS. Even more mysteriously the Intel TSS has three representations for the NULL handle: an internal one, an external one (40000007) and one you use for an empty session (ESYS_TR_NONE). The IBM TSS uses TPM_RH_NULL for all three so you can't just translate from external to internal you have to know if you're using the handle for a session or a hierarchy as well. James
