On Sat Aug 3, 2024 at 10:47 PM EEST, James Bottomley wrote: > On Sat, 2024-08-03 at 22:31 +0300, Jarkko Sakkinen wrote: > > On Sat Aug 3, 2024 at 8:51 PM EEST, James Bottomley wrote: > > > On Sat, 2024-08-03 at 20:08 +0300, Jarkko Sakkinen wrote: > > > > On Fri Aug 2, 2024 at 11:25 PM EEST, James Bottomley wrote: > > > > > Now that we're going to be using the NULL primary to salt > > > > > sessions, the Intel TSS shim needs fixing to cope with this. > > > > > In the Intel TSS, there are two internal handles representing > > > > > NULL: ESYS_TR_NONE and ESYS_TR_RH_NULL. We translate > > > > > TPM_RH_NULL to ESYS_TR_NONE because > > > > > > > > Can you split this into two paragraphs. > > > > > > > > I'm lost why it has two representations. > > > > > > Well, I actually have no idea why the Intel TSS has two > > > representations for *every* handle: an internal one (specific to > > > the TSS) and an external one that everyone uses, like 81000001 or > > > 40000007. As far as I can see it just adds pointless complexity to > > > the coding. The IBM TSS only has one, so for code which works with > > > both, the shim has to transform between internal and external > > > handle representations before sending the command onward to the > > > Intel TSS. > > > > Is it possible to address this complexity and move into a single > > representation? I.e. use external presentation all the way. > > Yes, that's what the current code does. It began life as pure IBM TSS > so it used what the Intel TSS would consider as all external handle > representations. The external to internal shift (and back) happens > inside the TSS shim. Ah, right, OK now I'm on page, thank you. > > > > Even more mysteriously the Intel TSS has three representations for > > > the NULL handle: an internal one, an external one (40000007) and > > > one you use for an empty session (ESYS_TR_NONE). The IBM TSS uses > > > TPM_RH_NULL for all three so you can't just translate from external > > > to internal you have to know if you're using the handle for a > > > session or a hierarchy as well. > > > > Same question applies to this too. > > Remember this is just fixing the Intel TSS Shim. The fact that we have > to use three different handles for NULL isn't visible outside the shim, > so a consumer of these APIs just uses TPM_RH_NULL everywhere. The fix > is that the Intel TSS Shim was using the wrong handle for some > operations. OK, got it, thanks. BR, Jarkko
