Re: [openssl-tpm2-engine] [PATCH v2 1/8] tss: Fix handling of TPM_RH_NULL in intel-tss

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Mon Aug 5, 2024 at 5:48 AM EEST, James Bottomley wrote:
> On Mon, 2024-08-05 at 00:28 +0300, Jarkko Sakkinen wrote:
> [...]
> > > --- a/src/include/intel-tss.h
> > > +++ b/src/include/intel-tss.h
> > > @@ -251,14 +251,6 @@ intel_sess_helper(TSS_CONTEXT *tssContext,
> > > TPM_HANDLE auth, TPMA_SESSION flags)
> > >                                   TPMA_SESSION_CONTINUESESSION |
> > > flags);
> > >  }
> > >  
> > > -static inline TPM_HANDLE
> > > -intel_handle(TPM_HANDLE h)
> > > -{
> > > -       if (h == 0)
> > > -               return ESYS_TR_NONE;
> > > -       return h;
> > > -}
> > > -
> > >  static inline void
> > >  TSS_Delete(TSS_CONTEXT *tssContext)
> > >  {
> > > @@ -937,8 +929,10 @@ tpm2_CreatePrimary(TSS_CONTEXT *tssContext,
> > > TPM_HANDLE primaryHandle,
> > >         TPM2B_PUBLIC *opub;
> > >         TPM_RC rc;
> > >  
> > > -       /* FIXME will generate wrong value for NULL hierarchy */
> > > -       primaryHandle = intel_handle(primaryHandle);
> > > +
> > > +       /* TPM_RH_NULL is mapped to ESYS_TR_NONE, which won't work
> > > here */
> > > +       if (primaryHandle == TPM_RH_NULL)
> > > +               primaryHandle = INT_TPM_RH_NULL;
> > >  
> > >         outsideInfo.size = 0;
> > >         creationPcr.count = 0;
> > > @@ -993,9 +987,7 @@ tpm2_StartAuthSession(TSS_CONTEXT *tssContext,
> > > TPM_HANDLE tpmKey,
> > >                       TPM_HANDLE *sessionHandle,
> > >                       const char *bindPassword)
> > >  {
> > > -       bind = intel_handle(bind);
> > > -       tpmKey = intel_handle(tpmKey);
> > > -       if (bind != ESYS_TR_NONE)
> > > +       if (bind != TPM_RH_NULL)
> > >                 intel_auth_helper(tssContext, bind, bindPassword);
> > 
> > Not blaming the patch but just have hard time coping this.
> > 
> > The most basic question is probably this: what is the application for
> > INT_TPM_RH_NULL?
>
> Ah, well, it turns out that the Intel TSS also isn't very performant
> and part of the performance loss is using a memory database for
> translating external TPM objects into internal ones.  Some of the
> performance can be recovered by not doing this.

So INT_RH_NULL is  a flag that translates to "do not translate to
internal object if it is derived from the nulll seed?". I.e. is it
some kind of skip flag?

External presentation is any TPM object I guess, but what is
conceptually the internal representation we are talking about here?

I wonder why nobody ever got idea that all kinds of TPM daemons
could use u64 for handles, and have future-proof robustness as in
TPM2 handles are u32.

BR, Jarkko
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux