Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

From: Ken Goldman
Date: Sun Feb 12 2017 - 15:30:03 EST

Next message: Linus Walleij: "Re: [PATCH 3/3] DT: add Faraday Tec. as vendor"
Previous message: Gabriel C: "Re: Linux 4.9.6 ( Restore IO-APIC irq_chip retrigger callback , breaks my box )"
In reply to: James Bottomley: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Next in thread: Dr. Greg Wettstein: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2/10/2017 11:46 AM, James Bottomley wrote:

On Fri, 2017-02-10 at 04:03 -0600, Dr. Greg Wettstein wrote:

On Feb 9, 11:24am, James Bottomley wrote:

quote: 810 milliseconds
verify signature: 635 milliseconds

...

Part of the way of reducing the latency is not to use the TPM for
things that don't require secrecy: container signature verification is
one such because the container is signed with a private key to which
...

Agreed. There are a few times one would verify a signature inside the TPM, but they're far from mainstream:

1 - Early in the boot cycle, when there's no crypto library.

2 - When the crypto library doesn't support the required algorithm.

3 - When a ticket is needed to prove to the TPM later that it verified
the signature.

Next message: Linus Walleij: "Re: [PATCH 3/3] DT: add Faraday Tec. as vendor"
Previous message: Gabriel C: "Re: Linux 4.9.6 ( Restore IO-APIC irq_chip retrigger callback , breaks my box )"
In reply to: James Bottomley: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Next in thread: Dr. Greg Wettstein: "Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]