Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion

From: Ken Goldman
Date: Sun Feb 12 2017 - 15:30:03 EST

On 2/10/2017 11:46 AM, James Bottomley wrote:
On Fri, 2017-02-10 at 04:03 -0600, Dr. Greg Wettstein wrote:
On Feb 9, 11:24am, James Bottomley wrote:

quote: 810 milliseconds
verify signature: 635 milliseconds

Part of the way of reducing the latency is not to use the TPM for
things that don't require secrecy: container signature verification is
one such because the container is signed with a private key to which

Agreed. There are a few times one would verify a signature inside the TPM, but they're far from mainstream:

1 - Early in the boot cycle, when there's no crypto library.

2 - When the crypto library doesn't support the required algorithm.

3 - When a ticket is needed to prove to the TPM later that it verified
the signature.