Re: [tpmdd-devel] [RFC] tpm2-space: add handling for global session exhaustion
From: Ken Goldman
Date: Sun Feb 12 2017 - 15:30:03 EST
On 2/10/2017 11:46 AM, James Bottomley wrote:
On Fri, 2017-02-10 at 04:03 -0600, Dr. Greg Wettstein wrote:
On Feb 9, 11:24am, James Bottomley wrote:
quote: 810 milliseconds
verify signature: 635 milliseconds
Part of the way of reducing the latency is not to use the TPM for
things that don't require secrecy: container signature verification is
one such because the container is signed with a private key to which
Agreed. There are a few times one would verify a signature inside the
TPM, but they're far from mainstream:
1 - Early in the boot cycle, when there's no crypto library.
2 - When the crypto library doesn't support the required algorithm.
3 - When a ticket is needed to prove to the TPM later that it verified