Re: [PATCH v2 6/7] tpm: expose spaces via a device link /dev/tpms<n>

From: Ken Goldman
Date: Tue Feb 28 2017 - 13:55:17 EST


On 2/26/2017 1:30 PM, Dr. Greg Wettstein wrote:

For example, Ken's tools which come in his TSS2 library, don't work
properly with the 'spaces' device due to the virtualization lifetime.
As an example, the getcapability call will 'lie' about the number of
transient handles which are available through the device. Attempts to
string multiple transaction sequences together will fail as well.

Two comments:

1 = The intent of the command line tools was for rapid prototyping scripts against a SW TPM, and then as sample code for writing the application.

2 - If you really want to script against a hardware TPM, it can be done. Simply place a proxy between the TSS and the TPM device driver. The proxy passes commands from the TCP socket to the TPM device driver. It keeps the connection open so the resource manager doesn't flush between transactions.

The proxy can be obtained from here. It's from TPM 1.2 days, but it works for TPM 2.0 as well.

https://sourceforge.net/projects/ibmswtpm/files/?source=navbar