* [tpm2] Sharing TPM 2.0 between containers with access policy
@ 2020-06-05 7:52 Oleksii Moisieiev
0 siblings, 0 replies; only message in thread
From: Oleksii Moisieiev @ 2020-06-05 7:52 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 844 bytes --]
Hello all,
I have an embedded device, with Docker containers based architecture.
This device is operating by software, installed in separate containers.
I would like to share TPM2.0 access between this containers with the following restrictions:
1) Forbid Clear TPM command for the containers;
2) Each container should have an access only to the set of keys it owns.
3) Each container can create keys, but not overwrite existing keys that does not related to this container.
According to the "TCG TSS 2.0 TAB and Resource Manager Specification" - TPM Resource manager doesn't implement access restrictions right now.
So the question is: Could you suggest some existing solution on top of the TPM Resource Manager, which provides access restrictions and can isolate each container as a TPM user.
Best regards,
Oleksii
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1472 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2020-06-05 7:52 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-06-05 7:52 [tpm2] Sharing TPM 2.0 between containers with access policy Oleksii Moisieiev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.