* [tpm2] Re: : AW: Re: get TPM applications to happily co-exist
@ 2021-04-28 20:42 Kenneth Goldman
0 siblings, 0 replies; only message in thread
From: Kenneth Goldman @ 2021-04-28 20:42 UTC (permalink / raw)
To: tpm2
[-- Attachment #1: Type: text/plain, Size: 744 bytes --]
> From: Ted Kim <ted.h.kim(a)oracle.com>
>
> OK, but then the problem of preventing other applications from evicting
> persistent objects from our application doesn't seem to have a solution,
> except by locking down the owner hierarchy (e.g. my application has the
> password) - which doesn't seem very friendly. How does any other
> application create a primary object, etc. ?
A typical design has the owner create a primary storage key with an empty
password and make it persistent at a standard handle.
That's similar to the TPM 1.2 SRK.
Each application creates a key hierarchy under that storage key, with
whatever authorization they want.
The problem with a well-known owner auth is that everyone can Dos
the TPM.
[-- Attachment #2: attachment.htm --]
[-- Type: text/html, Size: 1100 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-04-28 20:42 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-04-28 20:42 [tpm2] Re: : AW: Re: get TPM applications to happily co-exist Kenneth Goldman
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.