TPM Support [PSARC/2008/725 FastTrack timeout 11/27/2008]
James Carlson
james.d.carlson at sun.com
Mon Dec 1 07:37:34 PST 2008
Wyllys Ingersoll writes:
> > i think this would be a good stop-gap measure. it would simplify the
> > deployment of tss based application in one non-global zone.
> >
> > as an implementation detail, you'll probably want to enhance zoneadm to detect
> > when a zone is booting with a tpm device allocated to it, and have it verify
> > that there are no other booted zones with tpm devices and that the tss daemon
> > is not running in the global zone. (this keeps things user friendly, and
> > zoneadm already does similar checks to verify that other required smf services
> > are running.)
> >
> > ed
> >
>
>
> The tpm device itself will not allow multiple readers, so I'm not sure
> if any external
> tool modification (zoneadm, etc) is even necessary. The device will
> respond to the first
> app to open it, no other apps can open the device until it gets closed
> again.
Is opening it and doing nothing an effective DoS?
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list