TPM Support [PSARC/2008/725 FastTrack timeout 11/27/2008]
James Carlson
james.d.carlson at sun.com
Mon Dec 1 09:29:19 PST 2008
Wyllys Ingersoll writes:
> sources. That is why I originally suggested that the TPM should only
> reside
> in the global zone and that local zones would access it over the network
> and be subject to access controls as specified in the tcsd.conf.
It sounds to me like the complete Zones solution will require a
non-network-based cross-zone communication mechanism.
> I suggested that we could deliver the TPM device and libraries in all zones
> but that the administrator would have to know that only 1 zone per-system
> is allowed to access the TPM. That would at least allow the administrator
> to configure any single zone to run the TCS daemon instead of forcing it to
> be in the global zone, but it still has the restriction of only 1 TCS
> daemon per TPM.
That doesn't make sense to me. Why would the administrator _NOT_ want
to have access to the TPM in more than one zone?
--
James Carlson, Solaris Networking <james.d.carlson at sun.com>
Sun Microsystems / 35 Network Drive 71.232W Vox +1 781 442 2084
MS UBUR02-212 / Burlington MA 01803-2757 42.496N Fax +1 781 442 1677
More information about the opensolaris-arc
mailing list