TPM Support [PSARC/2008/725 FastTrack timeout 11/27/2008]
Wyllys Ingersoll
wyllys.ingersoll at sun.com
Mon Dec 1 10:40:41 PST 2008
James Carlson wrote:
>> The first case is possible now by accessing the TCS daemon over the
>> network using
>> standard TSS APIs.
>>
>
> That doesn't work. There's no network connection that's necessarily
> available between global and non-global zones.
>
>
Yes, obviously. One must have network access, unless we come up with a
different
method for zones later.
>> The latter is prohibited by the TPM spec if another app is holding it open.
>>
>
> It sounds like the device is really an implementation detail, and not
> something that needs to be discussed as architecture.
>
> I don't see why assigning that internal device node (with its strange
> limitations) to non-global zones would ever be a useful thing to do.
> If the limitations can be removed, then there's a reason to do this,
> as it allows a TCS daemon per zone. Otherwise, not so much.
>
OK, we'll leave it as a global-zone-only device then.
-Wyllys
More information about the opensolaris-arc
mailing list