Open IldarAbdullin-okta opened 3 weeks ago
dgarske
commented
3 weeks ago Hi @IldarAbdullin-okta ,
No plans currently. What is the use-case and platform where you need this feature?
If you are on Linux we support --enable-tislock or WOLFTPM_TIS_LOCK that uses a named semaphore for locking allowing concurrent access between processes. However that only works if using our TIS layer. If using the /dev/tpm0 it's handled by the Linux Kernel.
Thanks, David Garske, wolfSSL
IldarAbdullin-okta
commented
3 weeks ago Hi @IldarAbdullin-okta ,
No plans currently. What is the use-case and platform where you need this feature?
If you are on Linux we support
--enable-tislockorWOLFTPM_TIS_LOCKthat uses a named semaphore for locking allowing concurrent access between processes. However that only works if using our TIS layer. If using the /dev/tpm0 it's handled by the Linux Kernel.Thanks, David Garske, wolfSSL
Platform is Linux, and yes, we are using /dev/tpm0 interface. One of the concern with the approach is that communication with /dev/tpmX requires root privileges. As a workaround we are thinking about installing udev rule similar to - tpm2-tss tool approach and add an end user to TSS group.
As a workaround we can have KERNEL=="tpm[0-9]*", TAG+="systemd", MODE="0660", GROUP="tss", and this most likely will be our short term solution. However that rule can be overwritten if user will install tpm2-tss tool after our application. So for us it would be great if we can follow the same approach as TSS has today for their tpm tools
dgarske
commented
1 week ago Hi @IldarAbdullin-okta ,
Thank you for those details. I will look into this TSS approach and see if I can improve wolfTPM support.
Thanks, David Garske, wolfSSL
Hi,
Are there any plans to support tpm resource manager integration(tpmrm0)?
Ildar