Re: [Trustedjava-support] Locality- and PCR-based access control for NV RAM

[Ronald T. <ron...@ia...>]

Hi Jon,

On 08/29/2011 04:46 PM, Jonathan McCune wrote:
>> The problem is that jTSS doesn't support unauthenticated commands.
> I don't fully understand the scope of this limitation, as the TPM
> supports many commands that do not require authentication.
jTSS handles each commands in a uniform way. Once authentication is 
required in one case, it is in all.

> Are there plans for jTSS to ever support unauthenticated NVRAM commands?
Currently none; usually, TSS_WELL_KNOWN_SECRET serves very well as an 
substitute. Also, most object get this set as their default policy, so 
that the user experience usually does not suffer at all.

It is certainly possibly to make an exception for a small set of 
commands and add the necessary if clauses in all layers (tsp, soap, tcs).

> I'm trying to discern whether these issues are symptomatic of a
> work-in-progress, or if they are by design. And if so, why?
It's a pragmatic compromise, due to limited (human) resources.

Ronald

-- 
Dipl.-Ing. Ronald Tögl          phone +43 316/873-5502
Secure and Correct Systems      fax   +43 316/873-5520
IAIK                            ron...@ia...
Graz University of Technology   http://www.iaik.tugraz.at