Special Rules Related to Power and Shutdown Events
TPM Restart, TPM Reset, and TPM Resume are described in detail in Chapter 19. There are some special context-handling rules related to these events. This section describes the high-level “why” of these rules and then the details of the rules themselves.
A TPM Reset is like a cold power reboot, so session, object, and sequence contexts saved before a TPM Reset can't be reloaded afterward. Because TPM2_Shutdown(TPM_SU_CLEAR) was performed or no TPM2_Shutdown at all was executed, none of the information required to reload saved contexts was saved.
A TPM Restart is used to boot after the system hibernated, and a TPM Resume is used to turn on your computer after a sleep state has been entered. For both of these cases, because TPM2_Shutdown(TPM_SU_STATE) was executed, saved session, object, and sequence contexts can be reloaded; the one exception is that objects with the stClear bit set cannot be reloaded after a TPM Restart.
The detailed rules are as follows:
• Any type of TPM reset removes transient entities from the TPM. If the transient entity's context wasn't saved, there is no way to reload the entity.
• As for the case of the context being previously saved, if:
• TPM Resume occurs: Saved contexts can be context loaded.
• TPM Restart occurs and the object has the stClear bit cleared:
The object's saved context can be context loaded.
• TPM Reset or a TPM Restart occurs with the object's stClear
bit set: The saved object's context can't be context loaded.
• For a session, if the session's context was saved:
• The context can be context loaded after a TPM Resume or TPM Restart.
• The context can't be context loaded after a TPM Reset.
Because of all these complicated rules, some diagrams may help to illustrate both the normal handling and the special rules related to TPM Reset, TPM Restart, and TPM Resume (see Figure 18-1).
Figure 18-1. TPM state diagram for objects and sequences
Some notes about this diagram:
• Even though the word objects is used, this refers to both objects and sequences.
• The Load and ContextLoad arcs can be performed multiple times. Each instance results in a new copy of the object in the TPM with a new handle. Other than the handle, this object is identical to the other copies. Having multiple copies loaded in the TPM serves no useful purpose, as noted earlier.
• The ContextSave arc can occur multiple times. Each instance results in a new copy of the object's context.
• For sequences, the diagram is the same except for the following: a sequence's context must be saved after each SequenceUpdate.
Otherwise a ContextSave followed by a ContextLoad would result in a bad hash or HMAC computation.
The state diagram for sessions is relatively simple compared to objects and sequences (see Figure 18-2). The important differences to note are as follows:
• Objects and sequences can exist both on and off the TPM simultaneously, whereas sessions can't.
• Objects can be flushed and then reloaded. Sessions, when flushed, are terminated, and their saved contexts can't be reloaded.
• Unlike objects and sequences, active sessions always keep the same handle.
• Sessions can be “active” whether loaded in the TPM or not. They only become inactive when they are terminated (Session Ended state).
Figure 18-2. TPM state diagram for sessions
This concludes the discussion of context management. The TPM provides all the functionality needed to implement a resource manager. Although there are probably many ways to design a resource manager, at a high level, the simplest proactive approach is recommended.