Andreas Fuchs

There are some things in the TSS that can help you with this. The best solution is actually to use the *_Async and *_Finish functions rather than the blocking functions....

I guess that would definitively help. We should then find a response-code for Tcti_Receive(). Maybe IO_ERROR ? (List can be found here: https://github.com/tpm2-software/tpm2-tss/blob/master/include/tss2/tss2_common.h#L72)

I'd fake a TPM command response when it's something to be expected from a TPM; i.e. RM returns this on unknown handles; but the TPM would return the same error...

Your example uses an SSH session to the remote host (secure of the network). The remote host could however intercept the command and answer itself, instead of having the TPM...

Those are independent of the tpm-cmd+ssh configuration, but instead configure the tcti-wrap for which key to use for the TPM-audit-session. So yes, they refer to a keyhandle on the remote...

But then we'd have a mismatch in the type selector of the surrounding TPMT_PUBLIC structure. So TPMT_PUBLIC_DERIVE_mashall would still be needed, correct ?

I'm not quite sure, whether this is overkill. If you need a really tiny bit of SAPI only, then why not just statically link so only used stuff gets pulled...

> Yes, sigh, but sadly not all linkers in every environment can and do strip dead code. You're joking, right ? April fools or something ? Still, are such linkers...

I think I'm too stupid to understand anything beyond the first picture. For the first picture though: There is no relation between 1.0.x and 1.1.x because the both branch off...

> It cant be that: > > The tags for 1.1.0 can't point to two commits. Even if the contents are the same, the git sha is based on the...