out of session handles when decrypting

[marincovic]

Hello Team,

I am getting the following issue

Error while starting HMAC Session. The error code is: 2309. The decoded value is: tpm:warn(2.0): out of session handles

I have not yet seen this issue but from what I understand the HMAC sessions that I am making are causing the system to have a lot of hanging memory. Is there a way to tell the TPM to release the session handles? It does not happen on all devices but just a few (1 out of 10 or might be less)

BR// Marin

[JuergenReppSIT]

If the tpm2 tools are installed you can list the session with tpm2_getcap, (-l lists the possibilities). The sessions can be flushed with tpm2_flushcontext (-l for loaded session, -s for saved sessions).

[marincovic]

And if I am using TPM-TSS I can just use the Esys_FlushContext to clear the HMAC session?

[JuergenReppSIT]

And if I am using TPM-TSS I can just use the Esys_FlushContext to clear the HMAC session?

yes Esys_FlushContext can be used for this purpose. Or you could use the continue session flag to signal that the session context can be cleared.

[marincovic]

And how would I set that flag? I am using the Esys_FlushContext but I would like to have some redundancy so that I do not block other tools using the TPM.

BR// Marin

[JuergenReppSIT]

The continue session flag can be set with Esys_TRSess_SetAttributes (flag TPMA_SESSION_CONTINUESESSION). The default for this flag is clear. So if a command with a session is executed successfully the session will be flushed automatically. But the session will not be flushed if an error did occur in the command.