[Cryptech Tech] USB interface

[Rob Austein]

On Fri, 29 May 2020 12:55:39 -0400, Peter Stuge wrote:
...
> In particular those who already use rev03 in production - how do
> applications currently handle the device suddenly becoming
> unresponsive?

RPC hangs or closes, management console hangs or closes.  Would have
to check code to see which in each case, and as we have multiple
client implementations the answers might not be uniform.  Clients are
of course free to time out, in which case they must consider the
existing RPC stream to be toast.

Given that we're talking about new HSM behavior where the USB device
vanishes from the host OS, the current MUX might just close all
connections.  We could of course rewrite the MUX to do something else
if we had a clear grasp of what we'd like it to do instead, but...

> Or does muxd handle that, maybe queueing requests until the device
> responds again?

Nope, because...

> Related to that: What happens with RPC session ids (is that the right name?)
> across a rev03 disconnect+connect?

HSM loses all knowledge of current sessions when power cycled.  This
is by design, and you'd have to make a pretty strong case to convince
me that it's not correct.  So recovery options after an HSM power
cycle are pretty limited.  We take a great deal of trouble to sequence
keystore flash operations in a way that allows us to recover from
power loss (or other form of crash) at any time, but other than that,
it's dead simple: power cycle is full reboot, and anything that didn't
get saved to flash is gone, other than the MKM if it retained power.