diff for duplicates of <1520870233.4522.20.camel@HansenPartnership.com> diff --git a/a/1.txt b/N1/1.txt index ed04542..c1bb3f1 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -4,7 +4,7 @@ On Mon, 2018-03-12 at 12:58 +0200, Jarkko Sakkinen wrote: > > By now, everybody knows we have a problem with the TPM2_RS_PW easy > > button on TPM2 in that transactions on the TPM bus can be > > intercepted -> > and altered. The way to fix this is to use real sessions for HMAC +> > and altered.??The way to fix this is to use real sessions for HMAC > > capabilities to ensure integrity and to use parameter and response > > encryption to ensure confidentiality of the data flowing over the > > TPM @@ -12,8 +12,8 @@ On Mon, 2018-03-12 at 12:58 +0200, Jarkko Sakkinen wrote: > > > > This patch series is about adding a simple API which can ensure the > > above properties as a layered addition to the existing TPM handling -> > code. This series now includes protections for PCR extend, getting -> > random numbers from the TPM and data sealing and unsealing. It +> > code.??This series now includes protections for PCR extend, getting +> > random numbers from the TPM and data sealing and unsealing.??It > > therefore eliminates all uses of TPM2_RS_PW in the kernel and adds > > encryption protection to sensitive data flowing into and out of the > > TPM. @@ -36,14 +36,14 @@ On Mon, 2018-03-12 at 12:58 +0200, Jarkko Sakkinen wrote: > > that case > > > > I've verified this using the test suite in the last patch on a VM -> > connected to a tpm2 emulator. I also instrumented the emulator to +> > connected to a tpm2 emulator.??I also instrumented the emulator to > > make > > sure the sensitive data was properly encrypted. > > > > James > > 1. Can I ignore v2 and just review/test this version? I haven't even -> peeked into v2 yet. +> ???peeked into v2 yet. Yes, v3 is a more complete version of v2 with a couple of sessions API additions. @@ -74,10 +74,15 @@ https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git/log/ So I'd guess next merge window. You can do what we do in SCSI and create a "postmerge" branch based on the cryptodev one (we often have -SCSI stuff with block tree precursors). The way I run it is that I +SCSI stuff with block tree precursors). ?The way I run it is that I don't send the merge window pull request until I see the merge-base against Linus master move to the base of the patches (meaning all the precursors are upstream). > /Jarkko -> +> + +-- +To unsubscribe from this list: send the line "unsubscribe linux-security-module" in +the body of a message to majordomo at vger.kernel.org +More majordomo info at http://vger.kernel.org/majordomo-info.html diff --git a/a/content_digest b/N1/content_digest index 60bb57b..b67b071 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -1,12 +1,9 @@ "ref\01520720026.4495.11.camel@HansenPartnership.com\0" "ref\04aa8a4daf4b2f9f76f86b07bbdcb2f4c06b69a98.camel@linux.intel.com\0" - "From\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" - "Subject\0Re: [PATCH v3 0/6] add integrity and security to TPM2 transactions\0" + "From\0James.Bottomley@hansenpartnership.com (James Bottomley)\0" + "Subject\0[PATCH v3 0/6] add integrity and security to TPM2 transactions\0" "Date\0Mon, 12 Mar 2018 08:57:13 -0700\0" - "To\0Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>" - " linux-integrity@vger.kernel.org\0" - "Cc\0linux-crypto@vger.kernel.org" - " linux-security-module@vger.kernel.org\0" + "To\0linux-security-module@vger.kernel.org\0" "\00:1\0" "b\0" "On Mon, 2018-03-12 at 12:58 +0200, Jarkko Sakkinen wrote:\n" @@ -15,7 +12,7 @@ "> > By now, everybody knows we have a problem with the TPM2_RS_PW easy\n" "> > button on TPM2 in that transactions on the TPM bus can be\n" "> > intercepted\n" - "> > and altered. The way to fix this is to use real sessions for HMAC\n" + "> > and altered.??The way to fix this is to use real sessions for HMAC\n" "> > capabilities to ensure integrity and to use parameter and response\n" "> > encryption to ensure confidentiality of the data flowing over the\n" "> > TPM\n" @@ -23,8 +20,8 @@ "> > \n" "> > This patch series is about adding a simple API which can ensure the\n" "> > above properties as a layered addition to the existing TPM handling\n" - "> > code. This series now includes protections for PCR extend, getting\n" - "> > random numbers from the TPM and data sealing and unsealing. It\n" + "> > code.??This series now includes protections for PCR extend, getting\n" + "> > random numbers from the TPM and data sealing and unsealing.??It\n" "> > therefore eliminates all uses of TPM2_RS_PW in the kernel and adds\n" "> > encryption protection to sensitive data flowing into and out of the\n" "> > TPM.\n" @@ -47,14 +44,14 @@ "> > that case\n" "> > \n" "> > I've verified this using the test suite in the last patch on a VM\n" - "> > connected to a tpm2 emulator. I also instrumented the emulator to\n" + "> > connected to a tpm2 emulator.??I also instrumented the emulator to\n" "> > make\n" "> > sure the sensitive data was properly encrypted.\n" "> > \n" "> > James\n" "> \n" "> 1. Can I ignore v2 and just review/test this version? I haven't even\n" - "> peeked into v2 yet.\n" + "> ???peeked into v2 yet.\n" "\n" "Yes, v3 is a more complete version of v2 with a couple of sessions API\n" "additions.\n" @@ -85,12 +82,17 @@ "\n" "So I'd guess next merge window. You can do what we do in SCSI and\n" "create a \"postmerge\" branch based on the cryptodev one (we often have\n" - "SCSI stuff with block tree precursors). The way I run it is that I\n" + "SCSI stuff with block tree precursors). ?The way I run it is that I\n" "don't send the merge window pull request until I see the merge-base\n" "against Linus master move to the base of the patches (meaning all the\n" "precursors are upstream).\n" "\n" "> /Jarkko\n" - > + "> \n" + "\n" + "--\n" + "To unsubscribe from this list: send the line \"unsubscribe linux-security-module\" in\n" + "the body of a message to majordomo at vger.kernel.org\n" + More majordomo info at http://vger.kernel.org/majordomo-info.html -a79d42459d1f865e138d5600f81ca304290f92830b93b9e37e427eb88b3b08fc +40f34bc7e33427071ad8ff06ff6842f64c6a91114db97952292bdcf647317f3e
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.