From mboxrd@z Thu Jan 1 00:00:00 1970 From: Mimi Zohar Date: Sun, 02 Dec 2018 15:10:36 +0000 Subject: Re: [PATCH] docs: Extend trusted keys documentation for TPM 2.0 Message-Id: <1543763436.4216.196.camel@linux.ibm.com> MIME-Version: 1.0 Content-Type: text/plain; charset="maccentraleurope" Content-Transfer-Encoding: base64 List-Id: References: <20181019101758.1569-1-stefanb@linux.ibm.com> <20181106164603.w46wspmdj5e4slwe@cantor> <1541528254.8568.48.camel@linux.ibm.com> <20181130234507.GA3792@linux.intel.com> <20181130234646.GB3792@linux.intel.com> In-Reply-To: <20181130234646.GB3792@linux.intel.com> To: Jarkko Sakkinen , James Bottomley Cc: Jerry Snitselaar , Stefan Berger , keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org T24gRnJpLCAyMDE4LTExLTMwIGF0IDE1OjQ2IC0wODAwLCBKYXJra28gU2Fra2luZW4gd3JvdGU6 Cj4gT24gRnJpLCBOb3YgMzAsIDIwMTggYXQgMDM6NDU6MDdQTSAtMDgwMCwgSmFya2tvIFNha2tp bmVuIHdyb3RlOgo+ID4gT24gVHVlLCBOb3YgMDYsIDIwMTggYXQgMDE6MTc6MzRQTSAtMDUwMCwg TWltaSBab2hhciB3cm90ZToKPiA+ID4gT24gVHVlLCAyMDE4LTExLTA2IGF0IDA5OjQ2IC0wNzAw LCBKZXJyeSBTbml0c2VsYWFyIHdyb3RlOgo+ID4gPiA+IE9uIEZyaSBPY3QgMTkgMTgsIFN0ZWZh biBCZXJnZXIgd3JvdGU6Cj4gPiA+ID4gPkV4dGVuZCB0aGUgZG9jdW1lbnRhdGlvbiBmb3IgdHJ1 c3RlZCBrZXlzIHdpdGggZG9jdW1lbnRhdGlvbiBmb3IgaG93IHRvCj4gPiA+ID4gPnNldCB1cCBh IGtleSBmb3IgYSBUUE0gMi4wIHNvIGl0IGNhbiBiZSB1c2VkIHdpdGggYSBUUE0gMi4wIGFzIHdl bGwuCj4gPiA+ID4gPgo+ID4gPiA+ID5TaWduZWQtb2ZmLWJ5OiBTdGVmYW4gQmVyZ2VyIDxzdGVm YW5iQGxpbnV4LmlibS5jb20+Cj4gPiA+ID4gPlJldmlld2VkLWJ5OiBNaW1pIFpvaGFyIDx6b2hh ckBsaW51eC5pYm0uY29tPgo+ID4gPiA+IAo+ID4gPiA+IEFja2VkLWJ5OiBKZXJyeSBTbml0c2Vs YWFyIDxqc25pdHNlbEByZWRoYXQuY29tPgo+ID4gPiAKPiA+ID4gVGhhbmtzISDCoFRoaXMgcGF0 Y2ggaXMgbm93IHN0YWdlZCBpbiB0aGUgI25leHQtaW50ZWdyaXR5LXF1ZXVlZAo+ID4gPiBicmFu Y2guCj4gPiA+IAo+ID4gPiBNaW1pCj4gPiAKPiA+IFJldmlld2VkLWJ5OiBKYXJra28gU2Fra2lu ZW4gPGphcmtrby5zYWtraW5lbkBsaW51eC5pbnRlbC5jb20+Cj4gCj4gQnJpbmdzIHRvIG1pbmQs IGluIHRoZSBsb25nIHJ1biB3aGVyZSB0aGUgYmFja2VuZCBjb2RlIGZvciB0cnVzdGVkIGtleXMK PiBzaG91bGQgcmVzaWRlLgoKQXJlIHlvdSBhc2tpbmcgYWJvdXQgY29vcmRpbmF0aW5nIHN0YWdp bmcgdGhlIHRydXN0ZWQga2V5IHBhdGNoZXMgdG8KYmUgdXBzdHJlYW1lZCBvciBhYm91dCBtb3Zp bmcgcG9ydGlvbnMgb2YgdGhlIGVuY3J5cHRlZCBrZXlzIGNvZGUgb3V0Cm9mIHRoZSBrZXlyaW5n IHN1YnN5c3RlbT8KCkknbSBub3Qgc3VyZSB0aGVyZSBuZWVkcyB0byBiZSBhIHNlcGFyYXRlIGVu Y3J5cHRlZC1rZXlzIHB1bGwgcmVxdWVzdC4KwqBFaXRoZXIgdGhleSBjYW4gYmUgdXBzdHJlYW1l ZCB2aWEgdGhlIFRQTSBvciB0aGUgaW50ZWdyaXR5IHN1YnN5c3RlbQpmb3Igbm93LgoKTWltaQo= From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-4.0 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_PASS,URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1013EC04EB8 for ; Sun, 2 Dec 2018 15:10:56 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id CAE9020851 for ; Sun, 2 Dec 2018 15:10:55 +0000 (UTC) DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org CAE9020851 Authentication-Results: mail.kernel.org; dmarc=fail (p=none dis=none) header.from=linux.ibm.com Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=linux-integrity-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725856AbeLBPK5 (ORCPT ); Sun, 2 Dec 2018 10:10:57 -0500 Received: from mx0a-001b2d01.pphosted.com ([148.163.156.1]:41338 "EHLO mx0a-001b2d01.pphosted.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725875AbeLBPK5 (ORCPT ); Sun, 2 Dec 2018 10:10:57 -0500 Received: from pps.filterd (m0098393.ppops.net [127.0.0.1]) by mx0a-001b2d01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id wB2F3Ksu120474 for ; Sun, 2 Dec 2018 10:10:54 -0500 Received: from e06smtp03.uk.ibm.com (e06smtp03.uk.ibm.com [195.75.94.99]) by mx0a-001b2d01.pphosted.com with ESMTP id 2p48d485ey-1 (version=TLSv1.2 cipher=AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 02 Dec 2018 10:10:53 -0500 Received: from localhost by e06smtp03.uk.ibm.com with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted for from ; Sun, 2 Dec 2018 15:10:51 -0000 Received: from b06cxnps4076.portsmouth.uk.ibm.com (9.149.109.198) by e06smtp03.uk.ibm.com (192.168.101.133) with IBM ESMTP SMTP Gateway: Authorized Use Only! Violators will be prosecuted; (version=TLSv1/SSLv3 cipher=AES256-GCM-SHA384 bits=256/256) Sun, 2 Dec 2018 15:10:49 -0000 Received: from d06av24.portsmouth.uk.ibm.com (mk.ibm.com [9.149.105.60]) by b06cxnps4076.portsmouth.uk.ibm.com (8.14.9/8.14.9/NCO v10.0) with ESMTP id wB2FAm666095160 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Sun, 2 Dec 2018 15:10:48 GMT Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 0F5F242047; Sun, 2 Dec 2018 15:10:48 +0000 (GMT) Received: from d06av24.portsmouth.uk.ibm.com (unknown [127.0.0.1]) by IMSVA (Postfix) with ESMTP id 1102B42041; Sun, 2 Dec 2018 15:10:47 +0000 (GMT) Received: from localhost.localdomain (unknown [9.80.106.63]) by d06av24.portsmouth.uk.ibm.com (Postfix) with ESMTP; Sun, 2 Dec 2018 15:10:46 +0000 (GMT) Subject: Re: [PATCH] docs: Extend trusted keys documentation for TPM 2.0 From: Mimi Zohar To: Jarkko Sakkinen , James Bottomley Cc: Jerry Snitselaar , Stefan Berger , keyrings@vger.kernel.org, linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org Date: Sun, 02 Dec 2018 10:10:36 -0500 In-Reply-To: <20181130234646.GB3792@linux.intel.com> References: <20181019101758.1569-1-stefanb@linux.ibm.com> <20181106164603.w46wspmdj5e4slwe@cantor> <1541528254.8568.48.camel@linux.ibm.com> <20181130234507.GA3792@linux.intel.com> <20181130234646.GB3792@linux.intel.com> Content-Type: text/plain; charset="UTF-8" X-Mailer: Evolution 3.20.5 (3.20.5-1.fc24) Mime-Version: 1.0 Content-Transfer-Encoding: 8bit X-TM-AS-GCONF: 00 x-cbid: 18120215-0012-0000-0000-000002D373A8 X-IBM-AV-DETECTION: SAVI=unused REMOTE=unused XFE=unused x-cbparentid: 18120215-0013-0000-0000-00002108C665 Message-Id: <1543763436.4216.196.camel@linux.ibm.com> X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:,, definitions=2018-12-02_10:,, signatures=0 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1812020145 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org On Fri, 2018-11-30 at 15:46 -0800, Jarkko Sakkinen wrote: > On Fri, Nov 30, 2018 at 03:45:07PM -0800, Jarkko Sakkinen wrote: > > On Tue, Nov 06, 2018 at 01:17:34PM -0500, Mimi Zohar wrote: > > > On Tue, 2018-11-06 at 09:46 -0700, Jerry Snitselaar wrote: > > > > On Fri Oct 19 18, Stefan Berger wrote: > > > > >Extend the documentation for trusted keys with documentation for how to > > > > >set up a key for a TPM 2.0 so it can be used with a TPM 2.0 as well. > > > > > > > > > >Signed-off-by: Stefan Berger > > > > >Reviewed-by: Mimi Zohar > > > > > > > > Acked-by: Jerry Snitselaar > > > > > > Thanks!  This patch is now staged in the #next-integrity-queued > > > branch. > > > > > > Mimi > > > > Reviewed-by: Jarkko Sakkinen > > Brings to mind, in the long run where the backend code for trusted keys > should reside. Are you asking about coordinating staging the trusted key patches to be upstreamed or about moving portions of the encrypted keys code out of the keyring subsystem? I'm not sure there needs to be a separate encrypted-keys pull request.  Either they can be upstreamed via the TPM or the integrity subsystem for now. Mimi