From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: Jason Gunthorpe <jgunthorpe@obsidianresearch.com>
Cc: tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org,
peterhuewe@gmx.de, gregkh@linuxfoundation.org,
akpm@linux-foundation.org, mjg59@srcf.ucam.org,
Marcel Selhorst <tpmdd@selhorst.net>,
David Safford <safford@us.ibm.com>,
Mimi Zohar <zohar@linux.vnet.ibm.com>,
David Howells <dhowells@redhat.com>,
"open list:KEYS-TRUSTED" <linux-security-module@vger.kernel.org>,
"open list:KEYS-TRUSTED" <keyrings@vger.kernel.org>
Subject: Re: [PATCH 3/4] tpm: seal/unseal for TPM 2.0
Date: Tue, 13 Oct 2015 22:49:15 +0300 [thread overview]
Message-ID: <20151013194915.GB3669@intel.com> (raw)
In-Reply-To: <20151013173442.GB22160@obsidianresearch.com>
On Tue, Oct 13, 2015 at 11:34:42AM -0600, Jason Gunthorpe wrote:
> On Fri, Oct 02, 2015 at 11:38:17AM +0300, Jarkko Sakkinen wrote:
> > Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing
> > trusted keys.
> >
> > This patch implements basic sealing and unsealing functionality for
> > TPM 2.0:
>
> We really need to stop using chip id's as a handle - the caller should
> be using a pointer, it is just a horrible API, and the TPM_ANY_NUM
> business is awful too.. TPM's are stateful devices!
Eventually this needs to be refactored out. I don't see it in the scope
of these patches or as high priority ATM.
> Is it feasible to introduce new APIs with a saner scheme?
>
> The api layering also seems really weird to me. At a minimum the
> tpm_seal_trusted should be called within key_seal, but really, should
> key_seal be migrated into the TPM core? I'm not sure it makes alot of
> sense to have a tpm_seal_trusted which uses the high level key structs
> when other tpm functions are all low level RPC wrappers...
I think tpm_seal() inside trusted.c is not a very good API. It takes the
ad hoc version of the structs given to key_seal from stack. I don't see
a problem here.
My viewpoint has been that key_seal/unseal in trusted.c should be
refactored out and TPM1 implementations seal/unseal should be moved to
the TPM subsystem. There's so little amount of in-kernel low-level TPM
code that IMHO it makes sense to keep in one place (as are all the other
TPM utility functions).
I can work on the TPM1 migration when we have the basic TPM2 stuff in
place.
> Jason
/Jakrkko
next prev parent reply other threads:[~2015-10-13 19:49 UTC|newest]
Thread overview: 30+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-10-02 8:38 [PATCH 0/4] Basic trusted keys support for TPM 2.0 Jarkko Sakkinen
2015-10-02 8:38 ` [PATCH 1/4] tpm: introduce struct tpm_buf Jarkko Sakkinen
2015-10-02 8:38 ` [PATCH 2/4] trusted: move struct trusted_key_options to trusted-type.h Jarkko Sakkinen
2015-10-02 8:38 ` [PATCH 3/4] tpm: seal/unseal for TPM 2.0 Jarkko Sakkinen
2015-10-13 17:34 ` Jason Gunthorpe
2015-10-13 19:49 ` Jarkko Sakkinen [this message]
2015-10-02 8:38 ` [PATCH 4/4] keys, trusted: seal/unseal with TPM 2.0 chips Jarkko Sakkinen
2015-10-03 10:00 ` [tpmdd-devel] " Fuchs, Andreas
2015-10-03 10:26 ` Jarkko Sakkinen
2015-10-03 10:35 ` Jarkko Sakkinen
2015-10-04 18:57 ` Fuchs, Andreas
2015-10-05 8:37 ` Jarkko Sakkinen
2015-10-05 9:00 ` Fuchs, Andreas
2015-10-05 11:56 ` Jarkko Sakkinen
2015-10-05 12:20 ` Fuchs, Andreas
2015-10-05 13:17 ` Jarkko Sakkinen
2015-10-05 13:36 ` Fuchs, Andreas
2015-10-05 13:57 ` Jarkko Sakkinen
2015-10-05 14:13 ` Fuchs, Andreas
2015-10-05 14:28 ` Jarkko Sakkinen
2015-10-05 15:20 ` Arthur, Will C
2015-10-06 6:22 ` Fuchs, Andreas
2015-10-06 12:26 ` Jarkko Sakkinen
2015-10-06 13:16 ` Fuchs, Andreas
2015-10-06 15:05 ` Jarkko Sakkinen
2015-10-07 10:04 ` Fuchs, Andreas
2015-10-07 10:25 ` Jarkko Sakkinen
2015-10-07 10:32 ` Fuchs, Andreas
2015-10-07 11:15 ` Jarkko Sakkinen
-- strict thread matches above, loose matches on Subject: below --
2015-07-03 15:36 [PATCH 0/4] Basic trusted keys support for TPM 2.0 Jarkko Sakkinen
2015-07-03 15:36 ` [PATCH 3/4] tpm: seal/unseal " Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20151013194915.GB3669@intel.com \
--to=jarkko.sakkinen@linux.intel.com \
--cc=akpm@linux-foundation.org \
--cc=dhowells@redhat.com \
--cc=gregkh@linuxfoundation.org \
--cc=jgunthorpe@obsidianresearch.com \
--cc=keyrings@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=mjg59@srcf.ucam.org \
--cc=peterhuewe@gmx.de \
--cc=safford@us.ibm.com \
--cc=tpmdd-devel@lists.sourceforge.net \
--cc=tpmdd@selhorst.net \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.