TPM trusted keys code - Jarkko Sakkinen

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>
To: keyrings@vger.kernel.org
Subject: TPM trusted keys code
Date: Tue, 24 Oct 2017 16:06:03 +0000	[thread overview]
Message-ID: <20171024160603.or2yflspzfrf3bfo@linux.intel.com> (raw)

Hi David,

I have a proposal.

We are soon going to have the following tools for in-kernel consumers
of the TPM:

* tpm_send() that takes struct tpm_buf that gives easy tools to
  construct variable length commands. It has been already in use
  inside the TPM driver since 2015.
* tpm_find_and_get() and tpm_put() for locking the in-kernel API
  before use.
* All TPM constant values in include/linux/tpm.h

My main intention would be to refactor trusted keys code in the
following way:

1. Refactor TPM 1.x trusted keys code to use tpm_buf for constructing
   sealing messages and remove the custom stuff that you have currently.
2. Move TPM 2.x trusted keys code to security/keys/trusted

I originally implemeted TPM 2.x trusted keys code originally to the TPM
driver because the infrastructure was lacking.

My rationale here is that it is domain specific code used by only one
subsystem. For overall kernel arch it probably makes sense to have that
code located in that subsystems and have TPM driver only provide great
tools to implement that, right?

Just wanted to ask you before I start this effort. Thank you.

/Jarkko

next             reply	other threads:[~2017-10-24 16:06 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2017-10-24 16:06 Jarkko Sakkinen [this message]
2017-10-26 15:13 ` TPM trusted keys code David Howells
2017-10-26 16:16 ` Jarkko Sakkinen
2017-11-16 15:33 ` Tudor Ambarus
2017-11-20 22:00 ` Jarkko Sakkinen

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20171024160603.or2yflspzfrf3bfo@linux.intel.com \
    --to=jarkko.sakkinen@linux.intel.com \
    --cc=keyrings@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.