diff for duplicates of <20200914193712.GA3612@linux.intel.com> diff --git a/a/1.txt b/N1/1.txt index 0a8203a..5554f6d 100644 --- a/a/1.txt +++ b/N1/1.txt @@ -32,7 +32,7 @@ algorithm". > So create a new 32 byte key with a policy policy locking the key to > this value of PCR 16 with a parent key of 81000001 would be: > -> keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha1 pcrinfo\x030000016768033e216468247bd031a0a2d9876d79818f8f" @u +> keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha1 pcrinfo=030000016768033e216468247bd031a0a2d9876d79818f8f" @u > > Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com> > @@ -84,7 +84,7 @@ Extra newline. > +Create a trusted key on TPM 2.0 using an all zero value of PCR16 and > +using the NV storage root 81000001 as the parent:: > + -> + $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha1 pcrinfo\x030000016768033e216468247bd031a0a2d9876d79818f8f" @u +> + $ keyctl add trusted kmk "new 32 keyhandle=0x81000001 hash=sha1 pcrinfo=030000016768033e216468247bd031a0a2d9876d79818f8f" @u > + > +Note the TPMS_PCR_SELECT value for PCR 16 is 03000001 because all > +current TPMs have 24 PCRs, so the initial 03 says there are three @@ -92,7 +92,7 @@ Extra newline. > +endian, 16 is bit zero of byte 2. the hash is the sha1 sum of all > +zeros (the value of PCR 16):: > + -> + $ dd if=/dev/zero bs=1 count 2>/dev/null|sha1sum +> + $ dd if=/dev/zero bs=1 count=20 2>/dev/null|sha1sum > + 6768033e216468247bd031a0a2d9876d79818f8f > + > Reseal a trusted key under new pcr values:: @@ -279,7 +279,7 @@ understandable, must be documeted. > +{ > + int i; > + -> + if (pols->count = 0) +> + if (pols->count == 0) > + return 0; > + > + for (i = 0; i < pols->count; i++) { @@ -315,7 +315,7 @@ understandable, must be documeted. > + int i, ret, len = 0; > + struct tpm2_policies *pols; > + -> + if (ctx->policy_count = 0) +> + if (ctx->policy_count == 0) > + return 0; > + > + for (i = 0; i < ctx->policy_count; i++) @@ -363,7 +363,7 @@ understandable, must be documeted. > + struct crypto_shash *tfm; > + int rc; > + -> + if (pols->count = 0) +> + if (pols->count == 0) > + return 0; > + > + tfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0); @@ -406,7 +406,7 @@ understandable, must be documeted. > + crypto_shash_update(sdesc, code, 4); > + > + /* commands that need special handling */ -> + if (cmd = TPM2_CC_POLICY_COUNTER_TIMER) { +> + if (cmd == TPM2_CC_POLICY_COUNTER_TIMER) { > + SHASH_DESC_ON_STACK(sdesc1, tfm); > + > + sdesc1->tfm = tfm; diff --git a/a/content_digest b/N1/content_digest index 29d9874..7f71e7d 100644 --- a/a/content_digest +++ b/N1/content_digest @@ -2,7 +2,7 @@ "ref\020200912173938.9714-2-James.Bottomley@HansenPartnership.com\0" "From\0Jarkko Sakkinen <jarkko.sakkinen@linux.intel.com>\0" "Subject\0Re: [PATCH v11 1/3] security: keys: trusted: add PCR policy to TPM2 keys\0" - "Date\0Mon, 14 Sep 2020 19:37:21 +0000\0" + "Date\0Mon, 14 Sep 2020 22:37:21 +0300\0" "To\0James Bottomley <James.Bottomley@hansenpartnership.com>\0" "Cc\0linux-integrity@vger.kernel.org" Mimi Zohar <zohar@linux.ibm.com> @@ -45,7 +45,7 @@ "> So create a new 32 byte key with a policy policy locking the key to\n" "> this value of PCR 16 with a parent key of 81000001 would be:\n" "> \n" - "> keyctl add trusted kmk \"new 32 keyhandle=0x81000001 hash=sha1 pcrinfo\0030000016768033e216468247bd031a0a2d9876d79818f8f\" @u\n" + "> keyctl add trusted kmk \"new 32 keyhandle=0x81000001 hash=sha1 pcrinfo=030000016768033e216468247bd031a0a2d9876d79818f8f\" @u\n" "> \n" "> Signed-off-by: James Bottomley <James.Bottomley@HansenPartnership.com>\n" "> \n" @@ -97,7 +97,7 @@ "> +Create a trusted key on TPM 2.0 using an all zero value of PCR16 and\n" "> +using the NV storage root 81000001 as the parent::\n" "> +\n" - "> + $ keyctl add trusted kmk \"new 32 keyhandle=0x81000001 hash=sha1 pcrinfo\0030000016768033e216468247bd031a0a2d9876d79818f8f\" @u\n" + "> + $ keyctl add trusted kmk \"new 32 keyhandle=0x81000001 hash=sha1 pcrinfo=030000016768033e216468247bd031a0a2d9876d79818f8f\" @u\n" "> +\n" "> +Note the TPMS_PCR_SELECT value for PCR 16 is 03000001 because all\n" "> +current TPMs have 24 PCRs, so the initial 03 says there are three\n" @@ -105,7 +105,7 @@ "> +endian, 16 is bit zero of byte 2. the hash is the sha1 sum of all\n" "> +zeros (the value of PCR 16)::\n" "> +\n" - "> + $ dd if=/dev/zero bs=1 count 2>/dev/null|sha1sum\n" + "> + $ dd if=/dev/zero bs=1 count=20 2>/dev/null|sha1sum\n" "> + 6768033e216468247bd031a0a2d9876d79818f8f\n" "> +\n" "> Reseal a trusted key under new pcr values::\n" @@ -292,7 +292,7 @@ "> +{\n" "> +\tint i;\n" "> +\n" - "> +\tif (pols->count = 0)\n" + "> +\tif (pols->count == 0)\n" "> +\t\treturn 0;\n" "> +\n" "> +\tfor (i = 0; i < pols->count; i++) {\n" @@ -328,7 +328,7 @@ "> +\tint i, ret, len = 0;\n" "> +\tstruct tpm2_policies *pols;\n" "> +\n" - "> +\tif (ctx->policy_count = 0)\n" + "> +\tif (ctx->policy_count == 0)\n" "> +\t\treturn 0;\n" "> +\n" "> +\tfor (i = 0; i < ctx->policy_count; i++)\n" @@ -376,7 +376,7 @@ "> +\tstruct crypto_shash *tfm;\n" "> +\tint rc;\n" "> +\n" - "> +\tif (pols->count = 0)\n" + "> +\tif (pols->count == 0)\n" "> +\t\treturn 0;\n" "> +\n" "> +\ttfm = crypto_alloc_shash(hash_algo_name[hash], 0, 0);\n" @@ -419,7 +419,7 @@ "> +\t\tcrypto_shash_update(sdesc, code, 4);\n" "> +\n" "> +\t\t/* commands that need special handling */\n" - "> +\t\tif (cmd = TPM2_CC_POLICY_COUNTER_TIMER) {\n" + "> +\t\tif (cmd == TPM2_CC_POLICY_COUNTER_TIMER) {\n" "> +\t\t\tSHASH_DESC_ON_STACK(sdesc1, tfm);\n" "> +\n" "> +\t\t\tsdesc1->tfm = tfm;\n" @@ -849,4 +849,4 @@ "\n" /Jarkko -315986d02711a6093ed96a2a96f5a449a0771eea4679713e6e17110c4ad5da52 +1f5512f01d46fd9501d308c7cb02788fbe73d1a4c4ed1eafb7cdd468dc50e950
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.