From: Ken Goldman <kgold@linux.ibm.com>
To: "Gabríel Arthúr Pétursson" <gabriel@system.is>,
"Jarkko Sakkinen" <jarkko@kernel.org>,
"James Bottomley" <James.Bottomley@HansenPartnership.com>,
linux-integrity@vger.kernel.org
Cc: keyrings@vger.kernel.org, Ard Biesheuvel <ardb@kernel.org>
Subject: Re: [PATCH v7 12/21] tpm: Add NULL primary creation
Date: Tue, 2 Apr 2024 15:30:13 -0400 [thread overview]
Message-ID: <2fb01074-e7a2-403c-8d46-d2b2323c231e@linux.ibm.com> (raw)
In-Reply-To: <ea2a3a9a2bea2f1af5565ed32e9584caee2fbecf.camel@system.is>
On 3/31/2024 12:52 PM, Gabríel Arthúr Pétursson wrote:
> The TPM specifications have a standardized set of templates for the
> Endorsement Keys, and a recommendation on a template to
> create/provision the shared SRK.
The original TCG guidance document for an SRK used arrays of zeros for
the unique field.
This was either a holdover from TPM 1.2, where arrays were 20 bytes,
or a misinterpretation of text that said: NULL.
The reality is that it's a TPM2B, and the size(s) can be zero.
The answer for the EK is different. It has to use the TCG
standard. The EK is not a 'guidance document'.
next prev parent reply other threads:[~2024-04-02 19:30 UTC|newest]
Thread overview: 48+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-13 17:13 [PATCH v7 00/21] add integrity and security to TPM2 transactions James Bottomley
2024-02-13 17:13 ` [PATCH v7 01/21] tpm: Remove unused tpm_buf_tag() James Bottomley
2024-02-13 17:13 ` [PATCH v7 02/21] tpm: Remove tpm_send() James Bottomley
2024-02-13 17:13 ` [PATCH v7 03/21] tpm: Move buffer handling from static inlines to real functions James Bottomley
2024-02-13 17:13 ` [PATCH v7 04/21] tpm: Update struct tpm_buf documentation comments James Bottomley
2024-02-13 17:13 ` [PATCH v7 05/21] tpm: Store the length of the tpm_buf data separately James Bottomley
2024-02-13 17:13 ` [PATCH v7 06/21] tpm: TPM2B formatted buffers James Bottomley
2024-02-13 17:13 ` [PATCH v7 07/21] tpm: Add tpm_buf_read_{u8,u16,u32} James Bottomley
2024-02-13 17:13 ` [PATCH v7 08/21] KEYS: trusted: tpm2: Use struct tpm_buf for sized buffers James Bottomley
2024-02-13 17:13 ` [PATCH v7 09/21] crypto: lib - implement library version of AES in CFB mode James Bottomley
2024-02-13 17:13 ` [PATCH v7 10/21] tpm: add buffer function to point to returned parameters James Bottomley
2024-02-13 17:13 ` [PATCH v7 11/21] tpm: export the context save and load commands James Bottomley
2024-02-13 17:13 ` [PATCH v7 12/21] tpm: Add NULL primary creation James Bottomley
2024-02-23 15:51 ` Jarkko Sakkinen
2024-04-29 20:10 ` James Bottomley
2024-03-30 18:48 ` Gabríel Arthúr Pétursson
2024-03-31 16:00 ` Jarkko Sakkinen
2024-03-31 16:09 ` Jarkko Sakkinen
2024-03-31 16:52 ` Gabríel Arthúr Pétursson
2024-04-01 12:57 ` Jarkko Sakkinen
2024-04-01 13:04 ` Jarkko Sakkinen
2024-04-02 19:30 ` Ken Goldman [this message]
2024-04-03 15:43 ` Jarkko Sakkinen
2024-04-01 14:19 ` James Bottomley
2024-04-01 16:55 ` James Bottomley
2024-04-01 20:54 ` Jarkko Sakkinen
2024-04-01 20:59 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 13/21] tpm: Add HMAC session start and end functions James Bottomley
2024-02-23 17:02 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 14/21] tpm: Add HMAC session name/handle append James Bottomley
2024-02-23 17:06 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 15/21] tpm: Add the rest of the session HMAC API James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-04-29 20:11 ` James Bottomley
2024-02-13 17:13 ` [PATCH v7 16/21] tpm: add hmac checks to tpm2_pcr_extend() James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 17/21] tpm: add session encryption protection to tpm2_get_random() James Bottomley
2024-02-23 17:10 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 18/21] KEYS: trusted: Add session encryption protection to the seal/unseal path James Bottomley
2024-02-23 17:11 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 19/21] tpm: add the null key name as a sysfs export James Bottomley
2024-02-23 17:15 ` Jarkko Sakkinen
2024-02-13 17:13 ` [PATCH v7 20/21] Documentation: add tpm-security.rst James Bottomley
2024-02-13 17:13 ` [PATCH v7 21/21] tpm: disable the TPM if NULL name changes James Bottomley
2024-02-23 18:43 ` Jarkko Sakkinen
2024-02-14 0:13 ` [PATCH v7 00/21] add integrity and security to TPM2 transactions Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=2fb01074-e7a2-403c-8d46-d2b2323c231e@linux.ibm.com \
--to=kgold@linux.ibm.com \
--cc=James.Bottomley@HansenPartnership.com \
--cc=ardb@kernel.org \
--cc=gabriel@system.is \
--cc=jarkko@kernel.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).