Re: [PATCH v15 0/5] TPM 2.0 trusted key rework

[Jarkko Sakkinen <jarkko@kernel.org>]

On Wed, Jan 27, 2021 at 11:06:12AM -0800, James Bottomley wrote:
> v15: fix 0day sign issue and add reviews and testeds
> 
> General cover letter minus policy bit:
> 
> This patch updates the trusted key code to export keys in the ASN.1
> format used by current TPM key tools (openssl_tpm2_engine and
> openconnect).  The current code will try to load keys containing
> policy, but being unable to formulate the policy commands necessary to
> load them, the unseal will always fail unless the policy is executed
> in user space and a pre-formed policy session passed in.
> 
> The key format is designed to be compatible with our two openssl
> engine implementations as well as with the format used by openconnect.
> I've added seal/unseal to my engine so I can use it for
> interoperability testing and I'll later use this for sealed symmetric
> keys via engine:
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/jejb/openssl_tpm2_engine.git/
> 
> James
> 
> ---
> 
> James Bottomley (5):
>   lib: add ASN.1 encoder
>   oid_registry: Add TCG defined OIDS for TPM keys
>   security: keys: trusted: fix TPM2 authorizations
>   security: keys: trusted: use ASN.1 TPM2 key format for the blobs
>   security: keys: trusted: Make sealed key properly interoperable

This is online again in the master branch. 

I've mangled the commits as follows:

1. Fixed my emails to jarkko@kernel.org.
2. Adjusted the Makefile, i.e. separate lines for each entry.
3. Fixed the checkpatch issues.

I guess we could potentially re-consider this to rc2 pull? With all the
mangling required, did not make sense to include this to the first pull.

/Jarkko