From: Jarkko Sakkinen <jarkko@kernel.org>
To: list.lkml.keyrings@me.benboeckel.net
Cc: linux-integrity@vger.kernel.org,
Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>,
Peter Huewe <peterhuewe@gmx.de>, Jason Gunthorpe <jgg@ziepe.ca>,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
James Bottomley <James.Bottomley@hansenpartnership.com>,
Mimi Zohar <zohar@linux.ibm.com>,
open list <linux-kernel@vger.kernel.org>,
"open list:KEYS/KEYRINGS" <keyrings@vger.kernel.org>,
"open list:SECURITY SUBSYSTEM"
<linux-security-module@vger.kernel.org>
Subject: Re: [PATCH 3/4] tpm2-sessions: Remove unnecessary wrapper
Date: Tue, 23 Sep 2025 17:45:48 +0300 [thread overview]
Message-ID: <aNKynIx7sW9oxWoj@kernel.org> (raw)
In-Reply-To: <aNGFv-nGZF5chGIb@rotor>
On Mon, Sep 22, 2025 at 01:22:13PM -0400, Ben Boeckel wrote:
> On Mon, Sep 22, 2025 at 19:43:16 +0300, Jarkko Sakkinen wrote:
> > From: Jarkko Sakkinen <jarkko.sakkinen@opinsys.com>
> >
> > Open code tpm_buf_append_hmac_session_opt() because it adds unnecessary
> > disperancy to the call sites (and reduces the amount of code).
> ^^^^^^^^^^
>
> "discrepancy" as in "difference"? But that doesn't feel like the right
> usage either. Perhaps "unnecessary abstraction"? Also, open coding it
> reduces the amount of code, so some clarification to not read as
> something else that "it" (`tpm_buf_append_hmac_session_opt`) does would
> be clearer.
Fair points. I'll re-edit the commit message and try to address the
issues you reported.
Intend of these changes is to essentially uncover the code paths so that
we know how to wrap it up better than it is wrapped up right now. Also,
they help to reveal possible regression paths. So while not functional
per se, they do serve a purpose.
Once these fixes have been applied I'll start to look up the call
patterns and try to find a model where essentially we can transform
a TPM command to HMAC wrapped TPM command i.e., from tpm_buf to tpm_buf
operation where both sides of the function are TPM commands.
That way we can better selectively use the feature and it is easier
to fixup up e.g., a persistent parent key because key generation is
a huge bottleneck.
>
> Thanks,
>
> --Ben
next prev parent reply other threads:[~2025-09-23 14:45 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-22 16:43 [PATCH 0/4] tpm2-session: correct disperancies Jarkko Sakkinen
2025-09-22 16:43 ` [PATCH 1/4] tpm: Use -EPERM as fallback error code in tpm_ret_to_err Jarkko Sakkinen
2025-09-24 8:32 ` Jonathan McDowell
2025-09-24 17:16 ` Jarkko Sakkinen
2025-09-22 16:43 ` [PATCH 2/4] tpm2-sessions: Remove unused parameter from tpm_buf_append_auth Jarkko Sakkinen
2025-09-24 8:47 ` Jonathan McDowell
2025-09-24 17:18 ` Jarkko Sakkinen
2025-09-22 16:43 ` [PATCH 3/4] tpm2-sessions: Remove unnecessary wrapper Jarkko Sakkinen
2025-09-22 17:22 ` Ben Boeckel
2025-09-23 14:45 ` Jarkko Sakkinen [this message]
2025-09-22 16:43 ` [PATCH 4/4] keys, trusted: Remove redundant helper Jarkko Sakkinen
2025-09-24 8:29 ` Jonathan McDowell
2025-09-24 17:12 ` Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aNKynIx7sW9oxWoj@kernel.org \
--to=jarkko@kernel.org \
--cc=James.Bottomley@hansenpartnership.com \
--cc=dhowells@redhat.com \
--cc=jarkko.sakkinen@opinsys.com \
--cc=jgg@ziepe.ca \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=list.lkml.keyrings@me.benboeckel.net \
--cc=paul@paul-moore.com \
--cc=peterhuewe@gmx.de \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).