From: Ben Boeckel <me@benboeckel.net>
To: Evan Green <evgreen@chromium.org>
Cc: linux-kernel@vger.kernel.org, gwendal@chromium.org,
Eric Biggers <ebiggers@kernel.org>,
Matthew Garrett <mgarrett@aurora.tech>,
jarkko@kernel.org, zohar@linux.ibm.com,
linux-integrity@vger.kernel.org, Pavel Machek <pavel@ucw.cz>,
apronin@chromium.org, dlunev@google.com, rjw@rjwysocki.net,
linux-pm@vger.kernel.org, corbet@lwn.net, jejb@linux.ibm.com,
Matthew Garrett <matthewgarrett@google.com>,
Matthew Garrett <mjg59@google.com>,
David Howells <dhowells@redhat.com>,
James Morris <jmorris@namei.org>,
Paul Moore <paul@paul-moore.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
keyrings@vger.kernel.org, linux-doc@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR values in creation data
Date: Wed, 24 Aug 2022 07:56:46 -0400 [thread overview]
Message-ID: <YwYR/rzvrkvgZzBm@farprobe> (raw)
In-Reply-To: <20220823152108.v2.4.I32591db064b6cdc91850d777f363c9d05c985b39@changeid>
On Tue, Aug 23, 2022 at 15:25:20 -0700, Evan Green wrote:
> diff --git a/Documentation/security/keys/trusted-encrypted.rst b/Documentation/security/keys/trusted-encrypted.rst
> index 0bfb4c33974890..dc9e11bb4824da 100644
> --- a/Documentation/security/keys/trusted-encrypted.rst
> +++ b/Documentation/security/keys/trusted-encrypted.rst
> @@ -199,6 +199,10 @@ Usage::
> policyhandle= handle to an authorization policy session that defines the
> same policy and with the same hash algorithm as was used to
> seal the key.
> + creationpcrs= hex integer representing the set of PCR values to be
> + included in the PCR creation data. The bit corresponding
> + to each PCR should be 1 to be included, 0 to be ignored.
> + TPM2 only.
There's inconsistent whitespace here. Given the context, I suspect the
tabs should be expanded to spaces.
As for the docs themselves, this might preferrably mention how large
this is supposed to be. It seems to be limited to 32bits by the code.
What happens if fewer are provided? More? Will there always be at most
32 PCR values? Also, how are the bits interpreted? I presume bit 0 is
for PCR value 0?
Thanks for including docs.
Thanks,
--Ben
next prev parent reply other threads:[~2022-08-24 11:56 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-23 22:25 [PATCH v2 00/10] Encrypted Hibernation Evan Green
2022-08-23 22:25 ` [PATCH v2 03/10] security: keys: trusted: Include TPM2 creation data Evan Green
2022-09-20 23:04 ` Kees Cook
2022-09-23 22:22 ` Evan Green
2022-08-23 22:25 ` [PATCH v2 04/10] security: keys: trusted: Allow storage of PCR values in " Evan Green
2022-08-24 11:56 ` Ben Boeckel [this message]
2022-08-24 17:34 ` Evan Green
2022-08-23 22:25 ` [PATCH v2 05/10] security: keys: trusted: Verify " Evan Green
2022-09-20 23:06 ` Kees Cook
2022-09-23 22:23 ` Evan Green
2022-08-31 18:34 ` [PATCH v2 00/10] Encrypted Hibernation Limonciello, Mario
2022-09-07 17:03 ` Evan Green
2022-09-20 8:46 ` Pavel Machek
2022-09-20 16:39 ` Evan Green
2022-09-21 18:09 ` Jason Gunthorpe
2022-09-20 22:52 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YwYR/rzvrkvgZzBm@farprobe \
--to=me@benboeckel.net \
--cc=apronin@chromium.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=dlunev@google.com \
--cc=ebiggers@kernel.org \
--cc=evgreen@chromium.org \
--cc=gwendal@chromium.org \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=list.lkml.keyrings@me.benboeckel.net \
--cc=matthewgarrett@google.com \
--cc=mgarrett@aurora.tech \
--cc=mjg59@google.com \
--cc=paul@paul-moore.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).