From: Ben Boeckel <me@benboeckel.net>
To: Evan Green <evgreen@chromium.org>
Cc: linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
apronin@chromium.org, dlunev@google.com, jarkko@kernel.org,
Pavel Machek <pavel@ucw.cz>,
rjw@rjwysocki.net, corbet@lwn.net, linux-pm@vger.kernel.org,
zohar@linux.ibm.com, Kees Cook <keescook@chromium.org>,
Eric Biggers <ebiggers@kernel.org>,
jejb@linux.ibm.com, gwendal@chromium.org,
Matthew Garrett <mgarrett@aurora.tech>,
Matthew Garrett <matthewgarrett@google.com>,
Matthew Garrett <mjg59@google.com>,
David Howells <dhowells@redhat.com>,
James Morris <jmorris@namei.org>,
Paul Moore <paul@paul-moore.com>,
"Serge E. Hallyn" <serge@hallyn.com>,
keyrings@vger.kernel.org, linux-doc@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: Re: [PATCH v3 05/11] security: keys: trusted: Allow storage of PCR values in creation data
Date: Tue, 27 Sep 2022 12:58:43 -0400 [thread overview]
Message-ID: <YzMrw3TASWemgRTh@megas.dev.benboeckel.internal> (raw)
In-Reply-To: <20220927094559.v3.5.I32591db064b6cdc91850d777f363c9d05c985b39@changeid>
On Tue, Sep 27, 2022 at 09:49:16 -0700, Evan Green wrote:
> From: Matthew Garrett <matthewgarrett@google.com>
>
> When TPMs generate keys, they can also generate some information
> describing the state of the PCRs at creation time. This data can then
> later be certified by the TPM, allowing verification of the PCR values.
> This allows us to determine the state of the system at the time a key
> was generated. Add an additional argument to the trusted key creation
> options, allowing the user to provide the set of PCRs that should have
> their values incorporated into the creation data.
>
> Link: https://lore.kernel.org/lkml/20210220013255.1083202-6-matthewgarrett@google.com/
> Signed-off-by: Matthew Garrett <mjg59@google.com>
> Signed-off-by: Evan Green <evgreen@chromium.org>
> ---
Reviewed-by: Ben Boeckel <linux@me.benboeckel.net>
Thanks!
--Ben
next prev parent reply other threads:[~2022-09-27 16:58 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-09-27 16:49 [PATCH v3 00/11] Encrypted Hibernation Evan Green
2022-09-27 16:49 ` [PATCH v3 04/11] security: keys: trusted: Include TPM2 creation data Evan Green
2022-09-27 16:49 ` [PATCH v3 05/11] security: keys: trusted: Allow storage of PCR values in " Evan Green
2022-09-27 16:58 ` Ben Boeckel [this message]
2022-09-27 16:49 ` [PATCH v3 06/11] security: keys: trusted: Verify " Evan Green
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=YzMrw3TASWemgRTh@megas.dev.benboeckel.internal \
--to=me@benboeckel.net \
--cc=apronin@chromium.org \
--cc=corbet@lwn.net \
--cc=dhowells@redhat.com \
--cc=dlunev@google.com \
--cc=ebiggers@kernel.org \
--cc=evgreen@chromium.org \
--cc=gwendal@chromium.org \
--cc=jarkko@kernel.org \
--cc=jejb@linux.ibm.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-pm@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=matthewgarrett@google.com \
--cc=mgarrett@aurora.tech \
--cc=mjg59@google.com \
--cc=paul@paul-moore.com \
--cc=pavel@ucw.cz \
--cc=rjw@rjwysocki.net \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).