From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752182AbbJMIyM (ORCPT ); Tue, 13 Oct 2015 04:54:12 -0400 Received: from mga14.intel.com ([192.55.52.115]:44364 "EHLO mga14.intel.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751451AbbJMIyH (ORCPT ); Tue, 13 Oct 2015 04:54:07 -0400 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.17,677,1437462000"; d="scan'208";a="663253114" Date: Tue, 13 Oct 2015 11:53:59 +0300 From: Jarkko Sakkinen To: tpmdd-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org Cc: peterhuewe@gmx.de, gregkh@linuxfoundation.org, jgunthorpe@obsidianresearch.com, "open list:KEYS-TRUSTED" , "open list:KEYS-TRUSTED" , kevin.strasser@intel.com Subject: Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0 Message-ID: <20151013085359.GB4526@intel.com> References: <1444723889-11650-1-git-send-email-jarkko.sakkinen@linux.intel.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1444723889-11650-1-git-send-email-jarkko.sakkinen@linux.intel.com> Organization: Intel Finland Oy - BIC 0357606-4 - Westendinkatu 7, 02160 Espoo User-Agent: Mutt/1.5.23 (2014-03-12) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 13, 2015 at 11:11:21AM +0300, Jarkko Sakkinen wrote: > Basic trusted keys support: auth value and SHA256. > > v2: > > * Removed all the changes that modify the existing functions to use > the new struct tpm_buf. These changes should be done separately from > this patch set as they require separate QA + review. > * 'keyhandle=' is now required for TPM2. Makes sense to always state > the sealing key because there's no any fixed keys on the chip (thanks > to Andreas Fuchs for this comment). > * I updated tpm_buf to a be heap based structure. Now there's one full > page of memory for variable sized messages. Also the stack is greatly > reduced. The basic test that I did was: ID=$(keyctl add trusted kmk "new 32 keyhandle=0x80000000" @u) keyctl pipe $ID > blob.hex keyctl clear @u keyctl add trusted kmk "load `cat blob.hex` keyhandle=0x80000000" @u keyctl clear @u I also checked that the code fails with -EINVAL when keyhandle is not given. For generating a sealing key I used tpm2-root-key script from https://github.com/jsakkine/linux-tpm2 I think the code is in the shape that it is ready to be pulled but some tested-by's are needed. > Jarkko Sakkinen (4): > tpm: introduce tpm_buf > keys, trusted: move struct trusted_key_options to trusted-type.h > tpm: seal/unseal for TPM 2.0 > keys, trusted: seal/unseal with TPM 2.0 chips > > drivers/char/tpm/tpm-interface.c | 76 ++++++++++++ > drivers/char/tpm/tpm.h | 110 +++++++++++++++++ > drivers/char/tpm/tpm2-cmd.c | 250 ++++++++++++++++++++++++++++++++++++++- > include/keys/trusted-type.h | 14 ++- > include/linux/tpm.h | 26 ++++ > security/keys/trusted.c | 36 +++++- > security/keys/trusted.h | 11 -- > 7 files changed, 507 insertions(+), 16 deletions(-) > > -- > 2.5.0 > > -- > To unsubscribe from this list: send the line "unsubscribe linux-security-module" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html