From: Jarkko Sakkinen <jarkko@kernel.org>
To: linux-integrity@vger.kernel.org
Cc: Jarkko Sakkinen <jarkko@kernel.org>,
David Howells <dhowells@redhat.com>,
Paul Moore <paul@paul-moore.com>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
keyrings@vger.kernel.org (open list:KEYS/KEYRINGS),
linux-security-module@vger.kernel.org (open list:SECURITY
SUBSYSTEM), linux-kernel@vger.kernel.org (open list)
Subject: [PATCH v3 0/7] Streamline TPM2 HMAC sessions
Date: Wed, 10 Dec 2025 16:39:32 +0200 [thread overview]
Message-ID: <20251210143940.264191-1-jarkko@kernel.org> (raw)
Since we cannot at this point cache names of the keys given limitations
of the ASN.1 file format, I'll start a fresh patch set. Let's fixup what
we can right now.
This patch set addresses two major issues in the feature:
1. Dynamic resolution without gain. All kernel sites have at most single
handle to authorize. Even if this changes some day this is how it is
as of today and we definitely do not want to dictate the future but
instead downscale code to the metrics that we have as of today.
2. Eliminate at least one unnnecessary tpm2_read_public() call.
Jarkko Sakkinen (7):
KEYS: trusted: Remove dead branch from tpm2_unseal_cmd
tpm2-sessions: Define TPM2_NAME_MAX_SIZE
KEYS: trusted: Re-orchestrate tpm2_read_public() calls
tpm2-sessions: Remove AUTH_MAX_NAMES
tpm-buf: Remove tpm_buf_append_handle
tpm: Orchestrate TPM commands in tpm_get_random()
tpm: Send only one TPM command per hwrng request
drivers/char/tpm/tpm-buf.c | 25 ----
drivers/char/tpm/tpm-chip.c | 2 +-
drivers/char/tpm/tpm-interface.c | 174 ++++++++++++++++++++--
drivers/char/tpm/tpm-sysfs.c | 2 +-
drivers/char/tpm/tpm.h | 2 -
drivers/char/tpm/tpm1-cmd.c | 62 --------
drivers/char/tpm/tpm2-cmd.c | 102 +------------
drivers/char/tpm/tpm2-sessions.c | 130 +++++-----------
include/linux/tpm.h | 51 +++++--
security/keys/trusted-keys/trusted_tpm1.c | 8 +-
security/keys/trusted-keys/trusted_tpm2.c | 134 ++++++++++-------
11 files changed, 322 insertions(+), 370 deletions(-)
--
2.52.0
next reply other threads:[~2025-12-10 14:39 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-12-10 14:39 Jarkko Sakkinen [this message]
2025-12-10 14:39 ` [PATCH v3 1/7] KEYS: trusted: Remove dead branch from tpm2_unseal_cmd Jarkko Sakkinen
2025-12-10 14:39 ` [PATCH v3 2/7] tpm2-sessions: Define TPM2_NAME_MAX_SIZE Jarkko Sakkinen
2025-12-10 14:39 ` [PATCH v3 3/7] KEYS: trusted: Re-orchestrate tpm2_read_public() calls Jarkko Sakkinen
2025-12-10 14:39 ` [PATCH v3 4/7] tpm2-sessions: Remove AUTH_MAX_NAMES Jarkko Sakkinen
2025-12-10 14:39 ` [PATCH v3 5/7] tpm-buf: Remove tpm_buf_append_handle Jarkko Sakkinen
2025-12-10 14:39 ` [PATCH v3 6/7] tpm: Orchestrate TPM commands in tpm_get_random() Jarkko Sakkinen
2025-12-10 14:39 ` [PATCH v3 7/7] tpm: Send only one TPM command per hwrng request Jarkko Sakkinen
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251210143940.264191-1-jarkko@kernel.org \
--to=jarkko@kernel.org \
--cc=dhowells@redhat.com \
--cc=jmorris@namei.org \
--cc=keyrings@vger.kernel.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=paul@paul-moore.com \
--cc=serge@hallyn.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox