On Fri, Oct 16, 2015 at 09:40:19PM +0300, Jarkko Sakkinen wrote:
> This patch set enables distributions to start production of for TPM 2.0:
>
> * Two critical bug fixes
> * PPI support
> * Basic trusted keys with authentication value and SHA256 for keyed hash
>
> Next steps after this is to add
Hi
On Fri, Oct 16, 2015 at 05:21:02PM +0100, David Howells wrote:
> Hi Jarkko,
>
> For some reason I don't see patch 1.
Weird. Well, maybe the best way to proceed is that I'll send the
contents of for-peter-v44 branch for review. It's 9 patches in total,
PPI, trusted keys and couple of bug
This patch set enables distributions to start production of for TPM 2.0:
* Two critical bug fixes
* PPI support
* Basic trusted keys with authentication value and SHA256 for keyed hash
Next steps after this is to add policy based sealing for trusted keys and
algorithmic agility.
Jarkko Sakkinen
Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing
trusted keys.
This patch implements basic sealing and unsealing functionality for
TPM 2.0:
* Seal with a parent key using a 20 byte auth value.
* Unseal with a parent key using a 20 byte auth value.
Signed-off-by: Jarkko Sakkinen
Call tpm_seal_trusted() and tpm_unseal_trusted() for TPM 2.0 chips.
We require explicit 'keyhandle=' option because there's no a fixed
storage root key inside TPM2 chips.
Signed-off-by: Jarkko Sakkinen
Reviewed-by: Andreas Fuchs
INTRODUCTION
Adding a feature in the kernel is not something free, it must
have some interest. I will try here to explain the reasons
why I am posting here a new bag of code.
I studied the security of Tizen 3 [1] and modestly participated
to it. Tizen 3 uses Smack as its security
IMA policy can now be updated multiple times. The new rules get appended
to the original policy. Have in mind that the rules are scanned in FIFO
order so be careful when you add new ones.
The mutex locks are replaced with RCU, which should lead to faster policy
traversals. The new rules are
This option creates IMA MOK and blacklist keyrings. IMA MOK is an
intermediate keyring that sits between .system and .ima keyrings,
effectively forming a simple CA hierarchy. To successfully import a key
into .ima_mok it must be signed by a key which CA is in .system keyring.
On turn any key
On pią, 2015-10-16 at 11:04 +0800, Hillf Danton wrote:
> > +
> > static inline void smack_userns_free(struct user_namespace *ns)
> > {
> > struct smack_ns *snsp = ns->security;
> > @@ -4680,12 +4689,11 @@ static inline void smack_userns_free(struct
> > user_namespace *ns)
> >
> >
On 2015-10-15 10:04, Casey Schaufler wrote:
> On 10/15/2015 12:48 AM, Rafał Krypa wrote:
>> On 2015-10-14 17:54, Rafal Krypa wrote:
>>> From: Zbigniew Jasinski
>>>
>>> This feature introduces new kernel interface:
>>>
>>> - /relabel-self - for setting transition labels
Hi Jarkko,
For some reason I don't see patch 1.
David
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
11 matches
Mail list logo