Re: [tpmdd-devel] [PATCH 00/10] TPM2 updates for 4.4

On Fri, Oct 16, 2015 at 09:40:19PM +0300, Jarkko Sakkinen wrote: > This patch set enables distributions to start production of for TPM 2.0: > > * Two critical bug fixes > * PPI support > * Basic trusted keys with authentication value and SHA256 for keyed hash > > Next steps after this is to add

Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0

Hi On Fri, Oct 16, 2015 at 05:21:02PM +0100, David Howells wrote: > Hi Jarkko, > > For some reason I don't see patch 1. Weird. Well, maybe the best way to proceed is that I'll send the contents of for-peter-v44 branch for review. It's 9 patches in total, PPI, trusted keys and couple of bug

[PATCH 00/10] TPM2 updates for 4.4

This patch set enables distributions to start production of for TPM 2.0: * Two critical bug fixes * PPI support * Basic trusted keys with authentication value and SHA256 for keyed hash Next steps after this is to add policy based sealing for trusted keys and algorithmic agility. Jarkko Sakkinen

[PATCH 08/10] tpm: seal/unseal for TPM 2.0

Added tpm_trusted_seal() and tpm_trusted_unseal() API for sealing trusted keys. This patch implements basic sealing and unsealing functionality for TPM 2.0: * Seal with a parent key using a 20 byte auth value. * Unseal with a parent key using a 20 byte auth value. Signed-off-by: Jarkko Sakkinen

[PATCH 09/10] keys, trusted: seal/unseal with TPM 2.0 chips

Call tpm_seal_trusted() and tpm_unseal_trusted() for TPM 2.0 chips. We require explicit 'keyhandle=' option because there's no a fixed storage root key inside TPM2 chips. Signed-off-by: Jarkko Sakkinen Reviewed-by: Andreas Fuchs

[PATCH v1 0/1] Smack: adding Smack-Tags subsystem

INTRODUCTION Adding a feature in the kernel is not something free, it must have some interest. I will try here to explain the reasons why I am posting here a new bag of code. I studied the security of Tizen 3 [1] and modestly participated to it. Tizen 3 uses Smack as its security

[PATCH v4 1/3] Enable multiple writes to the IMA policy;

IMA policy can now be updated multiple times. The new rules get appended to the original policy. Have in mind that the rules are scanned in FIFO order so be careful when you add new ones. The mutex locks are replaced with RCU, which should lead to faster policy traversals. The new rules are

[PATCH v4 2/3] Create IMA machine owner keys (MOK) and blacklist keyrings;

This option creates IMA MOK and blacklist keyrings. IMA MOK is an intermediate keyring that sits between .system and .ima keyrings, effectively forming a simple CA hierarchy. To successfully import a key into .ima_mok it must be signed by a key which CA is in .system keyring. On turn any key

Re: [PATCH v4 09/11] smack: namespace groundwork

On pią, 2015-10-16 at 11:04 +0800, Hillf Danton wrote: > > + > > static inline void smack_userns_free(struct user_namespace *ns) > > { > > struct smack_ns *snsp = ns->security; > > @@ -4680,12 +4689,11 @@ static inline void smack_userns_free(struct > > user_namespace *ns) > > > >

Re: [PATCH v4] Smack: limited capability for changing process label

On 2015-10-15 10:04, Casey Schaufler wrote: > On 10/15/2015 12:48 AM, Rafał Krypa wrote: >> On 2015-10-14 17:54, Rafal Krypa wrote: >>> From: Zbigniew Jasinski >>> >>> This feature introduces new kernel interface: >>> >>> - /relabel-self - for setting transition labels

Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0

Hi Jarkko, For some reason I don't see patch 1. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html