These are the remaining features to enable trusted keys for TPM 2.0 that were
not finished by the v4.4 merge window. These patches enable authorization
policy based sealing (like using PCRs together with a password for example or
something more complicated) with a user selected hash algorithm.
TPM2 supports authorization policies, which are essentially
combinational logic statements repsenting the conditions where the data
can be unsealed based on the TPM state. This patch enables to use
authorization policies to seal trusted keys.
Two following new options have been added for trusted
The trusted keys option parsing allows specifying the same option
multiple times. The last option value specified is used.
This can be seen as a regression because:
* No gain.
* Could be problematic if there is be options dependent on other
options.
Reported-by: James Morris James Morris
Added 'hash=' option for selecting the hash algorithm for add_key()
syscall and documentation for it.
Added entry for sm3-256 to the following tables in order to support
TPM_ALG_SM3_256:
* hash_algo_name
* hash_digest_size
Includes support for the following hash algorithms:
* sha1
* sha256
*
On Friday, December 11, 2015 05:14:38 PM Stephen Smalley wrote:
> Perhaps we could provide a new fixed-size tokenized version of the
> security context string for export to userspace that could be embedded
> in the binder transaction structure? This could avoid both the
> limitations of the
In an effort to make it a bit easier to maintain the kernel-secnext COPR I'm
making some slight changes to how I manage the SELinux and audit kernel
repositories. The downside is that there is now going to be a regular rebase
as part of the release cycle, but at least it will be well defined