These are the remaining features to enable trusted keys for TPM 2.0 that were not finished by the v4.4 merge window. These patches enable authorization policy based sealing (like using PCRs together with a password for example or something more complicated) with a user selected hash algorithm.
Jarkko Sakkinen (3): keys, trusted: fix: *do not* allow duplicate key options keys, trusted: select hash algorithm for TPM2 chips keys, trusted: seal with a TPM2 authorization policy Documentation/security/keys-trusted-encrypted.txt | 31 +++++++----- crypto/hash_info.c | 2 + drivers/char/tpm/tpm.h | 10 ++-- drivers/char/tpm/tpm2-cmd.c | 60 ++++++++++++++++++++--- include/crypto/hash_info.h | 3 ++ include/keys/trusted-type.h | 5 ++ include/uapi/linux/hash_info.h | 1 + security/keys/Kconfig | 1 + security/keys/trusted.c | 56 ++++++++++++++++++++- 9 files changed, 147 insertions(+), 22 deletions(-) -- 2.5.0 -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
