Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0
Hi On Fri, Oct 16, 2015 at 05:21:02PM +0100, David Howells wrote: > Hi Jarkko, > > For some reason I don't see patch 1. Weird. Well, maybe the best way to proceed is that I'll send the contents of for-peter-v44 branch for review. It's 9 patches in total, PPI, trusted keys and couple of bug fixes. > David /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0
Hi Jarkko, For some reason I don't see patch 1. David -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0
On Tue, Oct 13, 2015 at 11:11:21AM +0300, Jarkko Sakkinen wrote: > Basic trusted keys support: auth value and SHA256. > > v2: > > * Removed all the changes that modify the existing functions to use > the new struct tpm_buf. These changes should be done separately from > this patch set as they require separate QA + review. > * 'keyhandle=' is now required for TPM2. Makes sense to always state > the sealing key because there's no any fixed keys on the chip (thanks > to Andreas Fuchs for this comment). > * I updated tpm_buf to a be heap based structure. Now there's one full > page of memory for variable sized messages. Also the stack is greatly > reduced. The basic test that I did was: ID=$(keyctl add trusted kmk "new 32 keyhandle=0x8000" @u) keyctl pipe $ID > blob.hex keyctl clear @u keyctl add trusted kmk "load `cat blob.hex` keyhandle=0x8000" @u keyctl clear @u I also checked that the code fails with -EINVAL when keyhandle is not given. For generating a sealing key I used tpm2-root-key script from https://github.com/jsakkine/linux-tpm2 I think the code is in the shape that it is ready to be pulled but some tested-by's are needed. > Jarkko Sakkinen (4): > tpm: introduce tpm_buf > keys, trusted: move struct trusted_key_options to trusted-type.h > tpm: seal/unseal for TPM 2.0 > keys, trusted: seal/unseal with TPM 2.0 chips > > drivers/char/tpm/tpm-interface.c | 76 > drivers/char/tpm/tpm.h | 110 + > drivers/char/tpm/tpm2-cmd.c | 250 > ++- > include/keys/trusted-type.h | 14 ++- > include/linux/tpm.h | 26 > security/keys/trusted.c | 36 +- > security/keys/trusted.h | 11 -- > 7 files changed, 507 insertions(+), 16 deletions(-) > > -- > 2.5.0 > > -- > To unsubscribe from this list: send the line "unsubscribe > linux-security-module" in > the body of a message to majord...@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0
On Tue, Oct 13, 2015 at 11:11:21AM +0300, Jarkko Sakkinen wrote: > * I updated tpm_buf to a be heap based structure. Now there's one full > page of memory for variable sized messages. Also the stack is greatly > reduced. You may as well just use a skb then. Jason -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [PATCH v2 0/4] Basic trusted keys support for TPM 2.0
On Tue, Oct 13, 2015 at 11:41:20AM -0600, Jason Gunthorpe wrote: > On Tue, Oct 13, 2015 at 11:11:21AM +0300, Jarkko Sakkinen wrote: > > > * I updated tpm_buf to a be heap based structure. Now there's one full > > page of memory for variable sized messages. Also the stack is greatly > > reduced. > > You may as well just use a skb then. struct sk_buff?? I think the structure that I've implemented is a good fit. It's simple to use and does exactly what we need. Can you elaborate what's the problem with tpm_buf? > Jason /Jarkko -- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html