> ________________________________________ > From: Jarkko Sakkinen [jarkko.sakki...@linux.intel.com] > Sent: Tuesday, November 17, 2015 17:27 > > Support for sealing with a authorization policy. > > Two new options for trusted keys: > > * 'policydigest=': provide an auth policy digest for sealing. > * 'policyhandle=': provide a policy session handle for unsealing.
Hi Jarkko, just out of curiosity; when testing this, how did you calculate the blobauth parameter ? Since its calculation requires the cpHash for the unseal()-command... If you "predict" the cpHash in userSpace, this would mean that userspace needs to know the kernels way of constructing the unseal()-command to the TPM, which in turn would make this part of the ABI and require documentation before upstreaming, imho. Cheers, Andreas-- To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
