Hello,
When using crypto ahash API, is it necessary/mandatory to call
crypto_ahash_final() if crypto_ahash_update() returns error...
Basically it might happen after several calls while calculating hash if
HW error happens.
It is not possible to continue hash calculation. it is necessary to
reset
Hmm, can you show me your test program and how you determined
that it was leaking pages?
The test program below runs 1000 encryptions:
# grep nr_free /proc/vmstat
nr_free_pages 11031
# ./test
...
# grep nr_free /proc/vmstat
nr_free_pages 10026
# ./test
...
# grep nr_free /proc/vmstat
Similar to the kgdb_hex2mem() code, hex2bin converts a string
to binary using the hex_to_bin() library call.
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
include/linux/kernel.h |1 +
lib/hexdump.c | 16
2 files changed,
The major change, since the previous posting, are serveral new
trusted-key options (migratable, pcrlock, keyhandle, keyauth, blobauth),
described below, based on suggestions by Jason Gunthorpe. By default,
trusted keys work as previously described.
Trusted and Encrypted Keys are two new key
Defines a new kernel key-type called 'trusted'. Trusted keys are
random number symmetric keys, generated and RSA-sealed by the TPM.
The TPM only unseals the keys, if the boot PCRs and other criteria
match. Userspace can only ever see encrypted blobs.
Based on suggestions by Jason Gunthorpe,
Add internal kernel tpm_send() command used to seal/unseal keys.
Signed-off-by: David Safford saff...@watson.ibm.com
Reviewd-by: Mimi Zohar zo...@watson.ibm.com
Acked-by: Rajiv Andrade sra...@linux.vnet.ibm.com
Acked-by: Serge E. Hallyn se...@hallyn.com
---
drivers/char/tpm/tpm.c | 17
Defines a new kernel key-type called 'encrypted'. Encrypted keys are
kernel generated random numbers, which are encrypted/decrypted with
a 'trusted' symmetric key. Encrypted keys are created/encrypted/decrypted
in the kernel. Userspace only ever sees/stores encrypted blobs.
Changelog:
- allocate
On Mon, Nov 08, 2010 at 10:30:45AM -0500, Mimi Zohar wrote:
pcrlock=nextends the designated PCR 'n' with a random value,
so that a key sealed to that PCR may not be unsealed
again until after a reboot.
Nice, but this seems very strange to me, since it has nothing
On Mon, 2010-11-08 at 10:09 -0700, Jason Gunthorpe wrote:
On Mon, Nov 08, 2010 at 10:30:45AM -0500, Mimi Zohar wrote:
pcrlock=nextends the designated PCR 'n' with a random value,
so that a key sealed to that PCR may not be unsealed
again until after a reboot.
On Mon, Nov 08, 2010 at 01:18:33PM -0500, David Safford wrote:
This is strictly for convenience in initramfs, so that the trusted
key can be loaded and locked in a single command, with no need for
an additional application to extend a PCR. As the the TPM driver
already has support for
10 matches
Mail list logo