On Wed, Nov 17, 2010 at 05:23:31PM -0800, Andrew Morton wrote:
On Thu, 4 Nov 2010 14:04:05 -0500
Herbert Xu herb...@gondor.hengli.com.au wrote:
On Thu, Oct 28, 2010 at 04:19:09PM +0100, tadeusz.st...@intel.com wrote:
Hi Herbert,
We have reworked the assembly to use macros instead of
Will do.
Tadeusz
-Original Message-
From: Herbert Xu [mailto:herb...@gondor.apana.org.au]
Sent: Thursday, November 18, 2010 9:27 AM
To: Andrew Morton
Cc: Struk, Tadeusz; linux-ker...@vger.kernel.org; linux-crypto@vger.kernel.org;
O Mahony, Aidan; Paoloni, Gabriele; Hoban, Adrian
Changes were made in this patchset based on David Howell's comments. The
major technical change was converting from the crypto hash to shash API.
The remaining changes are listed in the individual patch changelogs.
Trusted and Encrypted Keys are two new key types added to the existing
kernel key
Similar to the kgdb_hex2mem() code, hex2bin converts a string
to binary using the hex_to_bin() library call.
Changelog:
- Replace parameter names with src/dst (based on David Howell's comment)
- Add 'const' where needed (based on David Howell's comment)
- Replace int with size_t (based on David
For readability, define a tpm_chip_put() wrapper to call module_put().
Replace existing module_put() calls with the wrapper.
(Change based on trusted/encrypted patchset review by David Howells.)
Signed-off-by: Mimi Zohar zo...@us.ibm.com
Signed-off-by: David Safford saff...@watson.ibm.com
---
Define a new kernel key-type called 'trusted'. Trusted keys are random
number symmetric keys, generated and RSA-sealed by the TPM. The TPM
only unseals the keys, if the boot PCRs and other criteria match.
Userspace can only ever see encrypted blobs.
Based on suggestions by Jason Gunthorpe,
Define a new kernel key-type called 'encrypted'. Encrypted keys are kernel
generated random numbers, which are encrypted/decrypted with a 'trusted'
symmetric key. Encrypted keys are created/encrypted/decrypted in the kernel.
Userspace only ever sees/stores encrypted blobs.
Changelog:
- Moved
Add internal kernel tpm_send() command used to seal/unseal keys.
Changelog:
- replaced module_put in tpm_send() with new tpm_chip_put() wrapper
(suggested by David Howells)
- Make tpm_send() cmd argument a 'void *' (suggested by David Howells)
Signed-off-by: David Safford