James Bottomley wrote on 01/04/2017 02:45:21 PM:
> > James is proposing using the Decrypt op to do this job.
>
> I believe the TCG has decided this is the only way to sign arbitrary
> data.
My suspicion is that this was an omission, not a decision. In fact,
Part 1
Jason Gunthorpe wrote on 01/04/2017
01:54:34 PM:
> We don't need the algorithm in the TPM. We just need to be able to RSA
> sign an arbitary OID + externally computed hash like TPM 1.2 could.
>
> What is the recommended way to create a key with a sign-only
On Wed, 2017-01-04 at 11:54 -0700, Jason Gunthorpe wrote:
> On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote:
> >Jason Gunthorpe wrote on
> > 01/03/2017
> >07:42:17 PM:
> >> > ... but my current TPM doesn't understand
> >> > anything
James Bottomley wrote on 01/04/2017 01:19:36 PM:
> From: James Bottomley
> To: Stefan Berger/Watson/IBM@IBMUS, Jarkko Sakkinen
>
> Cc: linux-security-mod...@vger.kernel.org, tpmdd-
>
On Wed, 2017-01-04 at 11:31 -0700, Jason Gunthorpe wrote:
> On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote:
>
> > > > But this is not trousers, this is an in-kernel 0666 char dev
> > > > that will be active on basically every Linux system with a TPM.
> > > > I think we have a
On Wed, Jan 04, 2017 at 01:48:44PM -0500, Kenneth Goldman wrote:
>Jason Gunthorpe wrote on 01/03/2017
>07:42:17 PM:
>> > ... but my current TPM doesn't understand
>> > anything other than sha1 or sha256, so it wouldn't allow more state
>of
>
On Wed, Jan 04, 2017 at 01:04:59PM -0500, Stefan Berger wrote:
>> @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
>> */
>> int tpm2_auto_startup(struct tpm_chip *chip)
>> {
>> + u32 nr_commands;
>> int rc;
>> + int i;
>>
>> rc =
"Dr. Greg Wettstein" wrote on 01/04/2017 11:12:41
AM:
> The kernel needs a resource manager. Everyone needs to think VERY
> hard and VERY, VERY carefully about what gets put into the kernel. In
> making a decision, put the ABSOLUTE smallest amount of code into the
>
On Wed, Jan 04, 2017 at 06:53:03AM -0800, James Bottomley wrote:
> > > But this is not trousers, this is an in-kernel 0666 char dev that
> > > will be active on basically every Linux system with a TPM. I think
> > > we have a duty to be very conservative here.
>
> Just to note on this that
On Wed, 2017-01-04 at 13:04 -0500, Stefan Berger wrote:
> Jarkko Sakkinen wrote on 01/02/2017
> 08:22:08 AM:
>
> > --- a/drivers/char/tpm/tpm2-cmd.c
> > +++ b/drivers/char/tpm/tpm2-cmd.c
> > @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> > */
> > int
Trimmed the CC list a bit. Where does this discussion really belong?
Trousers is for TPM 1.2,
and it's not a TSS or TPM device driver issue.
If you're all TCG members, the TCG's TPM WG is the real place to go if you
want to get
something fixed.
James Bottomley
Jarkko Sakkinen wrote on 01/02/2017
08:22:08 AM:
> --- a/drivers/char/tpm/tpm2-cmd.c
> +++ b/drivers/char/tpm/tpm2-cmd.c
> @@ -943,7 +943,9 @@ EXPORT_SYMBOL_GPL(tpm2_probe);
> */
> int tpm2_auto_startup(struct tpm_chip *chip)
> {
> + u32 nr_commands;
>
(Resending as no reply received, this time with CCs to TPM maintainers and
author of the original commit).
Hi all,
Commit 1107d065fdf1 (tpm_tis: Introduce intermediate layer for TPM access)
broke TPM support on ThinkPad X61S (and likely also on other machines which
use TPMs with a static burst
On Wed, Jan 04, 2017 at 02:58:10PM +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 02:54:45PM -0700, Jason Gunthorpe wrote:
> > On Mon, Jan 02, 2017 at 09:26:58PM -0800, James Bottomley wrote:
> >
> > > OK, so I put a patch together that does this (see below). It all works
> > > nicely
On Wed, 2017-01-04 at 14:50 +0200, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 05:17:32PM -0700, Jason Gunthorpe wrote:
> > On Tue, Jan 03, 2017 at 02:39:58PM -0800, James Bottomley wrote:
[...]
> > > > Even if TPM 2 has a stronger password based model, I still
> > > > think the kernel should
On Tue, Jan 03, 2017 at 09:47:21PM -0800, Andy Lutomirski wrote:
> On 01/02/2017 09:26 PM, James Bottomley wrote:
> > On Mon, 2017-01-02 at 13:40 -0800, James Bottomley wrote:
> > > On Mon, 2017-01-02 at 21:33 +0200, Jarkko Sakkinen wrote:
> > > > On Mon, Jan 02, 2017 at 08:36:20AM -0800, James
On Tue, Jan 03, 2017 at 02:47:02PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 08:36:10AM -0800, James Bottomley wrote:
>
> > > I'm not sure about this. Why you couldn't have a very thin daemon
> > > that prepares the file descriptor and sends it through UDS socket to
> > > a
On Tue, Jan 03, 2017 at 12:16:34PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote:
> > > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote:
> > > > Added a ioctl for
On Tue, Jan 03, 2017 at 11:46:27AM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:37:30AM +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 02:09:53PM -0700, Jason Gunthorpe wrote:
> > > On Mon, Jan 02, 2017 at 03:22:10PM +0200, Jarkko Sakkinen wrote:
> > > > Added a ioctl for
On Tue, Jan 03, 2017 at 12:13:28PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 02:57:37AM +0200, Jarkko Sakkinen wrote:
> > On Mon, Jan 02, 2017 at 02:01:01PM -0700, Jason Gunthorpe wrote:
> > > On Mon, Jan 02, 2017 at 03:22:07PM +0200, Jarkko Sakkinen wrote:
> > > > Since there is
On Tue, Jan 03, 2017 at 04:40:53PM -0700, Jason Gunthorpe wrote:
> On Tue, Jan 03, 2017 at 03:22:56PM -0800, James Bottomley wrote:
> > > I think it is very important to natively support the sign-only key
> > > usage restriction. TPM1.2 goes so far as to declare keys that can be
> > > used for
On 01/03/2017 07:03 PM, Jarkko Sakkinen wrote:
> On Tue, Jan 03, 2017 at 01:09:18PM +0530, Nayna wrote:
>>
>>
>> On 01/03/2017 03:42 AM, Jarkko Sakkinen wrote:
>>> On Sun, Dec 11, 2016 at 12:35:33AM -0500, Nayna Jain wrote:
Unlike the device driver support for TPM 1.2, the TPM 2.0 does
22 matches
Mail list logo